Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection preventing browser/online access


  • This topic is locked This topic is locked
22 replies to this topic

#1 dragon77

dragon77

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 17 October 2017 - 10:52 AM

this is my second attempt to post this topic. something changed with my laptop a day or so ago, while checking email and internet. computer seemed unresponsive or sluggish. and then, i could not access internet. and then, i could not access my browser. i tried chrome, then firefox. task manager shows that processes for these are active, but there is no listing for them. i tried system restore, was unsuccessful, then tried it again in safe mode, and it seemed to work. momentarily i accessed internet, downloaded a trial of malware bytes, ran a scan, and it showed examples of a proxy hijacker. i don't know if this is cause of my issues, as i run lan, wifi from cable internet access. when i rebooted, i got the blue screen. i ran another scan upon second reboot, same infection. i ran safe mode, no infection indicated, but i'm not sure how to proceed. ran safe mode w networking, downloaded frst, ran it in safe mode, included file of print screen blue screen details, will attempt to include frst scan texts and initial malware bytes text, await your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2017
Ran by Administrator (administrator) on UNITYGROUP (17-10-2017 10:35:01)
Running from C:\Documents and Settings\Administrator.UNITYGROUP\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: rob weinberger & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-02-16] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2976928342-3068687463-4056149513-500\...\Run: [ModemOnHold] => C:\Program Files\NetWaiting\netWaiting.exe
HKU\S-1-5-21-2976928342-3068687463-4056149513-500\...\Run: [DellSupport] => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{B3F97D77-DFA2-4B1B-A2CB-B7936210E993}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://my.juno.com/s/search?r=minisearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2976928342-3068687463-4056149513-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-2976928342-3068687463-4056149513-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll => No File
BHO: Pop-up Blocker -> {52706EF7-D7A2-49AD-A615-E903858CF284} -> C:\Program Files\JunoInternet\qsacc\X1IEBHO.dll [2009-06-30] (Juno, Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll => No File
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-02] (Sun Microsystems, Inc.)
BHO: Juno Toolbar Helper -> {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\JunoInternet\ucreg.dll [2010-01-28] (Juno, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll No File
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll [2006-08-10] (Juno Online Services, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll [2013-08-05] (AVG Secure Search)
 
FireFox:
========
FF Extension: (Mozilla Firefox distributed by RealNetworks) - C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2016-12-06] [not signed]
FF Extension: (Google Toolbar for Firefox) - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2016-12-06] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-11-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-26] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.34
FF Extension: (AVG Security Toolbar) - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.34 [2012-09-27] [not signed]
FF HKLM\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files\Tomabo\MP4 Downloader\MP4D_FF.xpi
FF Extension: (MP4 Downloader Extension) - C:\Program Files\Tomabo\MP4 Downloader\MP4D_FF.xpi [2015-01-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-17] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll [2013-08-05] (AVG Technologies)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-10-17]
CHR Extension: (Slides) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-17]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-17]
CHR Extension: (Sheets) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-17]
CHR Extension: (MP4 Downloader Extension) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glhecpdglaanfgdgcefipbokcmenleaf [2017-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-17]
CHR HKLM\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files\Tomabo\MP4 Downloader\MP4D_GC.crx [2015-10-17]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx [2013-08-05]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-17] (Adobe Systems Incorporated) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-04-11] (AVG Technologies CZ, s.r.o.)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S2 EASEUS Agent; C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S2 hasplms; C:\WINDOWS\system32\hasplms.exe [4665168 2015-08-16] (SafeNet Inc.)
S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-11-02] (Sun Microsystems, Inc.)
S2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [380928 2005-12-06] (Dell Inc.) [File not signed]
S2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2010-09-29] (SupportSoft, Inc.)
S2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2010-09-29] (SupportSoft, Inc.)
S2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-05] (AVG Secure Search)
S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [449896 2015-08-16] (SafeNet Inc.)
R3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [244040 2013-01-14] (SafeNet Inc.)
R3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [53192 2013-01-14] (SafeNet Inc.)
R3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [296200 2013-08-01] (SafeNet Inc.)
S1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
S2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-05-12] (Windows ® 2000 DDK provider) [File not signed]
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-05] (AVG Technologies)
S0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-13] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
S2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [30600 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [35720 2011-04-22] () [File not signed]
R3 EUDISK; C:\WINDOWS\system32\drivers\eudisk.sys [187528 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14216 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\WINDOWS\System32\drivers\eufs.sys [20744 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
S3 GcKernel; C:\WINDOWS\System32\DRIVERS\GcKernel.sys [59136 2008-04-13] (Microsoft Corporation)
S2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [618352 2015-08-16] (SafeNet Inc.)
S3 HIDSwvd; C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys [2688 2001-08-17] (Microsoft Corporation)
S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2017-10-16] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40384 2017-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-10-17] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-09-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-09-23] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67656 2010-09-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [38472 2010-10-20] (SafeNet, Inc.)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
S2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
S2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
S2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
S2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
S2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
S2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
S2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
S2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S0 baplqa; System32\drivers\ridw.sys [X]
S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-17 10:34 - 2017-10-17 10:35 - 000000000 ____D C:\FRST
2017-10-17 10:28 - 2017-10-17 10:28 - 000001813 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Desktop\Google Chrome.lnk
2017-10-17 10:27 - 2017-10-17 10:27 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google
2017-10-17 09:08 - 2017-10-17 10:35 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Temp
2017-10-17 09:08 - 2017-10-17 09:08 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP
2017-10-17 09:08 - 2013-11-26 11:47 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Avg2014
2017-10-17 09:08 - 2012-10-16 19:32 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Avg2013
2017-10-17 09:08 - 2012-10-16 19:32 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\TuneUp Software
2017-10-17 09:08 - 2010-09-06 10:23 - 000000000 __SHD C:\Documents and Settings\Administrator.UNITYGROUP\IETldCache
2017-10-17 09:08 - 2006-05-12 17:17 - 000000128 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\fusioncache.dat
2017-10-17 09:08 - 2006-05-12 17:17 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\ATI
2017-10-17 09:08 - 2006-05-12 17:17 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\ATI
2017-10-17 09:08 - 2006-05-12 17:16 - 000000178 ___SH C:\Documents and Settings\Administrator.UNITYGROUP\ntuser.ini
2017-10-17 09:08 - 2006-05-12 17:11 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Musicmatch
2017-10-17 09:08 - 2006-05-12 17:04 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\BVRP Software
2017-10-17 09:08 - 2006-05-12 16:56 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2017-10-17 09:08 - 2006-05-12 16:56 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\Sun
2017-10-17 09:08 - 2006-05-12 16:48 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Dell Accessories
2017-10-17 09:08 - 2006-05-12 16:48 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Dell
2017-10-17 09:08 - 2004-08-10 14:10 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\ApplicationHistory
2017-10-17 09:08 - 2004-08-10 14:08 - 000000671 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Internet Explorer.lnk
2017-10-17 09:08 - 2004-08-10 14:08 - 000000642 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Outlook Express.lnk
2017-10-17 09:08 - 2004-08-10 14:04 - 000001503 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Remote Assistance.lnk
2017-10-17 00:34 - 2017-10-17 00:33 - 000090112 _____ C:\WINDOWS\Minidump\Mini101717-01.dmp
2017-10-16 23:28 - 2017-10-17 09:07 - 000040384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-16 23:28 - 2017-10-16 23:28 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-10-16 23:28 - 2017-10-16 23:28 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2017-10-16 23:28 - 2017-10-16 23:28 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-10-16 23:27 - 2017-10-17 09:07 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-16 23:27 - 2017-10-16 23:27 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-10-16 23:27 - 2017-10-16 23:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-10-16 23:26 - 2017-10-16 23:26 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-16 23:26 - 2017-10-16 23:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
2017-10-16 23:26 - 2017-10-04 13:15 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-17 09:08 - 2010-01-06 18:50 - 003803780 _____ C:\WINDOWS\ntbtlog.txt
2017-10-17 09:08 - 2004-08-10 13:57 - 000000000 ____D C:\Documents and Settings
2017-10-17 09:08 - 2004-08-10 13:51 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-17 09:05 - 2006-05-16 18:35 - 000000178 ___SH C:\Documents and Settings\rob weinberger\ntuser.ini
2017-10-17 02:24 - 2011-10-03 14:20 - 000000000 ____D C:\Documents and Settings\rob weinberger\Local Settings\temp
2017-10-17 02:23 - 2004-08-10 14:08 - 000032576 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-17 02:23 - 2004-08-10 14:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-17 02:22 - 2006-05-16 18:35 - 000000000 ____D C:\Documents and Settings\rob weinberger
2017-10-17 02:03 - 2015-10-13 23:24 - 000001014 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2976928342-3068687463-4056149513-1006UA.job
2017-10-17 02:02 - 2015-10-14 00:08 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-17 01:37 - 2012-08-20 11:13 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-17 01:36 - 2012-08-20 11:12 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-17 01:36 - 2011-10-31 19:30 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-17 01:34 - 2004-08-10 14:02 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-17 01:04 - 2010-12-22 17:39 - 000000000 ____D C:\Program Files\Panda Security
2017-10-17 01:04 - 2004-08-10 14:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-10-17 01:03 - 2011-01-21 16:14 - 000000000 ____D C:\Program Files\Hijackthis
2017-10-17 00:37 - 2011-01-25 11:59 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-10-17 00:35 - 2016-09-20 19:52 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-10-17 00:35 - 2011-09-04 17:33 - 000000000 ____D C:\WINDOWS\system32\logishrd
2017-10-17 00:34 - 2015-10-14 00:08 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-17 00:34 - 2006-10-06 12:50 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-16 23:28 - 2015-12-16 11:05 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2017-10-16 23:27 - 2011-03-16 18:36 - 000000000 ____D C:\Program Files\AVG
2017-10-16 23:26 - 2016-08-16 14:59 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-10-16 23:26 - 2011-10-03 17:14 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-10-16 23:01 - 2004-08-10 14:08 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-10-16 23:01 - 2004-08-10 14:08 - 000000000 __SHD C:\Documents and Settings\LocalService
2017-10-16 23:00 - 2004-08-10 14:02 - 000000000 ____D C:\WINDOWS\Registration
2017-10-16 22:52 - 2016-12-06 19:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-16 22:42 - 2012-09-20 13:05 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-16 16:03 - 2015-10-13 23:24 - 000000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2976928342-3068687463-4056149513-1006Core.job
2017-10-16 13:10 - 2016-09-20 00:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2017-10-16 12:47 - 2014-01-27 13:24 - 000000000 ____D C:\Documents and Settings\rob weinberger\Desktop\tunes
2017-10-16 12:32 - 2012-01-04 21:56 - 000000000 ____D C:\Documents and Settings\rob weinberger\Application Data\vlc
2017-10-16 12:31 - 2006-05-19 14:32 - 000000000 ____D C:\Documents and Settings\rob weinberger\My Documents\homeopathy
2017-10-16 12:25 - 2008-12-30 20:50 - 000000000 ____D C:\ISISVision
2017-09-28 12:38 - 2014-01-23 12:47 - 000000000 ____D C:\Documents and Settings\rob weinberger\Application Data\PrimoPDF
 
==================== Files in the root of some directories =======
 
2014-05-10 20:57 - 2014-05-10 20:57 - 000000000 _____ () C:\Program Files\GUM6F.tmp
2011-05-09 23:55 - 2011-05-09 23:55 - 000068922 _____ () C:\Program Files\uninstal.log
2011-05-09 23:55 - 2011-05-10 00:33 - 000283909 _____ () C:\Program Files\Unistall.log
2017-10-17 09:08 - 2006-05-12 17:17 - 000000128 _____ () C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\fusioncache.dat
2006-05-12 17:01 - 2006-05-12 17:01 - 000000004 ____H () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
2010-12-15 15:19 - 2010-12-21 20:48 - 000000112 _____ () C:\Documents and Settings\All Users\Application Data\Ur0EX24.dat
 
Some files in TEMP:
====================
2017-10-17 01:04 - 2010-08-18 13:36 - 000054592 _____ (Panda Security, S.L.) C:\Documents and Settings\rob weinberger\Local Settings\Temp\aqbarqcr.exe
2016-01-05 11:34 - 2015-11-12 17:54 - 000091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\Temp\avguirn_081287814684.exe
2016-06-27 21:23 - 2016-05-18 13:03 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\Temp\avguirn_081512668843.exe
2016-01-28 16:50 - 2015-12-08 08:23 - 000091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\Temp\avguirn_081912506968.exe
2016-08-22 15:04 - 2016-07-20 08:01 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\Temp\avguirn_0832680859.exe
2016-04-08 01:11 - 2016-02-18 13:09 - 000179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\Temp\avguirn_08441435058.exe
2016-07-27 17:32 - 2016-06-21 18:49 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\Temp\avguirn_08778464224.exe
2016-04-20 20:37 - 2016-03-23 16:57 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\Temp\avguirn_08963264730.exe
2007-07-29 05:37 - 2006-04-26 07:04 - 000012288 _____ (Synopsis Software) C:\Documents and Settings\rob weinberger\Local Settings\Temp\clientslave.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2017
Ran by Administrator (17-10-2017 10:36:57)
Running from C:\Documents and Settings\Administrator.UNITYGROUP\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2006-05-16 22:34:48)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2976928342-3068687463-4056149513-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.UNITYGROUP
Guest (S-1-5-21-2976928342-3068687463-4056149513-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2976928342-3068687463-4056149513-1005 - Limited - Disabled)
rob weinberger (S-1-5-21-2976928342-3068687463-4056149513-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\rob weinberger
SUPPORT_388945a0 (S-1-5-21-2976928342-3068687463-4056149513-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Disabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABC Amber Audio Converter (HKLM\...\ABC Amber Audio Converter) (Version:  - )
ACDSee (HKLM\...\ACDSee) (Version:  - )
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akiva v1.2 (HKLM\...\Akiva v1.2) (Version:  - )
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft PhotoImpression 5 (HKLM\...\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}) (Version:  - ArcSoft)
ATI Catalyst Control Center (HKLM\...\{0D251F37-10CB-46DF-BFA0-4702218DB0B6}) (Version: 1.2.2238.25568 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.205.3-060216a-031123C-Dell - )
Avery Media Software 32 bit (HKLM\...\MVApplication1) (Version:  - )
AVG (HKLM\...\{1D382E7D-7E8B-4C85-9233-287017A66599}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG (HKLM\...\{23BE727B-BB6B-449D-BC7B-3860BE5F9EA1}) (Version: 16.151.8013 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{43A28682-68D0-43A2-906A-126B40B1FFA7}) (Version: 16.0.4782 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8013 - AVG Technologies)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 15.4.0.5 - AVG Technologies)
Broadcom Management Programs (HKLM\...\{26E1BFB0-E87E-4696-9F89-B467F01F81E5}) (Version: 8.65.05 - Broadcom Corporation)
CameraHelperMsi (HKLM\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.00.1774.0 - Logitech) Hidden
Cara Additional Components (HKLM\...\Cara Additional Components) (Version:  - )
Cara Professional (HKLM\...\Cara Professional) (Version:  - )
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complete Repertory Millenium Edition (HKLM\...\Complete Repertory Millenium Edition) (Version:  - )
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version:  - )
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Digital Content Portal (HKLM\...\{B702CCCE-3176-4DBF-B932-D1B8F402F330}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.15 - BVRP Software, Inc)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab Decrypter 2.9.7.9 Beta (HKLM\...\DVDFab Decrypter_is1) (Version:  - Fengtao Software Inc.)
EarthLink setup files (HKLM\...\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}) (Version: 2005.1.47.0 - EarthLink)
EASEUS Todo Backup Free 2.5.1 (HKLM\...\EASEUS Todo Backup Free 2.5.1_is1) (Version: 2.5.1.1 - CHENGDU YIWO Tech Development Co., Ltd)
EasyCleaner (HKLM\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ToniArts)
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
exPressit S.E. 2.2 (HKLM\...\exPressit S.E. 2.2) (Version:  - )
Finale 2000a (HKLM\...\Finale 2000a) (Version:  - )
FMW 1 (HKLM\...\{0243E64A-DF27-421A-9E33-D8AE9C69585A}) (Version: 1.225.1 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HASP SRM Run-time (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 2.50.1.3928 - Aladdin Knowledge Systems Ltd.)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Photo Imaging Software (HKLM\...\HP Photo Imaging Software) (Version:  - )
HP Photo Printing Software (HKLM\...\HP Photo Printing Software) (Version:  - )
HP Share-to-Web (HKLM\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
Internal Network Card Power Management (HKLM\...\{1F528948-0E80-4C96-B455-DE4167CB1DF7}) (Version: 1.7.2 - )
ISIS Vision Release 20 (HKLM\...\ISIS Vision Release 20) (Version: 1.0021 - )
ISIS Vision Release 23 Upgrade (HKLM\...\ISIS Vision Release 23 Upgrade) (Version: 1.0023 - )
ISIS Vision Release 24 Upgrade (HKLM\...\ISIS Vision Release 24 Upgrade) (Version: 1.0024 - )
ISIS Vision Release 25 Upgrade (HKLM\...\ISIS Vision Release 25 Upgrade) (Version: 1.0025 - )
ISIS Vision Release 26 Upgrade (HKLM\...\ISIS Vision Release 26 Upgrade) (Version: 1.0027 - )
ISIS Vision Release 28 Upgrade (HKLM\...\ISIS Vision Release 28 Upgrade) (Version: 1.0028 - )
ISIS Vision Release 29 Upgrade (HKLM\...\ISIS Vision Release 29 Upgrade) (Version: 1.0030 - )
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.4 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java™ 6 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Juno Internet (HKLM\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: Juno QuickStart - United Online)
KHA  Professional Packages (HKLM\...\KHA  Professional Packages) (Version:  - )
KHA Software Packages (HKLM\...\KHA Software Packages) (Version:  - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
MediaFACE 4.01 (HKLM\...\{41979C2F-34B8-4F92-8111-B13C5864682D}) (Version: 4.01 - Fellowes) Hidden
MediaFACE 4.01 (HKLM\...\InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}) (Version: 4.01 - Fellowes)
MediaFACE 4.01 Image Library (HKLM\...\{82AF77BC-423D-42DA-BE5B-FFCA04752181}) (Version: 4.01 - Fellowes) Hidden
MediaFACE 4.01 Image Library (HKLM\...\InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}) (Version: 4.01 - Fellowes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Combat Flight Simulator (HKLM\...\Combat Flight Simulator 1.00) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 3.01 - BVRP Software)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MP4 Downloader 3 (HKLM\...\MP4 Downloader_is1) (Version:  - Tomabo)
MSN (HKLM\...\MSNINST) (Version:  - )
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
NetZeroInstallers (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
PowerDVD 5.7 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.0.9 - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RAR File Extractor (HKLM\...\{DB84E512-A65A-4CA2-8703-3C34DB09B10C}_is1) (Version:  - rarfileextractor.com)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Sentinel Protection Installer 7.6.3 (HKLM\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Sentinel Runtime (HKLM\...\{84D2090E-5F36-491F-8D57-D8D01E2D7EB5}) (Version: 7.40.1.55725 - SafeNet Inc.)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sibelius Scorch (ActiveX Only) (HKLM\...\{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}) (Version: 1.0.0 - Sibelius Software)
SideWinder Precision 2 (HKLM\...\SideWinder Precision 2) (Version:  - )
Skype™ 5.3 (HKLM\...\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}) (Version: 5.3.120 - Skype Technologies S.A.)
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
Transcribe! 7.50 (HKLM\...\Transcribe!_is1) (Version: 7.50 - Seventh String Software)
Verizon Download Manager (HKLM\...\{8C0B406B-DF08-49EF-8702-FA45752C135F}) (Version: 9 - SupportSoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24013}) (Version: 18.0.10644 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2017-04-11] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [MediaFaceExtension] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers1: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files\Tomabo\MP4 Downloader\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files\Tomabo\MP4 Downloader\MP4P_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2013-12-05] (WinZip Computing, S.L.)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers2: [ShellExt] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [MediaFaceExtension] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2013-12-05] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2017-04-11] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files\Tomabo\MP4 Downloader\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers6: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files\Tomabo\MP4 Downloader\MP4P_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2013-12-05] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologies00
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2976928342-3068687463-4056149513-1006Core.job => C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2976928342-3068687463-4056149513-1006UA.job => C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\EasyCleaner\The Web\EasyCleaner home.lnk -> hxxp://personal.inet.fi/business/toniarts/ecleane.ht
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\EasyCleaner\The Web\ToniArts.lnk -> hxxp://personal.inet.fi/business/toniart
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-16 23:26 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2004-08-10 13:50 - 2008-04-13 20:11 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 13:51 - 2008-04-13 20:11 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2017-10-17 10:34 - 2016-09-06 12:00 - 005197312 _____ () C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-10-17 10:34 - 2016-09-06 12:00 - 000147456 _____ () C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80867858.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80867858.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7590 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-10-03 14:22 - 2011-10-03 14:25 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2976928342-3068687463-4056149513-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\dell.bmp
DNS Servers: 209.18.47.62 - 209.18.47.61
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk => C:\WINDOWS\pss\Office Startup.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\WINDOWS\system32\WLTRAY.exe
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: FortKnoxPersonalFirewall => "C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe"
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: MSKDetectorExe => C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: ROC_ROC_NT => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
MSCONFIG\startupreg: ShowLOMControl =>
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe] => Disabled:hpgs2wnf Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe] => Disabled:Sentinel Protection Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe] => Disabled:Sentinel Keys Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Juno\bin\juno.exe] => Enabled:Juno
StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Disabled:RealPlayer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Tomabo\MP4 Downloader\MP4Downloader.exe] => Enabled:MP4 Downloader
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\hasplms.exe] => Enabled:Sentinel License Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1947:TCP] => Enabled:HASP SRM 
StandardProfile\GloballyOpenPorts: [1947:UDP] => Enabled:HASP SRM 
 
==================== Restore Points =========================
 
01-08-2017 17:35:59 System Checkpoint
03-08-2017 12:11:34 System Checkpoint
13-09-2017 13:33:18 System Checkpoint
16-10-2017 22:44:34 Restore Operation
16-10-2017 22:50:29 Restore Operation
16-10-2017 22:51:47 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/16/2017 12:01:55 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (10/13/2017 01:39:36 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (10/10/2017 08:05:11 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/28/2017 12:34:02 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/25/2017 11:05:05 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/17/2017 11:03:40 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/12/2017 11:23:28 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/11/2017 08:55:48 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/01/2017 09:30:29 AM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (08/30/2017 09:02:46 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
 
System errors:
=============
Error: (10/17/2017 10:34:05 AM) (Source: DCOM) (EventID: 10005) (User: UNITYGROUP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (10/17/2017 10:34:05 AM) (Source: DCOM) (EventID: 10005) (User: UNITYGROUP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (10/17/2017 10:34:05 AM) (Source: DCOM) (EventID: 10005) (User: UNITYGROUP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (10/17/2017 10:34:05 AM) (Source: DCOM) (EventID: 10005) (User: UNITYGROUP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (10/17/2017 10:34:05 AM) (Source: DCOM) (EventID: 10005) (User: UNITYGROUP)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (10/17/2017 09:08:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/17/2017 09:08:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
APPDRV
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avglogx
Avgunivx
EUDSKACS
Fips
intelppm
SASDIFSV
SASKUTIL
 
Error: (10/17/2017 09:08:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error: 
A device attached to the system is not functioning.
 
Error: (10/17/2017 09:07:34 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B3F97D77-DFA2-4B1B-A2CB-B7936210E993} because another computer on the network has the same name.  The server could not start.
 
Error: (10/17/2017 09:07:34 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 37%
Total physical RAM: 2046.37 MB
Available physical RAM: 1276.38 MB
Total Virtual: 3432.1 MB
Available Virtual: 2871.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:51.43 GB) (Free:3.97 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
==================== End of Addition.txt ============================
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/16/17
Scan Time: 11:30 PM
Log File: 7a318aba-b2eb-11e7-bafc-0016ce61b28e.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3027
License: Trial
 
-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: UNITYGROUP\rob weinberger
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288059
Threats Detected: 11
Threats Quarantined: 4
Time Elapsed: 50 min, 38 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUM.Optional.ProxyHijacker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [8631], [-1],0.0.0
 
Registry Value: 10
PUM.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Removal Failed, [8631], [250606],1.0.3027
PUM.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [8631], [-1],0.0.0
PUM.Optional.ProxyHijacker, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [8631], [-1],0.0.0
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [8631], [-1],0.0.0
PUM.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Removal Failed, [8631], [-1],0.0.0
PUM.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Removal Failed, [8631], [-1],0.0.0
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [8631], [-1],0.0.0
PUM.Optional.ProxyHijacker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [8631], [-1],0.0.0
PUM.Optional.ProxyHijacker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Removal Failed, [8631], [-1],0.0.0
PUM.Optional.ProxyHijacker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Removal Failed, [8631], [-1],0.0.0
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by Chris Cosgrove, 17 October 2017 - 06:30 PM.
Multiple duplicates deleted.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 22 October 2017 - 10:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/660481 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 October 2017 - 02:30 PM

yes, i am still infected. i cannot access the internet on that computer, at least in normal mode.  i was awaiting help from bleeping computer, and did not use the laptop for the past week. i opened it again today, and could not bring up my chrome browser. this is very unusual, and i believe there is an infection of some sort. i have windows xp home, i have no cd of the operating system, i will try to install FRST onto the laptop from my pc and run another scan.  i am currently running malware bytes again, to see if the same issues show up. if necessary, once i run frst, i will restart in safe networking mode. if i cannot, but i can run a scan, i will transfer the files to this computer to upload.

rob

 



#4 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 October 2017 - 10:26 PM

i had to leave for a meeting, just returned, completed tasks.
i booted in normal to run the program, in case that changed the frst results. i momentarily  opened chrome at the outset, after clicking it a few times, but could not get to any start page, nor open its settings, nor access internet. when i closed and tried again, i got nothing at all visible to check, although task manager reported multiple chrome processes running. when i tried firefox, the same thing happened. nothing visible on screen suggesting i had activated a browser, although task manager showed a firefox process running. i can't check the browser settings, at least currently in normal mode, to see if something is interesting. perhaps they will open in safe mode w networking.
 
malware bytes currently reports no problems found on scan. initially, at the beginning of the week, it detected malware files that it removed, the same files removed on two separate scans. there was also a blue screen of death after the initial scan, while attempting to reboot, for whatever reason. i took a screen shot of the results, but seemed to have trouble uploading it all to you.  i currently have no internet access in normal mode. my network, and wifi, are working with other computers and my phone. the laptop reports a connection to the network, and a good signal. and, the laptop is on my downstairs desk, and hasn't been moved since the last few times i accessed the internet for some research.
 
maybe minor, i had a flashdrive the computer reported as active, although i was not running anything on it. i put in another flashdrive to copy the frst logs. same thing, computer reported an active process. i removed this and the other one by closing the case.
 
i can't really say i did anything to invite this to happen, although obviously, something changed. i still don't quite know what is happening, technically. it just feels like some sort of malware, and a blocked access, although i suppose it could be a glitch of some sort in the system. but, until just before the day i first reported the problem, everything seemed fine, with no issues i was aware of, for at least a few years. then, a day or so before i first contacted bleeping computer, there was sluggishness when going online, and then i could not access at all. maybe something changed in my settings, but i did not notice anything obvious.
 
one thing i did try was, i unchecked the box: enable 3rd party browser extensions through control panel internet options advanced. i wasn't sure if it might have had anything to do with this issue, and can certainly activate it again.  
 
i would greatly appreciate your time and attention, to see if, whether malware or a glitch, we can find what there is to find, and repair it.
 
i do not have a windows original cd, although there might be an xp cd floating around. this os was pre-installed by dell.
for the initial frst results, i was able to boot in safe w networking, and send it directly to you. i have not tried that yet, today, and just transferred the results to a flashdrive while keeping the laptop in normal mode, at least for now.
 
i don't really have computer experience. still, fyi, i just started looking over the scan report, and noticed proxy is enabled, and then a proxy server number is listed. is that typical?  in the laptops's internet options, i do not have a proxy checked, i have lan, automatically detect settings. is there a discrepancy?
rob
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2017
Ran by rob weinberger (administrator) on UNITYGROUP (22-10-2017 22:42:10)
Running from C:\Documents and Settings\rob weinberger\Desktop
Loaded Profiles: rob weinberger (Available Profiles: rob weinberger & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
(Software 2000 Limited) C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Dell Inc.) C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\tgsrvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-02-16] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\Run: [Google Update] => C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-02] (Google Inc.)
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8992
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:8992
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{B3F97D77-DFA2-4B1B-A2CB-B7936210E993}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://my.juno.com/s/search?r=minisearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://my.juno.com/s/search?r=minisearch
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> DefaultScope {49B8CFB9-FB6C-4823-899B-BA91092DA641} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = hxxp://search.juno.com/search?action=search&source=browserbox&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> {49B8CFB9-FB6C-4823-899B-BA91092DA641} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={62588C4F-DB3B-4E13-B015-0C36A20EAE74}&mid=7d1e8eca1ea447d6ac48d15f88855b7d-6498e92aa094c1d49834cf23b8cdac2be7ea35a7&lang=en&ds=AVG&pr=pr&d=2012-09-27 16:07:13&v=12.2.5.34&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = 
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll => No File
BHO: Pop-up Blocker -> {52706EF7-D7A2-49AD-A615-E903858CF284} -> C:\Program Files\JunoInternet\qsacc\X1IEBHO.dll [2009-06-30] (Juno, Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll => No File
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-02] (Sun Microsystems, Inc.)
BHO: Juno Toolbar Helper -> {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\JunoInternet\ucreg.dll [2010-01-28] (Juno, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll No File
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll [2006-08-10] (Juno Online Services, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll [2013-08-05] (AVG Secure Search)
 
FireFox:
========
FF DefaultProfile: p9sr5iqp.default-1426630413453
FF ProfilePath: C:\Documents and Settings\rob weinberger\Application Data\Mozilla\Firefox\Profiles\p9sr5iqp.default-1426630413453 [2017-10-16]
FF DefaultSearchEngine: C:\Documents and Settings\rob weinberger\Application Data\Mozilla\Firefox\Profiles\p9sr5iqp.default-1426630413453 -> Yahoo!
FF DefaultSearchEngine.US: C:\Documents and Settings\rob weinberger\Application Data\Mozilla\Firefox\Profiles\p9sr5iqp.default-1426630413453 -> Google
FF SelectedSearchEngine: C:\Documents and Settings\rob weinberger\Application Data\Mozilla\Firefox\Profiles\p9sr5iqp.default-1426630413453 -> Yahoo!
FF Homepage: C:\Documents and Settings\rob weinberger\Application Data\Mozilla\Firefox\Profiles\p9sr5iqp.default-1426630413453 -> hxxps://www.google.com/
FF Extension: (FlashStopper) - C:\Documents and Settings\rob weinberger\Application Data\Mozilla\Firefox\Profiles\p9sr5iqp.default-1426630413453\Extensions\flashstopper@byo.co.il.xpi [2017-10-16]
FF Extension: (Flashblock) - C:\Documents and Settings\rob weinberger\Application Data\Mozilla\Firefox\Profiles\p9sr5iqp.default-1426630413453\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-09-22]
FF Extension: (Mozilla Firefox distributed by RealNetworks) - C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2016-12-06] [not signed]
FF Extension: (Google Toolbar for Firefox) - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2016-12-06] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-11-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-26] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.34
FF Extension: (AVG Security Toolbar) - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.34 [2012-09-27] [not signed]
FF HKLM\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files\Tomabo\MP4 Downloader\MP4D_FF.xpi
FF Extension: (MP4 Downloader Extension) - C:\Program Files\Tomabo\MP4 Downloader\MP4D_FF.xpi [2015-01-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-17] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll [2013-08-05] (AVG Technologies)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2976928342-3068687463-4056149513-1006: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2976928342-3068687463-4056149513-1006: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch","hxxp://google.com/"
CHR Profile: C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-10-22]
CHR Extension: (uBlock Origin) - C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-10-17]
CHR Extension: (MP4 Downloader Extension) - C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glhecpdglaanfgdgcefipbokcmenleaf [2015-10-18]
CHR Extension: (Flashcontrol) - C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-07-03]
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-16]
CHR Extension: (No Name) - C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp(2) [2017-10-16]
CHR HKLM\...\Chrome\Extension: [glhecpdglaanfgdgcefipbokcmenleaf] - C:\Program Files\Tomabo\MP4 Downloader\MP4D_GC.crx [2015-10-17]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx [2013-08-05]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-17] (Adobe Systems Incorporated) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-04-11] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-04-11] (AVG Technologies CZ, s.r.o.)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 EASEUS Agent; C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4665168 2015-08-16] (SafeNet Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-11-02] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [380928 2005-12-06] (Dell Inc.) [File not signed]
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2010-09-29] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2010-09-29] (SupportSoft, Inc.)
R2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-05] (AVG Secure Search)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [449896 2015-08-16] (SafeNet Inc.)
R3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [244040 2013-01-14] (SafeNet Inc.)
R3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [53192 2013-01-14] (SafeNet Inc.)
R3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [296200 2013-08-01] (SafeNet Inc.)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-05-12] (Windows ® 2000 DDK provider) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2017-04-11] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-05] (AVG Technologies)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-13] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-10-04] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [30600 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [35720 2011-04-22] () [File not signed]
R3 EUDISK; C:\WINDOWS\system32\drivers\eudisk.sys [187528 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14216 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\WINDOWS\System32\drivers\eufs.sys [20744 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
S3 GcKernel; C:\WINDOWS\System32\DRIVERS\GcKernel.sys [59136 2008-04-13] (Microsoft Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [618352 2015-08-16] (SafeNet Inc.)
S3 HIDSwvd; C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys [2688 2001-08-17] (Microsoft Corporation)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2017-10-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40384 2017-10-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-10-22] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-09-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-09-23] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67656 2010-09-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [38472 2010-10-20] (SafeNet, Inc.)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S0 baplqa; System32\drivers\ridw.sys [X]
S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-22 22:42 - 2017-10-22 22:43 - 000026695 _____ C:\Documents and Settings\rob weinberger\Desktop\FRST.txt
2017-10-22 22:40 - 2017-10-22 22:40 - 000000000 ____D C:\Documents and Settings\rob weinberger\Application Data\Share-to-Web Upload Folder
2017-10-22 22:40 - 2017-10-22 15:24 - 001799168 _____ (Farbar) C:\Documents and Settings\rob weinberger\Desktop\FRST.exe
2017-10-17 12:00 - 2017-10-17 12:00 - 000074785 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Desktop\bleeping file initial report.txt
2017-10-17 12:00 - 2017-10-17 12:00 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Avg
2017-10-17 11:28 - 2017-10-17 11:28 - 000002849 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Desktop\malware bytes txt report.txt
2017-10-17 10:34 - 2017-10-22 22:42 - 000000000 ____D C:\FRST
2017-10-17 10:28 - 2017-10-17 10:28 - 000001813 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Desktop\Google Chrome.lnk
2017-10-17 10:27 - 2017-10-17 10:27 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Google
2017-10-17 09:08 - 2017-10-17 15:54 - 000000178 ___SH C:\Documents and Settings\Administrator.UNITYGROUP\ntuser.ini
2017-10-17 09:08 - 2017-10-17 11:34 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Temp
2017-10-17 09:08 - 2017-10-17 09:08 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP
2017-10-17 09:08 - 2013-11-26 11:47 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Avg2014
2017-10-17 09:08 - 2012-10-16 19:32 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Avg2013
2017-10-17 09:08 - 2012-10-16 19:32 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\TuneUp Software
2017-10-17 09:08 - 2010-09-06 10:23 - 000000000 __SHD C:\Documents and Settings\Administrator.UNITYGROUP\IETldCache
2017-10-17 09:08 - 2006-05-12 17:17 - 000000128 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\fusioncache.dat
2017-10-17 09:08 - 2006-05-12 17:17 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\ATI
2017-10-17 09:08 - 2006-05-12 17:17 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\ATI
2017-10-17 09:08 - 2006-05-12 17:11 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\Musicmatch
2017-10-17 09:08 - 2006-05-12 17:04 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\BVRP Software
2017-10-17 09:08 - 2006-05-12 16:56 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2017-10-17 09:08 - 2006-05-12 16:56 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\Sun
2017-10-17 09:08 - 2006-05-12 16:48 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Dell Accessories
2017-10-17 09:08 - 2006-05-12 16:48 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Dell
2017-10-17 09:08 - 2004-08-10 14:10 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Local Settings\Application Data\ApplicationHistory
2017-10-17 09:08 - 2004-08-10 14:08 - 000000671 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Internet Explorer.lnk
2017-10-17 09:08 - 2004-08-10 14:08 - 000000642 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Outlook Express.lnk
2017-10-17 09:08 - 2004-08-10 14:04 - 000001503 _____ C:\Documents and Settings\Administrator.UNITYGROUP\Start Menu\Programs\Remote Assistance.lnk
2017-10-17 00:34 - 2017-10-17 00:33 - 000090112 _____ C:\WINDOWS\Minidump\Mini101717-01.dmp
2017-10-16 23:28 - 2017-10-22 15:09 - 000040384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-16 23:28 - 2017-10-16 23:28 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-10-16 23:27 - 2017-10-22 15:09 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-16 23:27 - 2017-10-16 23:27 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-10-16 23:27 - 2017-10-16 23:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-10-16 23:26 - 2017-10-16 23:26 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-16 23:26 - 2017-10-16 23:26 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
2017-10-16 23:26 - 2017-10-04 13:15 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-22 22:43 - 2011-10-03 14:20 - 000000000 ____D C:\Documents and Settings\rob weinberger\Local Settings\temp
2017-10-22 22:40 - 2004-08-10 13:52 - 000000000 ___HD C:\WINDOWS\inf
2017-10-22 22:32 - 2012-08-20 11:13 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-22 22:03 - 2015-10-13 23:24 - 000001014 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2976928342-3068687463-4056149513-1006UA.job
2017-10-22 22:02 - 2015-10-14 00:08 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-22 19:03 - 2011-01-25 11:59 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-10-22 16:03 - 2015-10-13 23:24 - 000000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2976928342-3068687463-4056149513-1006Core.job
2017-10-22 16:02 - 2015-10-14 00:08 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-22 15:43 - 2015-12-16 11:05 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2017-10-22 15:43 - 2011-03-16 18:36 - 000000000 ____D C:\Program Files\AVG
2017-10-22 15:30 - 2016-09-20 19:52 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-10-22 15:06 - 2011-09-04 17:33 - 000000000 ____D C:\WINDOWS\system32\logishrd
2017-10-22 15:05 - 2004-08-10 14:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-22 15:05 - 2004-08-10 13:51 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-17 11:55 - 2010-01-06 18:50 - 003804004 _____ C:\WINDOWS\ntbtlog.txt
2017-10-17 09:08 - 2004-08-10 13:57 - 000000000 ____D C:\Documents and Settings
2017-10-17 09:05 - 2006-05-16 18:35 - 000000178 ___SH C:\Documents and Settings\rob weinberger\ntuser.ini
2017-10-17 02:23 - 2004-08-10 14:08 - 000032576 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-17 02:22 - 2006-05-16 18:35 - 000000000 ____D C:\Documents and Settings\rob weinberger
2017-10-17 01:36 - 2012-08-20 11:12 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-17 01:36 - 2011-10-31 19:30 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-17 01:34 - 2004-08-10 14:02 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-17 01:04 - 2010-12-22 17:39 - 000000000 ____D C:\Program Files\Panda Security
2017-10-17 01:04 - 2004-08-10 14:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-10-17 01:03 - 2011-01-21 16:14 - 000000000 ____D C:\Program Files\Hijackthis
2017-10-17 00:34 - 2006-10-06 12:50 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-16 23:26 - 2016-08-16 14:59 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-10-16 23:26 - 2011-10-03 17:14 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-10-16 23:01 - 2004-08-10 14:08 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-10-16 23:01 - 2004-08-10 14:08 - 000000000 __SHD C:\Documents and Settings\LocalService
2017-10-16 23:00 - 2004-08-10 14:02 - 000000000 ____D C:\WINDOWS\Registration
2017-10-16 22:52 - 2016-12-06 19:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-16 22:42 - 2012-09-20 13:05 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-16 13:10 - 2016-09-20 00:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2017-10-16 12:47 - 2014-01-27 13:24 - 000000000 ____D C:\Documents and Settings\rob weinberger\Desktop\tunes
2017-10-16 12:32 - 2012-01-04 21:56 - 000000000 ____D C:\Documents and Settings\rob weinberger\Application Data\vlc
2017-10-16 12:31 - 2006-05-19 14:32 - 000000000 ____D C:\Documents and Settings\rob weinberger\My Documents\homeopathy
2017-10-16 12:25 - 2008-12-30 20:50 - 000000000 ____D C:\ISISVision
2017-09-28 12:38 - 2014-01-23 12:47 - 000000000 ____D C:\Documents and Settings\rob weinberger\Application Data\PrimoPDF
 
==================== Files in the root of some directories =======
 
2014-05-10 20:57 - 2014-05-10 20:57 - 000000000 _____ () C:\Program Files\GUM6F.tmp
2011-05-09 23:55 - 2011-05-09 23:55 - 000068922 _____ () C:\Program Files\uninstal.log
2011-05-09 23:55 - 2011-05-10 00:33 - 000283909 _____ () C:\Program Files\Unistall.log
2006-05-16 19:36 - 2016-11-28 15:08 - 000080384 _____ () C:\Documents and Settings\rob weinberger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 16:10 - 2012-08-10 16:10 - 000027520 _____ () C:\Documents and Settings\rob weinberger\Local Settings\Application Data\dt.dat
2006-05-16 18:35 - 2006-05-16 18:35 - 000000137 _____ () C:\Documents and Settings\rob weinberger\Local Settings\Application Data\fusioncache.dat
2006-05-12 17:01 - 2006-05-12 17:01 - 000000004 ____H () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
2010-12-15 15:19 - 2010-12-21 20:48 - 000000112 _____ () C:\Documents and Settings\All Users\Application Data\Ur0EX24.dat
 
Some files in TEMP:
====================
2017-10-17 01:04 - 2010-08-18 13:36 - 000054592 _____ (Panda Security, S.L.) C:\Documents and Settings\rob weinberger\Local Settings\temp\aqbarqcr.exe
2016-01-05 11:34 - 2015-11-12 17:54 - 000091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\temp\avguirn_081287814684.exe
2016-06-27 21:23 - 2016-05-18 13:03 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\temp\avguirn_081512668843.exe
2016-01-28 16:50 - 2015-12-08 08:23 - 000091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\temp\avguirn_081912506968.exe
2016-08-22 15:04 - 2016-07-20 08:01 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\temp\avguirn_0832680859.exe
2016-04-08 01:11 - 2016-02-18 13:09 - 000179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\temp\avguirn_08441435058.exe
2016-07-27 17:32 - 2016-06-21 18:49 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\temp\avguirn_08778464224.exe
2016-04-20 20:37 - 2016-03-23 16:57 - 000186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\rob weinberger\Local Settings\temp\avguirn_08963264730.exe
2007-07-29 05:37 - 2006-04-26 07:04 - 000012288 _____ (Synopsis Software) C:\Documents and Settings\rob weinberger\Local Settings\temp\clientslave.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2017
Ran by rob weinberger (22-10-2017 22:43:42)
Running from C:\Documents and Settings\rob weinberger\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2006-05-16 22:34:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2976928342-3068687463-4056149513-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.UNITYGROUP
Guest (S-1-5-21-2976928342-3068687463-4056149513-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2976928342-3068687463-4056149513-1005 - Limited - Disabled)
rob weinberger (S-1-5-21-2976928342-3068687463-4056149513-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\rob weinberger
SUPPORT_388945a0 (S-1-5-21-2976928342-3068687463-4056149513-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABC Amber Audio Converter (HKLM\...\ABC Amber Audio Converter) (Version:  - )
ACDSee (HKLM\...\ACDSee) (Version:  - )
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akiva v1.2 (HKLM\...\Akiva v1.2) (Version:  - )
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft PhotoImpression 5 (HKLM\...\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}) (Version:  - ArcSoft)
ATI Catalyst Control Center (HKLM\...\{0D251F37-10CB-46DF-BFA0-4702218DB0B6}) (Version: 1.2.2238.25568 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.205.3-060216a-031123C-Dell - )
Avery Media Software 32 bit (HKLM\...\MVApplication1) (Version:  - )
AVG (HKLM\...\{23BE727B-BB6B-449D-BC7B-3860BE5F9EA1}) (Version: 16.151.8013 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{43A28682-68D0-43A2-906A-126B40B1FFA7}) (Version: 16.0.4782 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8013 - AVG Technologies)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 15.4.0.5 - AVG Technologies)
Broadcom Management Programs (HKLM\...\{26E1BFB0-E87E-4696-9F89-B467F01F81E5}) (Version: 8.65.05 - Broadcom Corporation)
CameraHelperMsi (HKLM\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.00.1774.0 - Logitech) Hidden
Cara Additional Components (HKLM\...\Cara Additional Components) (Version:  - )
Cara Professional (HKLM\...\Cara Professional) (Version:  - )
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complete Repertory Millenium Edition (HKLM\...\Complete Repertory Millenium Edition) (Version:  - )
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version:  - )
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Digital Content Portal (HKLM\...\{B702CCCE-3176-4DBF-B932-D1B8F402F330}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.15 - BVRP Software, Inc)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab Decrypter 2.9.7.9 Beta (HKLM\...\DVDFab Decrypter_is1) (Version:  - Fengtao Software Inc.)
EarthLink setup files (HKLM\...\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}) (Version: 2005.1.47.0 - EarthLink)
EASEUS Todo Backup Free 2.5.1 (HKLM\...\EASEUS Todo Backup Free 2.5.1_is1) (Version: 2.5.1.1 - CHENGDU YIWO Tech Development Co., Ltd)
EasyCleaner (HKLM\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ToniArts)
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
exPressit S.E. 2.2 (HKLM\...\exPressit S.E. 2.2) (Version:  - )
Finale 2000a (HKLM\...\Finale 2000a) (Version:  - )
FMW 1 (HKLM\...\{0243E64A-DF27-421A-9E33-D8AE9C69585A}) (Version: 1.225.1 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HASP SRM Run-time (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 2.50.1.3928 - Aladdin Knowledge Systems Ltd.)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Photo Imaging Software (HKLM\...\HP Photo Imaging Software) (Version:  - )
HP Photo Printing Software (HKLM\...\HP Photo Printing Software) (Version:  - )
HP Share-to-Web (HKLM\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
Internal Network Card Power Management (HKLM\...\{1F528948-0E80-4C96-B455-DE4167CB1DF7}) (Version: 1.7.2 - )
ISIS Vision Release 20 (HKLM\...\ISIS Vision Release 20) (Version: 1.0021 - )
ISIS Vision Release 23 Upgrade (HKLM\...\ISIS Vision Release 23 Upgrade) (Version: 1.0023 - )
ISIS Vision Release 24 Upgrade (HKLM\...\ISIS Vision Release 24 Upgrade) (Version: 1.0024 - )
ISIS Vision Release 25 Upgrade (HKLM\...\ISIS Vision Release 25 Upgrade) (Version: 1.0025 - )
ISIS Vision Release 26 Upgrade (HKLM\...\ISIS Vision Release 26 Upgrade) (Version: 1.0027 - )
ISIS Vision Release 28 Upgrade (HKLM\...\ISIS Vision Release 28 Upgrade) (Version: 1.0028 - )
ISIS Vision Release 29 Upgrade (HKLM\...\ISIS Vision Release 29 Upgrade) (Version: 1.0030 - )
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.4 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java™ 6 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Juno Internet (HKLM\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: Juno QuickStart - United Online)
KHA  Professional Packages (HKLM\...\KHA  Professional Packages) (Version:  - )
KHA Software Packages (HKLM\...\KHA Software Packages) (Version:  - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
MediaFACE 4.01 (HKLM\...\{41979C2F-34B8-4F92-8111-B13C5864682D}) (Version: 4.01 - Fellowes) Hidden
MediaFACE 4.01 (HKLM\...\InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}) (Version: 4.01 - Fellowes)
MediaFACE 4.01 Image Library (HKLM\...\{82AF77BC-423D-42DA-BE5B-FFCA04752181}) (Version: 4.01 - Fellowes) Hidden
MediaFACE 4.01 Image Library (HKLM\...\InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}) (Version: 4.01 - Fellowes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Combat Flight Simulator (HKLM\...\Combat Flight Simulator 1.00) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 3.01 - BVRP Software)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MP4 Downloader 3 (HKLM\...\MP4 Downloader_is1) (Version:  - Tomabo)
MSN (HKLM\...\MSNINST) (Version:  - )
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
NetZeroInstallers (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
PowerDVD 5.7 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.0.9 - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RAR File Extractor (HKLM\...\{DB84E512-A65A-4CA2-8703-3C34DB09B10C}_is1) (Version:  - rarfileextractor.com)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Sentinel Protection Installer 7.6.3 (HKLM\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Sentinel Runtime (HKLM\...\{84D2090E-5F36-491F-8D57-D8D01E2D7EB5}) (Version: 7.40.1.55725 - SafeNet Inc.)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sibelius Scorch (ActiveX Only) (HKLM\...\{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}) (Version: 1.0.0 - Sibelius Software)
SideWinder Precision 2 (HKLM\...\SideWinder Precision 2) (Version:  - )
Skype™ 5.3 (HKLM\...\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}) (Version: 5.3.120 - Skype Technologies S.A.)
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
Transcribe! 7.50 (HKLM\...\Transcribe!_is1) (Version: 7.50 - Seventh String Software)
Verizon Download Manager (HKLM\...\{8C0B406B-DF08-49EF-8702-FA45752C135F}) (Version: 9 - SupportSoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)
WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24013}) (Version: 18.0.10644 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{5a0a7a32-dcdd-4961-bdcd-211289f310d7}\InprocServer32 -> C:\WINDOWS\system32\mst122.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{63944223-8ced-4d9b-a6ad-030ce1260131}\InprocServer32 -> C:\WINDOWS\mark_32.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{ad3baad2-1702-4a4d-8fda-a5ad684663be}\InprocServer32 -> C:\WINDOWS\system32\mst120.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2017-04-11] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [MediaFaceExtension] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers1: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files\Tomabo\MP4 Downloader\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files\Tomabo\MP4 Downloader\MP4P_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2013-12-05] (WinZip Computing, S.L.)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers2: [ShellExt] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [MediaFaceExtension] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2013-12-05] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2017-04-11] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files\Tomabo\MP4 Downloader\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers6: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files\Tomabo\MP4 Downloader\MP4P_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2013-12-05] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologies00
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2976928342-3068687463-4056149513-1006Core.job => C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2976928342-3068687463-4056149513-1006UA.job => C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\EasyCleaner\The Web\EasyCleaner home.lnk -> hxxp://personal.inet.fi/business/toniarts/ecleane.ht
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\EasyCleaner\The Web\ToniArts.lnk -> hxxp://personal.inet.fi/business/toniart
 
ShortcutWithArgument: C:\Documents and Settings\rob weinberger\Desktop\Unused Desktop Shortcuts\Dell Download Center.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dell.com/smb/software
 
==================== Loaded Modules (Whitelisted) ==============
 
2006-05-12 16:38 - 2006-11-01 23:48 - 000020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2006-05-12 16:38 - 2006-11-01 23:48 - 000757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-01-23 12:44 - 2011-02-28 18:37 - 000180624 _____ () C:\WINDOWS\system32\Primomonnt.dll
2006-05-21 22:27 - 2003-07-29 09:27 - 000078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBCPP5C.dll
2007-11-18 08:31 - 2005-06-28 14:59 - 000053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2011-07-03 21:42 - 2011-04-22 18:25 - 000050056 _____ () C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
2011-07-03 21:43 - 2008-11-25 17:18 - 001291264 _____ () C:\Program Files\EASEUS\Todo Backup\bin\libxml2.dll
2011-07-03 21:43 - 2004-10-05 03:08 - 000055808 _____ () C:\Program Files\EASEUS\Todo Backup\bin\zlib1.dll
2016-11-28 19:01 - 2016-11-28 19:00 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-10-16 23:26 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-08-05 04:27 - 2013-08-05 04:26 - 000161968 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
2013-08-05 04:27 - 2013-08-05 04:26 - 000521904 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
2006-05-19 00:40 - 2001-07-03 09:17 - 000024576 _____ () C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\HPGS2WNFPS.DLL
2006-05-19 00:40 - 2001-07-03 09:17 - 000065536 _____ () C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80867858.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80867858.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7590 more sites.
 
IE trusted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\mandtbank.com -> hxxps://www.mandtbank.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\...\123simsen.com -> www.123simsen.com
 
There are 7589 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-10-03 14:22 - 2011-10-03 14:25 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
DNS Servers: 209.18.47.62 - 209.18.47.61
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk => C:\WINDOWS\pss\Office Startup.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\WINDOWS\system32\WLTRAY.exe
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: FortKnoxPersonalFirewall => "C:\Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe"
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: MSKDetectorExe => C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: ROC_ROC_NT => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
MSCONFIG\startupreg: ShowLOMControl =>
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe] => Disabled:hpgs2wnf Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe] => Disabled:Sentinel Protection Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe] => Disabled:Sentinel Keys Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Juno\bin\juno.exe] => Enabled:Juno
StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Disabled:RealPlayer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Tomabo\MP4 Downloader\MP4Downloader.exe] => Enabled:MP4 Downloader
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\hasplms.exe] => Enabled:Sentinel License Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1947:TCP] => Enabled:HASP SRM 
StandardProfile\GloballyOpenPorts: [1947:UDP] => Enabled:HASP SRM 
 
==================== Restore Points =========================
 
01-08-2017 17:35:59 System Checkpoint
03-08-2017 12:11:34 System Checkpoint
13-09-2017 13:33:18 System Checkpoint
16-10-2017 22:44:34 Restore Operation
16-10-2017 22:50:29 Restore Operation
16-10-2017 22:51:47 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/16/2017 12:01:55 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (10/13/2017 01:39:36 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (10/10/2017 08:05:11 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/28/2017 12:34:02 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/25/2017 11:05:05 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/17/2017 11:03:40 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/12/2017 11:23:28 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/11/2017 08:55:48 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (09/01/2017 09:30:29 AM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
Error: (08/30/2017 09:02:46 PM) (Source: MsiInstaller) (EventID: 11303) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1303. SA_Error1303: StandardAction(0xC0070517): The installer has insufficient privileges to access this directory: C:\Program Files\AVG\Zen. The installation cannot continue. Log on as administrator or contact your system administrator.
 
 
System errors:
=============
Error: (10/22/2017 10:36:06 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B3F97D77-DFA2-4B1B-A2CB-B7936210E993} because another computer on the network has the same name.  The server could not start.
 
Error: (10/22/2017 10:36:06 PM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (10/22/2017 10:36:06 PM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (10/22/2017 10:14:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B3F97D77-DFA2-4B1B-A2CB-B7936210E993} because another computer on the network has the same name.  The server could not start.
 
Error: (10/22/2017 10:14:18 PM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (10/22/2017 10:14:18 PM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (10/22/2017 03:07:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (10/22/2017 03:07:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (10/22/2017 03:06:43 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B3F97D77-DFA2-4B1B-A2CB-B7936210E993} because another computer on the network has the same name.  The server could not start.
 
Error: (10/22/2017 03:06:43 PM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 61%
Total physical RAM: 2046.37 MB
Available physical RAM: 778.25 MB
Total Virtual: 3428.53 MB
Available Virtual: 2305.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:51.43 GB) (Free:3.88 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:13.32 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

Edited by dragon77, 22 October 2017 - 10:37 PM.


#5 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 29 October 2017 - 11:43 PM

well, this is discouraging. my original post was 2 weeks ago. for some reason, you are treating this like it's some glitch. it's an infection. when it first showed up, i could not activate system restore unless i went into safe mode, but the problem remained. tonight, i tried using command prompts. guess what, i could not use command prompts in normal mode, i was not able to access it unless i went to safe mode.  i tried netsh int ip reset c:\resetlog.txt. it worked, for 5 minutes, and then the browser (chrome) became incapacitated. i then tried cmd  netsh winsock reset, no change, except, initially, i could access command prompt. 2 minutes later, i was blocked.  malware bytes tells me my system is clear. i don't believe it. if anyone can at least start the process, and maybe complete it, tomorrow, i would be grateful. 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 AM

Posted 30 October 2017 - 02:39 PM

Hi Rob.

 

Thanks for your patience. We have had a bit of a backlog and I apologize for the delay. Let me take a look and I will reply back today.

 

Gary


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 AM

Posted 30 October 2017 - 03:22 PM

Hi Rob.

Since you are short on time we are going to get a bit aggressive right out of the gate.

Do you know what this program is? If you do not I would like you to remove it via the first set of instructions.

Akiva v1.2

Please do these things.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click the Revo Uninstaller icon
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
AVG
AVG 2016
AVG Protection
AVG Security Toolbar
Akiva v1.2 (only if you don't recognize i
  • If presented with the program uninstall option click Uninstall
  • If asked to reboot select Reboot later
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window check the items in bold only then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, then Finish
  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = 
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
S0 baplqa; System32\drivers\ridw.sys [X]
S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
2017-10-17 09:08 - 2012-10-16 19:32 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\TuneUp Software
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{5a0a7a32-dcdd-4961-bdcd-211289f310d7}\InprocServer32 -> C:\WINDOWS\system32\mst122.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{63944223-8ced-4d9b-a6ad-030ce1260131}\InprocServer32 -> C:\WINDOWS\mark_32.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{ad3baad2-1702-4a4d-8fda-a5ad684663be}\InprocServer32 -> C:\WINDOWS\system32\mst120.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => No File
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
RemoveProxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs removed successfully (did you recognize Akiva v1.2)
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 30 October 2017 - 05:16 PM

Hi Gary-thanks for your help. 

akiva is a homeopathic software program for acute ailments that i ordered.

i tried using revo for avg protection and avg security task bar. i don't think the process completed itself. it could not establish a restore point, and for at least one of them, i couldn't get the program to scan for remainders. by the way, if i no longer have avg, do i simply download it again? or if is not functioning, remove what's left and then download?

i ran frst, fix log is below. i attemped to run adwcleaner, the computer would not let me, stating it is an unauthorized win32 application, or something like that. i did not yet attempt to boot in normal to check the machine performance, in case you wanted me to try something else first. Rob

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Administrator (30-10-2017 17:15:42) Run:1
Running from C:\Documents and Settings\Administrator.UNITYGROUP\Desktop
Loaded Profiles: Administrator (Available Profiles: rob weinberger & Administrator)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = 
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program
Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
S0 baplqa; System32\drivers\ridw.sys [X]
S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
2017-10-17 09:08 - 2012-10-16 19:32 - 000000000 ____D C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\TuneUp Software
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and
Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{5a0a7a32-dcdd-4961-bdcd-211289f310d7}\InprocServer32 -> C:\WINDOWS\system32\mst122.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{63944223-8ced-4d9b-a6ad-030ce1260131}\InprocServer32 -> C:\WINDOWS\mark_32.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll => No
File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{ad3baad2-1702-4a4d-8fda-a5ad684663be}\InprocServer32 -> C:\WINDOWS\system32\mst120.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID:
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => No File
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
RemoveProxy:
emptytemp:
 
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value not found.
HKLM\Software\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key removed successfully.
HKLM\Software\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully.
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\avgsecuritytoolbar => key removed successfully.
HKLM\Software\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C} => key removed successfully.
HKLM\Software\Classes\PROTOCOLS\Handler\linkscanner => key removed successfully.
HKLM\Software\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key removed successfully.
HKLM\System\CurrentControlSet\Services\baplqa => key removed successfully.
baplqa => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
catchme => service removed successfully.
HKLM\System\CurrentControlSet\Services\TlntSvr => key removed successfully.
TlntSvr => service removed successfully.
HKLM\System\CurrentControlSet\Services\wanatw => key removed successfully.
wanatw => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\Administrator.UNITYGROUP\Application Data\TuneUp Software => moved successfully
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found. 
Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll => No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key not found. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{5a0a7a32-dcdd-4961-bdcd-211289f310d7} => key not found. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{63944223-8ced-4d9b-a6ad-030ce1260131} => key not found. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found. 
File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{ad3baad2-1702-4a4d-8fda-a5ad684663be} => key not found. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => key not found. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key not found. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found. 
CustomCLSID: => key could not remove.: incorrect path. 
HKU\S-1-5-21-2976928342-3068687463-4056149513-1006_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\rob weinberger\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => No File => Error: No automatic fix found for this entry.
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
The following command was not found: advfirewall reset.
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
The following command was not found: advfirewall set allprofiles state ON.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
'Bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2976928342-3068687463-4056149513-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2976928342-3068687463-4056149513-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 43963 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 158310993 B
Edge => 0 B
Chrome => 149166904 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 82762 B
All Users => 0 B
systemprofile => 694419306 B
LocalService => 361288 B
NetworkService => 3106048 B
rob weinberger => 95700488 B
Administrator.UNITYGROUP => 2174957 B
 
RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:17:05 ====


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 AM

Posted 30 October 2017 - 07:36 PM

Hi Rob.

There were some errors related to AVG and since antivirus programs can cause system issues I figured we would delete AVG then reinstall if you want.

Please run this. Following the step boot into Normal Mode and let me know what you find.

BTW I should be online until approximately 8PM tonight.

===================================================

AVG Remover Tool

--------------------
  • Please download AVG Remover Tool and save it to your Desktop
  • Right click the icon and select Run as administrator
  • Click Continue on the AVG Remover section
  • If presented with screen saying Run anyway click that button
  • Follow any on screen instructions, i.e. Restart to finalize the process
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did AVG uninstall?
  • Computer behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 30 October 2017 - 08:41 PM

ran avg remover, claimed there were no components, tried continuing, run anyway, and hit a snag. will try to upload a screen shot. then, went back to Revo, this time could establish a restore point, removed avg tool bar and all remnants. tried avg remove, still an issue. noticed there actually were 2 avg processes running besides avg uninstaller, closed them. 

i still am not able to bring up a browser, even though i see its process running on task manager. i have let avg uninstaller continue, but 100% of resources are being used, so i think there is an issue.

i think you are 3 hours behind me, if you said you are good until 8 pm, hopefully pacific time.

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 AM

Posted 30 October 2017 - 08:47 PM

Are you able to launch Internet Explorer and/or Firefox?

 

Confirm you have Internet is Safe Mode?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 30 October 2017 - 09:13 PM

just now i am able to open chrome. first time i tried it opened, but did not load, which has sometimes been the issue. however, i am now online with it for 5 or 10 minutes, and it did not shut down, which was the problem, or one of the problems, before.

avg uninstaller is continuing to run, after two reboots. revo reports no more avg.

i was thinking of trying to load adaware, to see if it might work at this time. what do you suggest?

also, did you find any malware, or do you believe avg was the issue, or perhaps there was a combination of things?

and, if things are good, could i then download and install a free version of avg? or, would you have another recommendation for anti virusware?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 AM

Posted 30 October 2017 - 09:29 PM

Greetings,

The issue could have been a number of things including malware and/or corruption.

Please be sure to reply to my earlier questions.
 

Are you able to launch Internet Explorer and/or Firefox?

Confirm you have Internet is Safe Mode?


Do you now have Internet access in Normal Boot?

Please go into Task Manager and end all Chrome processes. Then do this and tell me if Chrome loads.

===================================================

Launching Chrome Incognito

--------------------
  • Press the Windows Key + R at the same time
  • Type in chrome --incognito and press Enter
  • Check the browser behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Repy to questions
  • Chrome results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 30 October 2017 - 09:45 PM

i can launch firefox, although it could not update itself. right now, i still have firefox in normal mode.

chrome has become inconsistent, and i could not open google this time.

all throughout the issue, i could still open safe boot with networking to access internet.

i tried chrome --incognito, i assume the windows key is the one with the flag, which opened the run box (cmd?) and nothing happened.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 AM

Posted 30 October 2017 - 09:52 PM

You need to make sure you answer my questions. Do you have Internet access is Normal Boot? I'm not sure whether running Firefox in Normal means normally launching Firefox or while in Normal Boot.

Right click on your Chrome icon, select Shortcut, and change the Target information to the following:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -incognito

Save the change, double click the icon and tell me what happens.

Edited by Oh My!, 30 October 2017 - 09:54 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users