Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Trojan virus, Specific user account runs slow, AOL and Flash

Started by dboik , Dec 16 2014 08:50 PM

  • This topic is locked This topic is locked

#1
dboik
Posted 16 December 2014 - 08:50 PM

dboik

    Member

  • Member
  • PipPip
  • 34 posts

Mom's computer started after shopping on line, acting slow redirects etc.

I uninstalled Chrome and modzilla, ran malwarebytes, and superantispyware.  Installed AVG Free and scanned.  It seems that the two accounts on the computer are separated even though my account is the master and hers is a standard.  The standard account had some changes where it no longer required an administrator password to install.

 

User Darin seems to run ok, but user Bobbie runs very slow, AOL really lags and chrome does not always start.  Get some error messages that the flash player required with some redirects.

 

OTL Log below....thanks for any help.

 

 

 

 

OTL logfile created on: 12/16/2014 9:16:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\darin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.49 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 61.87% Memory free
7.19 Gb Paging File | 5.74 Gb Available in Paging File | 79.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 153.02 Gb Free Space | 69.37% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 9.68 Gb Free Space | 99.12% Space Free | Partition Type: NTFS
 
Computer Name: DELL_LAPTOP | User Name: darin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/16 21:15:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\darin\Desktop\OTL.exe
PRC - [2014/12/13 12:31:46 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2014/12/13 12:31:44 | 006,697,752 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/12/03 13:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgidsagent.exe
PRC - [2014/11/09 21:56:14 | 003,653,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgui.exe
PRC - [2014/11/09 21:52:20 | 000,669,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgemcx.exe
PRC - [2014/11/09 21:50:28 | 001,071,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgnsx.exe
PRC - [2014/11/09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/11/09 21:46:04 | 000,880,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2015\avgrsx.exe
PRC - [2014/11/09 21:43:46 | 000,691,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2015\avgcsrvx.exe
PRC - [2014/08/04 02:48:17 | 005,095,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2014/08/04 02:48:16 | 012,710,240 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2014/08/04 02:36:26 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2010/04/05 15:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 12:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1346904285\ee\aolsoftware.exe
PRC - [2010/02/17 14:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 21:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/05/09 16:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/12 09:56:02 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\525d2a189e395c60a20cded4d2bfea76\System.Runtime.Remoting.ni.dll
MOD - [2014/10/17 08:51:36 | 011,908,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\57bed17a3ad0ad3bbe717287d4cb1625\System.Web.ni.dll
MOD - [2014/10/17 08:48:18 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cf2c94955471d68d3708b1fbf613ae46\System.ni.dll
MOD - [2014/09/12 15:25:57 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2007/12/08 13:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/12/13 12:31:46 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2014/12/03 13:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/11/09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/08/04 02:48:17 | 005,095,264 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2014/10/29 21:34:52 | 000,213,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/10/10 14:13:58 | 000,200,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/10/05 20:42:06 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/08/28 20:43:36 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/07/18 14:55:24 | 000,230,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/06/18 20:16:30 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/06/18 20:03:36 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/06/18 20:03:34 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/06/18 20:03:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/15 12:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/10 16:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 09:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/29 17:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=13-11-2012
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...kusaolp00000051
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 0A 9B 1E DB 8B CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9B603593-E9A5-45B3-8293-DF9A2C3D7388}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=13-11-2012
 
IE - HKCU\..\SearchScopes\{9B603593-E9A5-45B3-8293-DF9A2C3D7388}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012/09/05 20:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darin\AppData\Roaming\Mozilla\Extensions
[2014/12/13 11:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default\extensions
[2014/12/13 11:27:46 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/09/01 15:01:16 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default\extensions\[email protected]
[2014/11/10 18:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/10 18:51:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1346904285\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_535CDA410F187A7676A2AA6860FD3BB7] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1418781009 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://lazboy3d.icov...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CB58D9C-74AD-4847-A296-141F90C7A759}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDE7D9F0-0017-401C-BBC8-D3CF65172C0B}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/16 21:14:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\darin\Desktop\OTL.exe
[2014/12/14 00:13:49 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Roaming\AVG2015
[2014/12/14 00:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/12/14 00:11:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/12/14 00:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/12/14 00:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/12/14 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\MFAData
[2014/12/14 00:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/12/14 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\Avg2015
[2014/12/13 21:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/13 21:25:31 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\Google
[2014/12/13 21:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/12/13 21:24:49 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\Apps
[2014/12/13 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\Deployment
[2014/12/13 12:06:37 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/13 12:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/13 12:06:01 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/12/13 12:06:01 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/12/13 12:06:01 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/12/13 12:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/16 21:15:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\darin\Desktop\OTL.exe
[2014/12/16 20:53:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/16 20:44:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 20:44:17 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 20:44:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/16 20:44:09 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/16 20:30:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/16 20:25:09 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/14 10:00:14 | 000,642,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/12/14 10:00:14 | 000,119,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/12/14 09:59:12 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/12/14 09:57:21 | 000,001,955 | ---- | M] () -- C:\Users\darin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/14 05:31:23 | 000,001,356 | ---- | M] () -- C:\Users\darin\AppData\Local\d3d9caps.dat
[2014/12/13 21:58:27 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/13 12:34:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/12/13 12:34:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/12/12 08:20:16 | 000,038,777 | ---- | M] () -- C:\ProgramData\893686b8
[2014/12/01 14:50:16 | 255,052,974 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014/12/14 09:59:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/12/13 21:58:27 | 000,001,955 | ---- | C] () -- C:\Users\darin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/13 21:58:27 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/13 21:25:36 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/13 21:25:35 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/13 12:34:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/12/13 12:34:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/12/11 22:25:31 | 000,038,777 | ---- | C] () -- C:\ProgramData\893686b8
[2014/04/07 21:54:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\SAH_Install.ini
[2013/01/12 13:00:56 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2013/01/12 13:00:55 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2013/01/12 13:00:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2013/01/12 13:00:54 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2013/01/12 12:56:10 | 001,174,000 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2013/01/12 12:56:10 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4864.dll
[2013/01/12 12:56:10 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2013/01/12 11:26:11 | 000,006,144 | ---- | C] () -- C:\Users\darin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/04 16:24:37 | 000,001,356 | ---- | C] () -- C:\Users\darin\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/12/14 00:13:49 | 000,000,000 | ---D | M] -- C:\Users\darin\AppData\Roaming\AVG2015
[2014/12/13 11:13:57 | 000,000,000 | ---D | M] -- C:\Users\darin\AppData\Roaming\ID Vault
[2012/09/09 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\darin\AppData\Roaming\SoftMaker
[2012/09/04 17:10:30 | 000,000,000 | ---D | M] -- C:\Users\darin\AppData\Roaming\TMP
[2012/09/05 22:31:07 | 000,000,000 | ---D | M] -- C:\Users\darin\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
BrianDrab
Posted 16 December 2014 - 10:48 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

I'd like to use a different tool to take a look. Please follow the instructions below.

 

Step#1 - Fresh Set of Logs Needed
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 


  • 0

#3
dboik
Posted 17 December 2014 - 06:19 PM

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hi Brian,

 

Thanks for the help!  Here follows the logs you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by darin (administrator) on DELL_LAPTOP on 17-12-2014 19:14:19
Running from C:\Users\darin\Desktop
Loaded Profile: darin (Available profiles: darin & Bobbie)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1346904285\ee\aolsoftware.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1346904285\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2779640238-3425638059-3520445709-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6697752 2014-12-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2779640238-3425638059-3520445709-1000\...\Run: [GoogleChromeAutoLaunch_535CDA410F187A7676A2AA6860FD3BB7] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-2779640238-3425638059-3520445709-1000\...\RunOnce: [Adobe Speed Launcher] => 1418861231
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2779640238-3425638059-3520445709-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...kusaolp00000051
HKU\S-1-5-21-2779640238-3425638059-3520445709-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=13-11-2012
 
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1000 -> DefaultScope {9B603593-E9A5-45B3-8293-DF9A2C3D7388} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=13-11-2012
 
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1000 -> {9B603593-E9A5-45B3-8293-DF9A2C3D7388} URL = https://www.google.c...q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2779640238-3425638059-3520445709-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://lazboy3d.icov...X_WEB_Win32.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default
FF Homepage: hxxp://www.aol.com
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: 20-20 3D Viewer - WEB - C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default\Extensions\[email protected] [2013-09-01]
FF Extension: AOL Toolbar - C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2014-12-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.cnn.com/
CHR StartupUrls: Default -> "hxxp://www.cnn.com/"
CHR Profile: C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-13]
CHR Extension: (Google Docs) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-13]
CHR Extension: (Google Drive) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
CHR Extension: (YouTube) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-13]
CHR Extension: (Google Cast) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-16]
CHR Extension: (Google Search) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-13]
CHR Extension: (Google Sheets) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-13]
CHR Extension: (Google Wallet) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-13]
CHR Extension: (Gmail) - C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-13]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-12-13] (SUPERAntiSpyware.com)
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 19:14 - 2014-12-17 19:14 - 00013381 _____ () C:\Users\darin\Desktop\FRST.txt
2014-12-17 19:12 - 2014-12-17 19:14 - 00000000 ____D () C:\FRST
2014-12-17 19:11 - 2014-12-17 19:11 - 01113600 _____ (Farbar) C:\Users\darin\Desktop\FRST.exe
2014-12-16 21:36 - 2014-12-16 21:36 - 00037904 _____ () C:\Users\darin\Desktop\Extras.Txt
2014-12-16 21:34 - 2014-12-16 21:34 - 00052860 _____ () C:\Users\darin\Desktop\OTL.Txt
2014-12-16 21:14 - 2014-12-16 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\darin\Desktop\OTL.exe
2014-12-15 21:34 - 2014-12-15 21:34 - 00011275 _____ () C:\Users\Bobbie\Documents\FwdYoucannotmakethisup
2014-12-14 10:06 - 2014-12-14 10:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\AVG2015
2014-12-14 10:06 - 2014-12-14 10:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\Avg2015
2014-12-14 09:59 - 2014-12-14 09:59 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-14 00:13 - 2014-12-14 00:13 - 00000000 ____D () C:\Users\darin\AppData\Roaming\AVG2015
2014-12-14 00:12 - 2014-12-14 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-14 00:11 - 2014-12-14 08:00 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-14 00:11 - 2014-12-14 00:11 - 00000000 ___HD () C:\$AVG
2014-12-14 00:10 - 2014-12-14 00:10 - 00000000 ____D () C:\Program Files\AVG
2014-12-14 00:01 - 2014-12-17 19:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-14 00:01 - 2014-12-14 08:02 - 00000000 ____D () C:\Users\darin\AppData\Local\Avg2015
2014-12-14 00:01 - 2014-12-14 00:01 - 00000000 ____D () C:\Users\darin\AppData\Local\MFAData
2014-12-14 00:00 - 2014-12-14 00:01 - 04637504 _____ (AVG Technologies) C:\Users\darin\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-12-13 21:58 - 2014-12-13 21:58 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-13 21:58 - 2014-12-13 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-13 21:25 - 2014-12-17 19:07 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-13 21:25 - 2014-12-16 22:30 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 21:25 - 2014-12-13 21:58 - 00000000 ____D () C:\Users\darin\AppData\Local\Google
2014-12-13 21:25 - 2014-12-13 21:57 - 00000000 ____D () C:\Program Files\Google
2014-12-13 21:24 - 2014-12-13 21:25 - 00000000 ____D () C:\Users\darin\AppData\Local\Deployment
2014-12-13 21:24 - 2014-12-13 21:24 - 00000000 ____D () C:\Users\darin\AppData\Local\Apps\2.0
2014-12-13 15:30 - 2014-12-14 09:55 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\Ushoanyf
2014-12-13 12:34 - 2014-12-13 12:34 - 00000000 __RSH () C:\MSDOS.SYS
2014-12-13 12:34 - 2014-12-13 12:34 - 00000000 __RSH () C:\IO.SYS
2014-12-13 12:06 - 2014-12-16 20:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 12:06 - 2014-12-13 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 12:06 - 2014-12-13 12:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-13 12:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-13 12:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-13 12:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-13 11:24 - 2014-12-13 11:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\darin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-12 18:11 - 2014-12-12 18:11 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\SUPERAntiSpyware.com
2014-12-12 16:45 - 2014-12-12 16:45 - 00105984 _____ () C:\Users\Bobbie\AppData\Local\jrsxilre.exe
2014-12-12 12:18 - 2014-12-13 12:30 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\Aztearam
2014-12-11 22:25 - 2014-12-12 08:20 - 00038777 _____ () C:\ProgramData\893686b8
2014-12-11 22:25 - 2014-12-12 08:20 - 00038020 _____ () C:\Users\Bobbie\AppData\Local\893686b8
2014-12-11 22:25 - 2014-12-12 08:20 - 00036873 _____ () C:\Users\Bobbie\AppData\Roaming\893686b8
2014-12-11 16:24 - 2014-12-13 14:09 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\Osemryxu
2014-12-10 19:29 - 2014-12-13 16:05 - 00000680 _____ () C:\Users\Bobbie\AppData\Local\d3d9caps.dat
2014-12-10 19:12 - 2014-12-10 19:12 - 00006323 _____ () C:\Users\Bobbie\AppData\Local\kpgqmdsh
2014-12-10 19:01 - 2014-12-10 19:01 - 00006323 _____ () C:\Users\Bobbie\AppData\Local\nqofgtkg
2014-12-10 18:52 - 2014-12-10 18:52 - 00068590 _____ () C:\Users\Bobbie\AppData\Local\vslwrhco
2014-12-10 18:49 - 2014-12-13 14:09 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\Agluyky
2014-12-10 13:01 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 13:00 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 12:52 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 14:56 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 14:56 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 14:56 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 14:56 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 14:56 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 14:56 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 14:56 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 14:56 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 14:56 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 14:56 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 14:56 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-01 14:50 - 2014-12-01 14:50 - 00143728 _____ () C:\Windows\Minidump\Mini120114-01.dmp
2014-12-01 08:29 - 2014-12-01 08:29 - 00000000 ____D () C:\Users\Bobbie\Documents\20141130_222731
2014-12-01 08:28 - 2014-12-01 08:29 - 02730740 _____ () C:\Users\Bobbie\Documents\20141130_222731.zip
2014-11-26 15:39 - 2014-11-26 15:39 - 00726009 _____ () C:\Users\Bobbie\Documents\scan0004.zip
2014-11-26 15:39 - 2014-11-26 15:39 - 00000000 ____D () C:\Users\Bobbie\Documents\scan0004
2014-11-22 19:44 - 2014-12-13 21:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\Google
2014-11-19 14:10 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 19:12 - 2008-01-20 20:38 - 01323074 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 19:08 - 2014-06-14 08:09 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-17 19:06 - 2008-01-20 22:02 - 00088022 _____ () C:\Windows\PFRO.log
2014-12-17 19:06 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 19:06 - 2006-11-02 07:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 19:06 - 2006-11-02 07:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 22:39 - 2006-11-02 07:58 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-14 10:00 - 2006-11-02 05:33 - 00758862 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 09:59 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-14 05:31 - 2012-09-04 16:24 - 00001356 _____ () C:\Users\darin\AppData\Local\d3d9caps.dat
2014-12-13 21:12 - 2014-11-10 18:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 17:16 - 2012-09-05 21:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 17:01 - 2012-09-05 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 12:06 - 2013-01-11 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-13 11:13 - 2013-01-13 13:14 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\ID Vault
2014-12-13 11:13 - 2012-12-14 13:32 - 00000000 ____D () C:\Users\darin\AppData\Local\ID Vault
2014-12-13 11:13 - 2012-12-14 13:31 - 00000000 ____D () C:\Users\darin\AppData\Roaming\ID Vault
2014-12-13 11:13 - 2012-12-14 13:31 - 00000000 ____D () C:\Program Files\AOL OnePoint
2014-12-13 09:44 - 2014-04-07 21:53 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\ShopAtHome
2014-12-13 09:29 - 2012-09-05 22:05 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 09:29 - 2012-09-05 22:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-10 13:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 13:00 - 2013-08-14 16:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 12:53 - 2006-11-02 05:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-08 18:25 - 2014-06-14 12:11 - 00081920 _____ () C:\Users\Bobbie\Documents\image.jpeg
2014-12-01 14:50 - 2013-02-22 19:07 - 255052974 _____ () C:\Windows\MEMORY.DMP
2014-12-01 14:50 - 2013-02-22 19:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 14:04 - 2012-09-04 18:15 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-17 19:12
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by darin at 2014-12-17 19:15:10
Running from C:\Users\darin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-11-2014 08:54:18 Scheduled Checkpoint
27-11-2014 12:37:52 Scheduled Checkpoint
28-11-2014 18:42:21 Scheduled Checkpoint
29-11-2014 08:48:41 Scheduled Checkpoint
30-11-2014 13:48:27 Scheduled Checkpoint
01-12-2014 13:50:40 Scheduled Checkpoint
02-12-2014 18:30:44 Scheduled Checkpoint
03-12-2014 16:21:39 Scheduled Checkpoint
04-12-2014 16:24:38 Scheduled Checkpoint
05-12-2014 17:05:45 Scheduled Checkpoint
06-12-2014 08:18:51 Scheduled Checkpoint
07-12-2014 14:23:35 Scheduled Checkpoint
08-12-2014 17:20:19 Scheduled Checkpoint
09-12-2014 15:29:01 Scheduled Checkpoint
10-12-2014 12:49:38 Windows Update
13-12-2014 13:41:31 Scheduled Checkpoint
13-12-2014 16:59:54 Windows Update
14-12-2014 00:09:36 Installed AVG 2015
14-12-2014 00:10:49 Installed AVG 2015
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {27676BE1-832C-4DD0-8AAD-E92B1EA2A7FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {4FBFB615-5F4E-4D7C-B099-A1B7E9BED852} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {F8CBB645-D945-4C76-982B-94568640B26A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-04 23:03 - 2007-12-08 13:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2012-09-04 23:03 - 2007-12-08 13:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Bobbie\Documents\Fwd_TheCrackerFiles.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2779640238-3425638059-3520445709-500 - Administrator - Disabled)
Bobbie (S-1-5-21-2779640238-3425638059-3520445709-1001 - Limited - Enabled) => C:\Users\Bobbie
darin (S-1-5-21-2779640238-3425638059-3520445709-1000 - Administrator - Enabled) => C:\Users\darin
Guest (S-1-5-21-2779640238-3425638059-3520445709-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/17/2014 07:07:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/16/2014 10:39:36 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/16/2014 08:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/16/2014 07:44:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/16/2014 03:21:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/15/2014 08:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/15/2014 04:38:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/15/2014 08:29:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2014 10:33:02 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/14/2014 08:46:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/17/2014 07:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/17/2014 07:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/17/2014 07:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/17/2014 07:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/17/2014 07:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/17/2014 07:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/17/2014 07:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (12/16/2014 09:12:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/16/2014 09:12:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/16/2014 08:53:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (12/17/2014 07:07:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/16/2014 10:39:36 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/16/2014 08:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/16/2014 07:44:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/16/2014 03:21:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/15/2014 08:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/15/2014 04:38:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/15/2014 08:29:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2014 10:33:02 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/14/2014 08:46:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-17 19:15:02.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:15:02.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:15:02.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:15:02.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:15:01.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:15:01.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:15:01.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:15:01.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:14:29.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-17 19:14:29.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 3573.12 MB
Available physical RAM: 1944.6 MB
Total Pagefile: 7355.98 MB
Available Pagefile: 5561.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:220.58 GB) (Free:152.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:9.77 GB) (Free:9.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
BrianDrab
Posted 18 December 2014 - 10:46 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the logs. I do see that both the Bobbie profile and darin profile are infected (Bobbie's is worse as you suspected). Let's clean up darin and then we can work on Bobbie. Let's get started.
 
Step#1 - Question
 
Can you explain to me what you meant by the following statement?
 

The standard account had some changes where it no longer required an administrator password to install.

 
 
Step#2 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.59KB   156 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
 
Step#3 - Retrieve Malwarebytes log
 
1. Open up the Malwarebytes program. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Put a check mark next to Scan Log as shown in the picture below.
5. Click the view button as shown in the picture below.
6. Copy/Paste the contents of this log in to your next post.
GetLog.JPG
Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
 
 
Step#5 - JRT
 
Note: Please disable your Antivirus Software before doing Step#1. Info on how to do this is here.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.
 
  
 
Items for your next post
1. Answer to my question
2. Fix log
3. Malwarebytes log
4. Adwcleaner log
5. JRT log


  • 0

#5
dboik
Posted 18 December 2014 - 03:40 PM

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
To clarify my statement about user password to install programs, I am referring to the windows "user Account Control" was turned off.  Whatever virus/malware must have done that.  I since turned it back on.
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2014
Ran by darin at 2014-12-18 14:51:02 Run:1
Running from C:\Users\darin\Desktop
Loaded Profiles: darin & Bobbie (Available profiles: darin & Bobbie)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=13-11-2012
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=13-11-2012
Toolbar: HKU\S-1-5-21-2779640238-3425638059-3520445709-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF user.js: detected! => C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default\user.js
C:\Users\Bobbie\AppData\Roaming\Ushoanyf
2014-12-12 16:45 - 2014-12-12 16:45 - 00105984 _____ () C:\Users\Bobbie\AppData\Local\jrsxilre.exe
2014-12-12 12:18 - 2014-12-13 12:30 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\Aztearam
2014-12-11 22:25 - 2014-12-12 08:20 - 00038777 _____ () C:\ProgramData\893686b8
2014-12-11 22:25 - 2014-12-12 08:20 - 00038020 _____ () C:\Users\Bobbie\AppData\Local\893686b8
2014-12-11 22:25 - 2014-12-12 08:20 - 00036873 _____ () C:\Users\Bobbie\AppData\Roaming\893686b8
2014-12-11 16:24 - 2014-12-13 14:09 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\Osemryxu
2014-12-10 19:12 - 2014-12-10 19:12 - 00006323 _____ () C:\Users\Bobbie\AppData\Local\kpgqmdsh
2014-12-10 19:01 - 2014-12-10 19:01 - 00006323 _____ () C:\Users\Bobbie\AppData\Local\nqofgtkg
2014-12-10 18:52 - 2014-12-10 18:52 - 00068590 _____ () C:\Users\Bobbie\AppData\Local\vslwrhco
2014-12-10 18:49 - 2014-12-13 14:09 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\Agluyky
EmptyTemp:
 
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key deleted successfully.
"HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key not found.
"HKU\S-1-5-21-2779640238-3425638059-3520445709-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key deleted successfully.
"HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key not found.
HKU\S-1-5-21-2779640238-3425638059-3520445709-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.
C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\8ycblkyc.default\user.js => Moved successfully.
C:\Users\Bobbie\AppData\Roaming\Ushoanyf => Moved successfully.
C:\Users\Bobbie\AppData\Local\jrsxilre.exe => Moved successfully.
C:\Users\Bobbie\AppData\Roaming\Aztearam => Moved successfully.
C:\ProgramData\893686b8 => Moved successfully.
C:\Users\Bobbie\AppData\Local\893686b8 => Moved successfully.
C:\Users\Bobbie\AppData\Roaming\893686b8 => Moved successfully.
C:\Users\Bobbie\AppData\Roaming\Osemryxu => Moved successfully.
C:\Users\Bobbie\AppData\Local\kpgqmdsh => Moved successfully.
C:\Users\Bobbie\AppData\Local\nqofgtkg => Moved successfully.
C:\Users\Bobbie\AppData\Local\vslwrhco => Moved successfully.
C:\Users\Bobbie\AppData\Roaming\Agluyky => Moved successfully.
EmptyTemp: => Removed 2.9 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/16/2014
Scan Time: 8:25:10 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.16.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: darin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336673
Time Elapsed: 16 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
Trojan.Agent.ED, C:\Users\Bobbie\AppData\Local\Temp\UpdateFlashPlayer_19f75d4b.exe, Quarantined, [87fe66fd2d4ffd39c6b0ed03649dbc44], 
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 4126709500.job, Quarantined, [c1c40c57770556e09ed0e9ad05ffa759], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
# AdwCleaner v4.105 - Report created 18/12/2014 at 16:17:09
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : darin - DELL_LAPTOP
# Running from : C:\Users\darin\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Bobbie\AppData\Local\AOL Toolbar
Folder Deleted : C:\Users\darin\AppData\Local\Conduit
Folder Deleted : C:\Users\darin\AppData\LocalLow\alotappbar
Folder Deleted : C:\Users\darin\AppData\LocalLow\alotservice
Folder Deleted : C:\Users\darin\AppData\LocalLow\Conduit
File Deleted : C:\alotserviceruntime.log
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v
 
[ri5ac3t3.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[ri5ac3t3.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3521 octets] - [18/12/2014 16:10:19]
AdwCleaner[S0].txt - [3476 octets] - [18/12/2014 16:17:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3536 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by darin on Thu 12/18/2014 at 16:27:37.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/18/2014 at 16:30:14.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#6
BrianDrab
Posted 19 December 2014 - 09:50 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you for the clarification. If you don't have any issues/concerns with the darin profile, let's move on to Bobbie.

 

Step#1 - Prepare Bobbie's profile

It does appear that Bobbie's profile needs more attention than the darin profile. Our tools work best if run from an Administrator account. Can you temporarily make Bobbie an administrator so we can clean it up? If so, please follow the instructions below to do so.

 

1. Click the Start Orb in the lower left corner of the screen and then right-click on Computer and select Manage.

ManageComputer.JPG

 

2. Within the Computer Management screen that comes up, expand Local Users and Groups and click on the Groups folder.

3. Double-click the Administrators group to open it and then click the Add button.

AddUserToGroup.JPG

 

 

4. Type Bobbie in the Enter the object names to select section and click OK.

AddUserToGroup2.JPG

 

5. Lastly, click OK on the Administrators Properties screen to save your changes and exit.

Finish.JPG

 

6. Log on to the machine using Bobbie now before continuing.

 

 

Step#2 - Fresh Set of Logs Needed
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The tool will generate another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

   

 

Items for your next post

1. FRST and Addition logs from Bobbie's profile

2. Rootkit scan log

 


  • 0

#7
dboik
Posted 19 December 2014 - 09:51 PM

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Wow!  Those scans took several hours and I don't believe the aswMBR scan totally completed.  Hard to tell, you can see in the log where I saved the log.  I still have it running but it has been running for several hours.  The computer is extremely slow to respond when used under the Bobbie account.  I have to wait several minutes just to select text and copy/paste.

 

Here follow the logs I have:  I am still letting the aswMBR scan run just in case it is not finished.  If it finishes over night I will list its findings.

 

 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by Bobbie (administrator) on DELL_LAPTOP on 19-12-2014 13:56:29
Running from C:\Users\Bobbie\Desktop
Loaded Profile: Bobbie (Available profiles: darin & Bobbie)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1346904285\ee\aolsoftware.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1346904285\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [khohvetj] => "C:\Users\Bobbie\AppData\Local\amqwigsr.exe"
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [uvafqhqt] => "C:\Users\Bobbie\AppData\Local\jrsxilre.exe"
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [Olpigeex] => C:\Users\Bobbie\AppData\Roaming\Ushoanyf\ryvue.exe
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7\AOL.EXE [42320 2012-04-20] (AOL Inc.)
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\RunOnce: [Adobe Speed Launcher] => 1419012268
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...hpgreetingrule1
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=13-11-2012
 
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://lazboy3d.icov...X_WEB_Win32.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Bobbie\AppData\Roaming\Mozilla\Firefox\Profiles\ri5ac3t3.default
FF Homepage: www.cnn.com
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2779640238-3425638059-3520445709-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-22]
CHR Extension: (Google Docs) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-22]
CHR Extension: (Google Drive) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-22]
CHR Extension: (YouTube) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-22]
CHR Extension: (Google Search) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-22]
CHR Extension: (Google Sheets) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-22]
CHR Extension: (Google Wallet) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-22]
CHR Extension: (Gmail) - C:\Users\Bobbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-12-13] (SUPERAntiSpyware.com)
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-19 13:56 - 2014-12-19 14:52 - 00013312 _____ () C:\Users\Bobbie\Desktop\FRST.txt
2014-12-19 13:47 - 2014-12-19 13:48 - 05198336 _____ (AVAST Software) C:\Users\Bobbie\Desktop\aswMBR.exe
2014-12-19 13:44 - 2014-12-19 13:46 - 01113600 _____ (Farbar) C:\Users\Bobbie\Desktop\FRST.exe
2014-12-19 13:05 - 2014-12-19 13:05 - 00000000 _____ () C:\Users\Bobbie\Desktop\bobbie txt.txt
2014-12-18 16:30 - 2014-12-18 16:30 - 00000640 _____ () C:\Users\darin\Desktop\JRT.txt
2014-12-18 16:27 - 2014-12-18 16:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-18 16:26 - 2014-12-18 16:26 - 01707646 _____ (Thisisu) C:\Users\darin\Desktop\JRT.exe
2014-12-18 16:11 - 2014-12-18 16:41 - 00009663 _____ () C:\Users\darin\Desktop\New Text Document.txt
2014-12-18 16:10 - 2014-12-18 16:17 - 00000000 ____D () C:\AdwCleaner
2014-12-18 16:05 - 2014-12-18 16:06 - 02166272 _____ () C:\Users\darin\Desktop\AdwCleaner.exe
2014-12-17 19:15 - 2014-12-17 19:16 - 00018959 _____ () C:\Users\darin\Desktop\Addition.txt
2014-12-17 19:14 - 2014-12-17 19:16 - 00025454 _____ () C:\Users\darin\Desktop\FRST.txt
2014-12-17 19:12 - 2014-12-19 14:19 - 00000000 ____D () C:\FRST
2014-12-17 19:11 - 2014-12-17 19:11 - 01113600 _____ (Farbar) C:\Users\darin\Desktop\FRST.exe
2014-12-16 21:36 - 2014-12-16 21:36 - 00037904 _____ () C:\Users\darin\Desktop\Extras.Txt
2014-12-16 21:34 - 2014-12-16 21:34 - 00052860 _____ () C:\Users\darin\Desktop\OTL.Txt
2014-12-16 21:14 - 2014-12-16 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\darin\Desktop\OTL.exe
2014-12-15 21:34 - 2014-12-15 21:34 - 00011275 _____ () C:\Users\Bobbie\Documents\FwdYoucannotmakethisup
2014-12-14 10:06 - 2014-12-14 10:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\AVG2015
2014-12-14 10:06 - 2014-12-14 10:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\Avg2015
2014-12-14 09:59 - 2014-12-14 09:59 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-14 00:13 - 2014-12-14 00:13 - 00000000 ____D () C:\Users\darin\AppData\Roaming\AVG2015
2014-12-14 00:12 - 2014-12-14 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-14 00:11 - 2014-12-14 08:00 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-14 00:11 - 2014-12-14 00:11 - 00000000 ___HD () C:\$AVG
2014-12-14 00:10 - 2014-12-14 00:10 - 00000000 ____D () C:\Program Files\AVG
2014-12-14 00:01 - 2014-12-19 12:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-14 00:01 - 2014-12-14 08:02 - 00000000 ____D () C:\Users\darin\AppData\Local\Avg2015
2014-12-14 00:01 - 2014-12-14 00:01 - 00000000 ____D () C:\Users\darin\AppData\Local\MFAData
2014-12-14 00:00 - 2014-12-14 00:01 - 04637504 _____ (AVG Technologies) C:\Users\darin\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-12-13 21:58 - 2014-12-13 21:58 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-13 21:58 - 2014-12-13 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-13 21:25 - 2014-12-19 15:31 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 21:25 - 2014-12-19 13:47 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-13 21:25 - 2014-12-13 21:58 - 00000000 ____D () C:\Users\darin\AppData\Local\Google
2014-12-13 21:25 - 2014-12-13 21:57 - 00000000 ____D () C:\Program Files\Google
2014-12-13 21:24 - 2014-12-13 21:25 - 00000000 ____D () C:\Users\darin\AppData\Local\Deployment
2014-12-13 21:24 - 2014-12-13 21:24 - 00000000 ____D () C:\Users\darin\AppData\Local\Apps\2.0
2014-12-13 12:34 - 2014-12-13 12:34 - 00000000 __RSH () C:\MSDOS.SYS
2014-12-13 12:34 - 2014-12-13 12:34 - 00000000 __RSH () C:\IO.SYS
2014-12-13 12:06 - 2014-12-18 16:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 12:06 - 2014-12-13 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 12:06 - 2014-12-13 12:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-13 12:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-13 12:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-13 12:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-13 11:24 - 2014-12-13 11:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\darin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-12 18:11 - 2014-12-12 18:11 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\SUPERAntiSpyware.com
2014-12-10 19:29 - 2014-12-13 16:05 - 00000680 _____ () C:\Users\Bobbie\AppData\Local\d3d9caps.dat
2014-12-10 13:01 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 13:00 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 12:52 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 14:56 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 14:56 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 14:56 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 14:56 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 14:56 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 14:56 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 14:56 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 14:56 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 14:56 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 14:56 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 14:56 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 14:56 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 14:56 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-01 14:50 - 2014-12-01 14:50 - 00143728 _____ () C:\Windows\Minidump\Mini120114-01.dmp
2014-12-01 08:29 - 2014-12-01 08:29 - 00000000 ____D () C:\Users\Bobbie\Documents\20141130_222731
2014-12-01 08:28 - 2014-12-01 08:29 - 02730740 _____ () C:\Users\Bobbie\Documents\20141130_222731.zip
2014-11-26 15:39 - 2014-11-26 15:39 - 00726009 _____ () C:\Users\Bobbie\Documents\scan0004.zip
2014-11-26 15:39 - 2014-11-26 15:39 - 00000000 ____D () C:\Users\Bobbie\Documents\scan0004
2014-11-22 19:44 - 2014-12-13 21:06 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\Google
2014-11-19 14:10 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-19 14:38 - 2006-11-02 07:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-19 14:38 - 2006-11-02 07:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-19 12:44 - 2008-01-20 20:38 - 01358848 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 12:40 - 2014-06-14 08:09 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-19 12:38 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 16:33 - 2006-11-02 07:58 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-18 16:18 - 2008-01-20 22:02 - 00088340 _____ () C:\Windows\PFRO.log
2014-12-14 10:00 - 2006-11-02 05:33 - 00758862 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 09:59 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-14 05:31 - 2012-09-04 16:24 - 00001356 _____ () C:\Users\darin\AppData\Local\d3d9caps.dat
2014-12-13 21:12 - 2014-11-10 18:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 17:16 - 2012-09-05 21:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 17:01 - 2012-09-05 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 12:06 - 2013-01-11 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-13 11:13 - 2013-01-13 13:14 - 00000000 ____D () C:\Users\Bobbie\AppData\Local\ID Vault
2014-12-13 11:13 - 2012-12-14 13:32 - 00000000 ____D () C:\Users\darin\AppData\Local\ID Vault
2014-12-13 11:13 - 2012-12-14 13:31 - 00000000 ____D () C:\Users\darin\AppData\Roaming\ID Vault
2014-12-13 11:13 - 2012-12-14 13:31 - 00000000 ____D () C:\Program Files\AOL OnePoint
2014-12-13 09:44 - 2014-04-07 21:53 - 00000000 ____D () C:\Users\Bobbie\AppData\Roaming\ShopAtHome
2014-12-13 09:29 - 2012-09-05 22:05 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 09:29 - 2012-09-05 22:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-10 13:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 13:00 - 2013-08-14 16:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 12:53 - 2006-11-02 05:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-08 18:25 - 2014-06-14 12:11 - 00081920 _____ () C:\Users\Bobbie\Documents\image.jpeg
2014-12-01 14:50 - 2013-02-22 19:07 - 255052974 _____ () C:\Windows\MEMORY.DMP
2014-12-01 14:50 - 2013-02-22 19:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 14:04 - 2012-09-04 18:15 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\darin\AppData\Local\Temp\Quarantine.exe
C:\Users\darin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-19 12:44
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Bobbie at 2014-12-19 18:04:55
Running from C:\Users\Bobbie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
 
==================== Restore Points  =========================
 
01-12-2014 13:50:40 Scheduled Checkpoint
02-12-2014 18:30:44 Scheduled Checkpoint
03-12-2014 16:21:39 Scheduled Checkpoint
04-12-2014 16:24:38 Scheduled Checkpoint
05-12-2014 17:05:45 Scheduled Checkpoint
06-12-2014 08:18:51 Scheduled Checkpoint
07-12-2014 14:23:35 Scheduled Checkpoint
08-12-2014 17:20:19 Scheduled Checkpoint
09-12-2014 15:29:01 Scheduled Checkpoint
10-12-2014 12:49:38 Windows Update
13-12-2014 13:41:31 Scheduled Checkpoint
13-12-2014 16:59:54 Windows Update
14-12-2014 00:09:36 Installed AVG 2015
14-12-2014 00:10:49 Installed AVG 2015
17-12-2014 20:01:26 Scheduled Checkpoint
18-12-2014 13:50:12 Scheduled Checkpoint
18-12-2014 14:51:03 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {27676BE1-832C-4DD0-8AAD-E92B1EA2A7FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {4FBFB615-5F4E-4D7C-B099-A1B7E9BED852} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {F8CBB645-D945-4C76-982B-94568640B26A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-04 23:03 - 2007-12-08 13:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2012-09-04 23:03 - 2007-12-08 13:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2012-04-20 17:50 - 2012-04-20 17:50 - 00059392 _____ () c:\program files\common files\aol\1346904285\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Bobbie\Documents\Fwd_TheCrackerFiles.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2779640238-3425638059-3520445709-500 - Administrator - Disabled)
Bobbie (S-1-5-21-2779640238-3425638059-3520445709-1001 - Administrator - Enabled) => C:\Users\Bobbie
darin (S-1-5-21-2779640238-3425638059-3520445709-1000 - Administrator - Enabled) => C:\Users\darin
Guest (S-1-5-21-2779640238-3425638059-3520445709-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/19/2014 06:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0xf6c, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791913e, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x31e0, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 06:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x3688, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 06:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x35f8, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 05:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791954c, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x37a4, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 05:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x49e022d9, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x24b0, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791908c, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x2920, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 00:44:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/19/2014 00:40:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/19/2014 00:36:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine LookupPrivilegeValue.  hr = 0x800706ba.
 
 
System errors:
=============
Error: (12/19/2014 01:05:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/19/2014 01:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 01:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 01:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 01:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
 
Microsoft Office Sessions:
=========================
Error: (12/19/2014 06:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bcef6c01d01be1b347fc04
 
Error: (12/19/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791913eMSHTML.dll9.0.8112.16599547397d5c000000500260bce31e001d01be0ad2f6d44
 
Error: (12/19/2014 06:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bce368801d01bdfdfd7d494
 
Error: (12/19/2014 06:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bce35f801d01bdfcce9f1b4
 
Error: (12/19/2014 05:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791954cMSHTML.dll9.0.8112.16599547397d5c000000500260bce37a401d01bde176d54e4
 
Error: (12/19/2014 05:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1659949e022d9MSHTML.dll9.0.8112.16599547397d5c000000500260bce24b001d01bdd8b202034
 
Error: (12/19/2014 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791908cMSHTML.dll9.0.8112.16599547397d5c000000500260bce292001d01bdd3fded624
 
Error: (12/19/2014 00:44:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/19/2014 00:40:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/19/2014 00:36:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: LookupPrivilegeValue0x800706ba
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-19 16:03:17.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 16:03:16.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 16:03:15.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 16:03:14.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 15:57:55.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 15:57:55.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 15:57:55.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 15:57:53.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 14:33:59.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 14:33:58.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 76%
Total physical RAM: 3573.12 MB
Available physical RAM: 848.13 MB
Total Pagefile: 7357.98 MB
Available Pagefile: 3173.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.06 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:220.58 GB) (Free:148.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:9.77 GB) (Free:9.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Bobbie at 2014-12-19 18:04:55
Running from C:\Users\Bobbie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bobbie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
 
==================== Restore Points  =========================
 
01-12-2014 13:50:40 Scheduled Checkpoint
02-12-2014 18:30:44 Scheduled Checkpoint
03-12-2014 16:21:39 Scheduled Checkpoint
04-12-2014 16:24:38 Scheduled Checkpoint
05-12-2014 17:05:45 Scheduled Checkpoint
06-12-2014 08:18:51 Scheduled Checkpoint
07-12-2014 14:23:35 Scheduled Checkpoint
08-12-2014 17:20:19 Scheduled Checkpoint
09-12-2014 15:29:01 Scheduled Checkpoint
10-12-2014 12:49:38 Windows Update
13-12-2014 13:41:31 Scheduled Checkpoint
13-12-2014 16:59:54 Windows Update
14-12-2014 00:09:36 Installed AVG 2015
14-12-2014 00:10:49 Installed AVG 2015
17-12-2014 20:01:26 Scheduled Checkpoint
18-12-2014 13:50:12 Scheduled Checkpoint
18-12-2014 14:51:03 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {27676BE1-832C-4DD0-8AAD-E92B1EA2A7FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
Task: {4FBFB615-5F4E-4D7C-B099-A1B7E9BED852} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {F8CBB645-D945-4C76-982B-94568640B26A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-04 23:03 - 2007-12-08 13:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2012-09-04 23:03 - 2007-12-08 13:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2012-04-20 17:50 - 2012-04-20 17:50 - 00059392 _____ () c:\program files\common files\aol\1346904285\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 21:58 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Bobbie\Documents\Fwd_TheCrackerFiles.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2779640238-3425638059-3520445709-500 - Administrator - Disabled)
Bobbie (S-1-5-21-2779640238-3425638059-3520445709-1001 - Administrator - Enabled) => C:\Users\Bobbie
darin (S-1-5-21-2779640238-3425638059-3520445709-1000 - Administrator - Enabled) => C:\Users\darin
Guest (S-1-5-21-2779640238-3425638059-3520445709-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/19/2014 06:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0xf6c, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791913e, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x31e0, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 06:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x3688, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 06:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4549b0a8, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x35f8, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 05:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791954c, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x37a4, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 05:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x49e022d9, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x24b0, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x4791908c, faulting module MSHTML.dll, version 9.0.8112.16599, time stamp 0x547397d5, exception code 0xc0000005, fault offset 0x00260bce,
process id 0x2920, application start time 0xiexplore.exe0.
 
Error: (12/19/2014 00:44:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/19/2014 00:40:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/19/2014 00:36:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine LookupPrivilegeValue.  hr = 0x800706ba.
 
 
System errors:
=============
Error: (12/19/2014 01:05:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/19/2014 01:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 01:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 01:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 01:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (12/19/2014 00:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
 
Microsoft Office Sessions:
=========================
Error: (12/19/2014 06:17:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bcef6c01d01be1b347fc04
 
Error: (12/19/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791913eMSHTML.dll9.0.8112.16599547397d5c000000500260bce31e001d01be0ad2f6d44
 
Error: (12/19/2014 06:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bce368801d01bdfdfd7d494
 
Error: (12/19/2014 06:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994549b0a8MSHTML.dll9.0.8112.16599547397d5c000000500260bce35f801d01bdfcce9f1b4
 
Error: (12/19/2014 05:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791954cMSHTML.dll9.0.8112.16599547397d5c000000500260bce37a401d01bde176d54e4
 
Error: (12/19/2014 05:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1659949e022d9MSHTML.dll9.0.8112.16599547397d5c000000500260bce24b001d01bdd8b202034
 
Error: (12/19/2014 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165994791908cMSHTML.dll9.0.8112.16599547397d5c000000500260bce292001d01bdd3fded624
 
Error: (12/19/2014 00:44:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/19/2014 00:40:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/19/2014 00:36:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: LookupPrivilegeValue0x800706ba
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-19 16:03:17.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 16:03:16.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 16:03:15.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 16:03:14.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 15:57:55.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 15:57:55.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 15:57:55.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 15:57:53.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 14:33:59.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-19 14:33:58.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 76%
Total physical RAM: 3573.12 MB
Available physical RAM: 848.13 MB
Total Pagefile: 7357.98 MB
Available Pagefile: 3173.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.06 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:220.58 GB) (Free:148.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:9.77 GB) (Free:9.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-19 19:43:31
-----------------------------
19:43:31.557    OS Version: Windows 6.0.6002 Service Pack 2
19:43:31.558    Number of processors: 2 586 0xF0D
19:43:31.653    ComputerName: DELL_LAPTOP  UserName: Bobbie
19:43:43.131    Initialize success
19:43:44.688    VM: initialized successfully
19:43:44.689    VM: Intel CPU virtualization not supported 
19:45:26.282    AVAST engine defs: 14121901
19:46:02.523    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:46:07.841    Disk 0 Vendor: WDC_WD2500BEVS-75UST0 01.01A01 Size: 238475MB BusType: 3
19:46:18.801    Disk 0 MBR read successfully
19:46:29.325    Disk 0 MBR scan
19:46:32.508    Disk 0 Windows VISTA default MBR code
19:46:32.885    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
19:46:32.954    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10000 MB offset 81920
19:46:33.022    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       225874 MB offset 20561920
19:46:34.888    Disk 0 scanning sectors +483152232
19:46:39.099    Disk 0 scanning C:\Windows\system32\drivers
19:49:36.386    Service scanning
19:53:36.871    Modules scanning
19:53:37.037    Disk 0 trace - called modules:
19:53:37.066    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
19:53:37.096    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8634d378]
19:53:37.131    3 CLASSPNP.SYS[8bb9d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8589b030]
19:53:49.323    AVAST engine scan C:\Windows
19:54:09.348    AVAST engine scan C:\Windows\system32
20:37:48.786    AVAST engine scan C:\Windows\system32\drivers
20:42:04.707    AVAST engine scan C:\Users\Bobbie
22:10:55.419    Disk 0 MBR has been saved successfully to "C:\Users\Bobbie\Desktop\MBR.dat"
22:10:56.535    The log file has been saved successfully to "C:\Users\Bobbie\Desktop\aswMBR.txt"

  • 0

#8
BrianDrab
Posted 20 December 2014 - 11:43 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Let's see if the following fix helps with your issues under this profile.

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.98KB   184 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


  • 0

#9
dboik
Posted 20 December 2014 - 07:03 PM

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Starting to act like a computer again....looking much better.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-12-2014
Ran by Bobbie at 2014-12-20 15:42:50 Run:2
Running from C:\Users\Bobbie\Desktop
Loaded Profile: Bobbie (Available profiles: darin & Bobbie)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [khohvetj] => "C:\Users\Bobbie\AppData\Local\amqwigsr.exe"
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [uvafqhqt] => "C:\Users\Bobbie\AppData\Local\jrsxilre.exe"
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...\Run: [Olpigeex] => C:\Users\Bobbie\AppData\Roaming\Ushoanyf\ryvue.exe
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
SearchScopes: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=13-11-2012
Toolbar: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
2014-12-18 16:30 - 2014-12-18 16:30 - 00000640 _____ () C:\Users\darin\Desktop\JRT.txt
2014-12-18 16:26 - 2014-12-18 16:26 - 01707646 _____ (Thisisu) C:\Users\darin\Desktop\JRT.exe
2014-12-18 16:05 - 2014-12-18 16:06 - 02166272 _____ () C:\Users\darin\Desktop\AdwCleaner.exe
2014-12-17 19:15 - 2014-12-17 19:16 - 00018959 _____ () C:\Users\darin\Desktop\Addition.txt
2014-12-17 19:14 - 2014-12-17 19:16 - 00025454 _____ () C:\Users\darin\Desktop\FRST.txt
2014-12-17 19:11 - 2014-12-17 19:11 - 01113600 _____ (Farbar) C:\Users\darin\Desktop\FRST.exe
2014-12-16 21:36 - 2014-12-16 21:36 - 00037904 _____ () C:\Users\darin\Desktop\Extras.Txt
2014-12-16 21:34 - 2014-12-16 21:34 - 00052860 _____ () C:\Users\darin\Desktop\OTL.Txt
2014-12-16 21:14 - 2014-12-16 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\darin\Desktop\OTL.exe
CustomCLSID: HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
EmptyTemp:
 
*****************
 
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Microsoft\Windows\CurrentVersion\Run\\khohvetj => value deleted successfully.
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uvafqhqt => value deleted successfully.
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Olpigeex => value deleted successfully.
"HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key deleted successfully.
HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found. 
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Key not found. 
C:\Users\darin\Desktop\JRT.txt => Moved successfully.
C:\Users\darin\Desktop\JRT.exe => Moved successfully.
C:\Users\darin\Desktop\AdwCleaner.exe => Moved successfully.
C:\Users\darin\Desktop\Addition.txt => Moved successfully.
C:\Users\darin\Desktop\FRST.txt => Moved successfully.
C:\Users\darin\Desktop\FRST.exe => Moved successfully.
C:\Users\darin\Desktop\Extras.Txt => Moved successfully.
C:\Users\darin\Desktop\OTL.Txt => Moved successfully.
C:\Users\darin\Desktop\OTL.exe => Moved successfully.
HKU\S-1-5-21-2779640238-3425638059-3520445709-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found. 
EmptyTemp: => Removed 20.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#10
BrianDrab
Posted 21 December 2014 - 09:58 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Good news. Let's do a final few scans to ensure nothing else is lurking around.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#2 - Security Check
 
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Step#3 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 

 
Items for your next post

 

1. AdwCleaner log

2. Security Check log
3. Contents of the ESET log file

 


  • 0

Advertisements

#11
dboik
Posted 21 December 2014 - 08:09 PM

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
# AdwCleaner v4.106 - Report created 21/12/2014 at 11:38:10
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Bobbie - DELL_LAPTOP
# Running from : C:\Users\Bobbie\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.pikenursery.com/search-results?q={searchTerms}&cx=&ie=ISO-8859-1
[C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.wayfair.com/keyword.php?keyword={searchTerms}&ust=&command=dosearch&new_keyword_search=true
[C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.grainger.com/search?searchQuery={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3521 octets] - [18/12/2014 16:10:19]
AdwCleaner[R1].txt - [2003 octets] - [21/12/2014 11:11:18]
AdwCleaner[S0].txt - [3616 octets] - [18/12/2014 16:17:09]
AdwCleaner[S1].txt - [1884 octets] - [21/12/2014 11:38:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1944 octets] ##########
 
 
 
 
 Results of screen317's Security Check version 0.99.93  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Java 7 Update 13  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
C:\FRST\Quarantine\C\Users\Bobbie\AppData\Local\jrsxilre.exe.xBAD Win32/TrojanDownloader.Zortob.F trojan
C:\Users\darin\Downloads\media.player.codec.pack.v4.2.4.setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

  • 0

#12
BrianDrab
Posted 22 December 2014 - 09:02 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, your machine is clean. If you are satisfied with the results, now would be the time to remove Administrative rights away from the Bobbie profile if you wish. You can follow the same instructions as I put in Post#6, except remove the Administrators group instead of adding it. Let me know when this is complete or if you have any questions on this.

 

Thanks.


  • 0

#13
dboik
Posted 23 December 2014 - 07:16 PM

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hi Brian,

 

Thanks for the help, it is running much better I had some issues with internet consistently connecting or not connecting after coming back from sleep mode, but after re-installing the driver it seems to be better.

 

Thanks!


  • 0

#14
BrianDrab
Posted 23 December 2014 - 07:37 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. Just want to verify if you have removed Administrative rights from the Bobbie profile (or have chosen not to) so I can clean up our tools and leave you with some final recommendations.

 

Please let me know.


  • 0

#15
dboik
Posted 23 December 2014 - 08:17 PM

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Ok...account Bobbie is back to standard.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP