Jump to content


Photo

Extremely slow when MBAW running


  • Please log in to reply
12 replies to this topic

#1 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 132 posts

Posted 10 April 2017 - 08:41 AM

When MBAW is running, the PC is extremely slow.  Also some applications, like Microsoft Excel, won't open if MBAW is running.

 

Windows XP system with AVG antivirus and the WIndows firewall.

 

Logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/10/17
Scan Time: 2:48 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1694
License: Premium

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394126
Time Elapsed: 1 hr, 59 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Disabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by User (administrator) on ASM21 (10-04-2017 09:24:56)
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
() C:\Program Files\ACT\SideACT.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-13] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2009-07-07] (Andrea Electronics Corporation)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [158592 2010-01-14] (Wave Systems Corp.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-14] (Broadcom Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-06-23] (Google)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2215768 2011-12-06] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2183752 2017-04-04] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-329068152-115176313-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-329068152-115176313-1417001333-1003\...\MountPoints2: {e268b314-3248-11e1-a5bd-9ce2db649b82} - F:\LaunchU3.exe -a
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-06-23] (Google)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2009-11-24] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2009-11-24] (Wave Systems Corp.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2015-10-30]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk [2011-05-16]
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-09-05]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-04-03]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-09-05]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-09-05]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to announce.lnk [2012-01-26]
ShortcutTarget: Shortcut to announce.lnk -> C:\announce.txt ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk [2011-05-17]
ShortcutTarget: SideACT!.lnk -> C:\Program Files\ACT\SideACT.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk [2011-05-16]
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2012-01-27]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85FEDF78-354C-4151-AE00-02247ADA006A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316avz&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CtcMogZGNVf-G-hu32O2IMXt-9E?q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-04-04] (AVG)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2011-12-06] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default [2017-04-10]
FF Homepage: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default -> hxxp://www.asmicro.com/applications/faq.htm
FF NetworkProxy: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default -> type", 0
FF Extension: (AVG Web TuneUp) - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default\Extensions\avg@toolbar.xpi [2017-02-07]
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default\searchplugins\avg-secure-search.xml [2017-02-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-11-01] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\WINDOWS\system32\npdeployJava1.dll [2012-10-09] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-115176313-1417001333-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-09-08] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2001-09-10] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-03-03] (AuthenTec, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation) [File not signed]
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [376608 2009-12-10] (Dell Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-06-23] (Google)
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-06] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
R2 STacSV; c:\program files\idt\wdm\stacsv.exe [229458 2010-01-13] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
R2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-04-04] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-04-04] ()
U2 wltrysvc; %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R2 BASFND; C:\Program Files\Broadcom\MgmtAgent\BASFND.sys [10520 2011-02-09] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-03] (Broadcom Corporation)
R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-03-23] (Malwarebytes)
R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 stdflt; C:\WINDOWS\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1656403 2010-01-13] (IDT, Inc.)
R2 WavxDMgr; C:\WINDOWS\System32\DRIVERS\WavxDMgr.sys [214656 2010-01-14] (Wave Systems Corp.)
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
S2 portD; system32\DRIVERS\portd2k.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-10 09:24 - 2017-04-10 09:25 - 00019932 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2017-04-10 09:24 - 2017-04-10 09:24 - 01766912 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2017-04-10 09:24 - 2017-04-10 09:24 - 00000000 ____D C:\FRST
2017-04-10 09:22 - 2017-04-10 09:22 - 00001089 _____ C:\Documents and Settings\User\Desktop\MBAW report.txt
2017-03-23 07:30 - 2017-04-07 15:13 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-23 07:30 - 2017-04-07 15:13 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-23 07:30 - 2017-03-23 07:30 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-23 07:29 - 2017-03-31 22:16 - 00059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-03-23 07:29 - 2017-03-23 07:29 - 00001715 ____N C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-03-23 07:29 - 2017-03-23 07:29 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-23 07:29 - 2017-03-23 07:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-10 09:25 - 2010-12-26 00:47 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2017-04-10 09:21 - 2012-01-27 11:27 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\BounceBack Express
2017-04-10 08:50 - 2015-09-08 00:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-10 04:38 - 2015-09-04 17:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-04-10 04:25 - 2016-09-20 12:33 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-04-08 15:00 - 2014-03-20 19:51 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-04-08 05:50 - 2010-12-26 00:45 - 00032616 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-07 22:52 - 2014-03-27 03:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2017-04-07 15:41 - 2015-09-05 17:20 - 00000000 ____D C:\QBtemp
2017-04-07 15:41 - 2011-04-03 22:33 - 00002477 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2017-04-07 15:25 - 2011-05-16 20:43 - 00000000 _____ C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat
2017-04-07 15:25 - 2008-04-13 19:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-07 15:24 - 2014-03-20 19:51 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-04-07 15:11 - 2010-12-26 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-07 15:08 - 2015-09-05 17:07 - 00159026 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-04-07 15:08 - 2010-12-26 00:47 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2017-04-07 11:32 - 2010-12-25 19:02 - 00000000 ___HD C:\WINDOWS\inf
2017-04-06 08:50 - 2011-12-29 15:14 - 00000000 ____D C:\Documents and Settings\User\Application Data\U3
2017-04-06 08:46 - 2011-08-04 20:15 - 00000000 ____D C:\Jon
2017-04-06 08:23 - 2011-05-16 22:21 - 00000000 ____D C:\Documents and Settings\User\My Documents\My PSP8 Files
2017-04-06 07:21 - 2015-09-04 17:36 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2017-04-06 07:21 - 2015-09-04 17:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2017-04-05 18:05 - 2011-08-01 12:14 - 00000000 ____D C:\Act6Copy
2017-04-05 06:19 - 2015-12-13 07:04 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-04-05 04:50 - 2015-09-05 15:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
2017-04-04 23:58 - 2016-03-11 23:12 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2017-04-04 23:58 - 2016-03-11 23:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
2017-04-02 06:46 - 2015-09-04 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-03-31 22:31 - 2012-04-25 14:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-30 18:26 - 2016-11-18 02:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-29 13:57 - 2011-04-03 22:33 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2017-03-23 07:29 - 2012-05-08 15:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-03-21 02:11 - 2015-09-05 17:07 - 00159026 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-115176313-1417001333-1003-0.dat
2017-03-17 14:47 - 2010-12-25 19:10 - 00590352 ____N C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2012-06-23 17:30 - 2015-10-29 20:12 - 0005120 ____N () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-16 20:43 - 2017-04-07 15:25 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat

Some files in TEMP:
====================
2015-09-28 06:15 - 2015-09-28 06:59 - 0012800 ____N () C:\Documents and Settings\User\Local Settings\Temp\00ixi1rq.dll
2016-06-23 11:24 - 2016-05-18 13:03 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081131403087.exe
2015-09-16 11:05 - 2015-08-20 16:32 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081171497270.exe
2016-08-22 12:40 - 2016-07-20 14:01 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081376362929.exe
2015-09-30 18:11 - 2015-09-10 10:54 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081389774009.exe
2016-06-01 10:58 - 2016-04-22 10:01 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081412823630.exe
2016-02-24 11:22 - 2016-01-12 17:23 - 0179624 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08148611852.exe
2015-10-20 04:23 - 2015-09-22 13:13 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08163636161.exe
2016-07-27 06:15 - 2016-06-21 18:49 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_082083955714.exe
2016-01-15 22:11 - 2015-12-08 08:23 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08341710729.exe
2016-01-05 13:09 - 2015-11-12 17:54 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08388909063.exe
2016-05-13 14:21 - 2016-04-14 17:29 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08558079619.exe
2015-11-18 08:43 - 2015-10-16 13:30 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08563171609.exe
2016-04-08 16:26 - 2016-02-18 13:09 - 0179624 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08646450834.exe
2009-07-17 20:12 - 2009-07-17 20:12 - 1957206 ____N (Adobe Systems Incorporated) C:\Documents and Settings\User\Local Settings\Temp\FP_AX_MSI_INSTALLER.exe
2012-09-17 18:06 - 2012-09-17 18:06 - 10217672 ____N (Adobe Systems Incorporated) C:\Documents and Settings\User\Local Settings\Temp\fp_pl_pfs_installer.exe
2013-06-14 09:59 - 2013-06-14 09:59 - 1037120 ____N (Solid State Networks) C:\Documents and Settings\User\Local Settings\Temp\install_reader11_en_mssd_aaa_aih.exe
2015-09-05 15:48 - 2015-09-05 15:48 - 0464896 ____N (Intuit) C:\Documents and Settings\User\Local Settings\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2012-08-29 08:07 - 2012-08-29 08:07 - 0908272 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
2012-10-26 11:05 - 2012-10-26 11:05 - 0912368 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
2013-01-31 14:20 - 2013-01-31 14:20 - 0915376 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
2013-02-16 01:00 - 2013-02-16 01:00 - 0897448 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
2013-03-05 19:59 - 2013-03-05 19:59 - 0897448 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-13 11:36 - 2013-06-13 11:36 - 0903592 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
2013-08-28 12:09 - 2013-08-28 12:09 - 0913832 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
2013-10-08 14:27 - 2013-10-08 14:27 - 0915368 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
2015-09-20 04:46 - 2015-09-20 14:34 - 0012800 ____N () C:\Documents and Settings\User\Local Settings\Temp\nne0nujd.dll
2015-09-05 15:48 - 2015-09-05 15:48 - 0624488 ____N (Intuit Inc.) C:\Documents and Settings\User\Local Settings\Temp\qbinstal.dll
2015-09-05 15:48 - 2015-09-05 15:48 - 0643072 ____N (STLport Consulting, Inc.) C:\Documents and Settings\User\Local Settings\Temp\stlport_r50.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 5th April, 2017
Running from:C:\Documents and Settings\User\Desktop (09:34:28 - 04/10/2017)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 3
*WARNING* Windows XP is no longer supported
Internet Explorer 8
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Disabled - Up to Date)
AVG AntiVirus Free Edition (Enabled - Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 24 NPAPI (version 23.0.0.205) is *out of Date*
Firefox (version 52)
Malwarebytes (version 3.0.6.1469)

Adobe Reader XI (version 11.0.08) is *out of Date*

***----------------Analysis Complete-------------------------***



#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 10 April 2017 - 11:01 AM

Hello dburkhead and welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.

You did not posted the contents of Addition.txt file produced by FRST.

Please post that log in your next reply for my review and then wait for further instructions.

Thank you.

Android 8888.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 132 posts

Posted 10 April 2017 - 11:59 AM

The instructions said to attach it.  I thought I had attached it.  So, here's the contents:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by User (10-04-2017 09:25:39)
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-12-26 04:43:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-329068152-115176313-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-329068152-115176313-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-329068152-115176313-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-329068152-115176313-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-329068152-115176313-1417001333-1002 - Limited - Disabled)
User (S-1-5-21-329068152-115176313-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.00.12 - STMicroelectronics)
ACT! (HKLM\...\ACT!) (Version:  - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AJC Directory Synchronizer v1.16.6 (HKLM\...\AJC Directory Synchronizer_is1) (Version:  - AJC Software)
AuthenTec Fingerprint Software (Version: 8.4.4.10 - AuthenTec, Inc.) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.115.3.467 - AVG Technologies)
AVG (Version: 16.151.8012 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8012 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
AVG Zen (Version: 1.115.1 - AVG Technologies) Hidden
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
BounceBack Express (HKU\S-1-5-21-329068152-115176313-1417001333-1003\...\{95632566-071E-4A02-92C1-4BD907065736}) (Version: 8.0 - CMS Products)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Broadcom TPM Driver Installer (Version: 8.04.04 - Broadcom Corporation) Hidden
BS32MMWrapper (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Citrix Online Launcher (HKLM\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DCP32MMWrapper (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Dell Control Point (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.455.70 - Dell Inc.)
Dell ControlPoint System Manager (HKLM\...\{314E5785-BD81-47FD-9D6B-5C3CD31B351B}) (Version: 1.4.00000 - Dell Inc.)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.085 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.053 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.101.210 - ALPS ELECTRIC CO., LTD.)
Document Manager Lite (Version: 06.09.00.147 - Wave Systems Corp.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
EMBASSY Security Center (Version: 04.00.00.075 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.066 - Wave Systems Corp) Hidden
ESC Home Page Plugin (Version: 04.00.00.010 - Wave Systems Corp) Hidden
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-329068152-115176313-1417001333-1003\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6265.0 - IDT)
Image Importer Wizard (HKLM\...\{20EDB9A7-887F-47ED-B1E6-E2831FAD276F}) (Version: 3.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5225 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 8.10 Update Patch (HKLM\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version:  - )
Keyboard Express 3 (HKLM\...\Keyboard Express 3) (Version: 3.0 - Insight Software Solutions, Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MOOS Project Viewer (HKLM\...\MOOS Project Viewer) (Version: 2.6.2 - Stand By Soft)
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.00.3883.8 - Microsoft Corporation) Hidden
Netwaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Network ScanGear Ver.1.4 (HKLM\...\{16EFC313-F083-4C16-AEB7-1FF1A4343540}) (Version:  - )
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
O2Micro OZ776 SCR Driver (HKLM\...\InstallShield_{49AB6C90-61B6-44DD-A76A-DC6BE756E280}) (Version: 1.1.4.208GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 1.1.4.208GS - O2Micro) Hidden
Passport 5 (HKLM\...\{A4688EFB-59DB-42F6-9118-36EDFC7C93E3}) (Version: 5.07.02 - ASAP Systems)
Preboot Manager (Version: 03.00.00.089 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.057 - Wave Systems Corp.) Hidden
QuickBooks (Version: 22.0.4005.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4005.2206 - Intuit Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Security Wizards (Version: 01.07.00.023 - Your Company Name) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SO32MMWrapper (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
tsp patch (Version: 01.00.00.0000 - Wave Systems Corp) Hidden
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wave Infrastructure Installer (Version: 07.01.21.0015 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.062 - Wave Systems Corp) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (05/13/2009 8.4.2.0) (HKLM\...\D3F88C3864C8C031A7C5D5E63A76571EC1B047DF) (Version: 05/13/2009 8.4.2.0 - AuthenTec Inc.)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4732\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies   ጃ  0 ߡ
              0ߡ
              
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-11 23:12 - 2017-04-04 23:57 - 00981576 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2011-05-16 21:14 - 2010-02-03 03:47 - 00025088 ____N () C:\WINDOWS\System32\WLTRYSVC.EXE
2011-05-16 21:46 - 2010-01-10 12:01 - 00060928 ____N () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2009-11-19 15:47 - 2009-11-19 15:47 - 00249856 ____N () C:\WINDOWS\system32\wxvault.dll
2009-11-13 08:17 - 2009-11-13 08:17 - 00010752 ____N () C:\WINDOWS\system32\Wavx_ESC_Logging.dll
2008-11-12 13:24 - 2008-11-12 13:24 - 00004608 ____N () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2012-06-23 15:53 - 2012-06-23 15:53 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2016-11-28 09:32 - 2016-11-28 09:31 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2016-03-11 23:12 - 2017-04-04 23:57 - 02183752 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2011-12-06 09:40 - 2011-12-06 09:40 - 00268648 ____N () C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
2011-12-06 09:40 - 2011-12-06 09:40 - 00020840 ____N () C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.dll
2011-12-06 06:39 - 2011-12-06 06:39 - 00059904 ____N () C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll
2011-12-06 09:40 - 2011-12-06 09:40 - 00380264 ____N () C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll
2011-12-06 09:40 - 2011-12-06 09:40 - 00138088 ____N () C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll
2011-12-06 09:40 - 2011-12-06 09:40 - 00176488 ____N () C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
2011-12-06 09:40 - 2011-12-06 09:40 - 00042344 ____N () C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll
2011-05-17 08:03 - 2003-04-24 04:21 - 00278589 ____N () C:\Program Files\ACT\SideACT.exe
2011-05-17 08:03 - 2003-04-24 03:47 - 00286773 ____N () C:\Program Files\ACT\sharenui.dll
2012-01-27 11:24 - 2008-01-02 15:17 - 00107832 ____N () C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
2008-04-13 19:00 - 2013-01-02 02:49 - 01292288 ____N () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 19:00 - 2011-08-08 14:41 - 00000736 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-115176313-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\AJC Software\AJC Directory Synchronizer\AJCDirS.exe] => Enabled:AJC Directory Synchronizer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe] => Enabled:QuickBooks 2012 Data Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Outlook Express\msimn.exe] => Enabled:Outlook Express
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [110:TCP] => Enabled:POP3

==================== Restore Points =========================

02-01-2017 06:30:09 System Checkpoint
18-01-2017 14:24:24 System Checkpoint
25-01-2017 18:25:00 System Checkpoint
27-01-2017 05:31:24 System Checkpoint
01-02-2017 15:11:49 System Checkpoint
06-03-2017 00:13:30 System Checkpoint
10-03-2017 04:03:44 System Checkpoint
17-03-2017 15:56:05 System Checkpoint
19-03-2017 19:08:13 System Checkpoint
23-03-2017 10:18:02 System Checkpoint
24-03-2017 22:23:38 System Checkpoint
26-03-2017 23:02:04 System Checkpoint
28-03-2017 21:51:47 System Checkpoint
02-04-2017 08:43:50 System Checkpoint
07-04-2017 12:33:40 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2017 09:20:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application EXCEL.EXE, version 9.0.0.6627, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/07/2017 03:31:09 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (04/07/2017 03:31:09 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (04/07/2017 03:31:09 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (04/07/2017 02:58:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application EXCEL.EXE, version 9.0.0.6627, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/06/2017 08:40:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/06/2017 08:39:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/06/2017 07:22:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WINWORD.EXE, version 9.0.0.6926, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/06/2017 07:09:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/06/2017 07:09:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (04/07/2017 03:12:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (04/07/2017 03:12:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CMS PortIO Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/07/2017 03:12:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (04/07/2017 03:12:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The DW WLAN Tray Service service hung on starting.

Error: (04/07/2017 11:31:44 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.4 for the Network Card with network address F04DA2B14A31 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/03/2017 09:12:52 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (04/03/2017 09:12:52 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (04/03/2017 09:12:52 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (04/03/2017 09:12:52 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (04/03/2017 05:19:05 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3509.85 MB
Available physical RAM: 1827.5 MB
Total Virtual: 5392.02 MB
Available Virtual: 4167.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:152.59 GB) (Free:67.26 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:0.05 GB) (Free:0.05 GB) FAT
Drive e: () (Fixed) (Total:313.12 GB) (Free:311.68 GB) NTFS
Drive m: () (Network) (Total:465.76 GB) (Free:366.22 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 2EE82EE7)
Partition 1: (Active) - (Size=152.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=313.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 



#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 10 April 2017 - 02:30 PM

Hello dburkhead.

 

Your Operating System (Windows XP) is no longer supported by Microsoft since April 2014. That means your computer has become more vulnerable to infections. I suggest you to upgrade your Windows Operating System to a modern and supported Operating System after the cleaning process.
 

Also some applications, like Microsoft Excel, won't open if MBAW is running.

To solve that problem you can add an exclusion for Microsoft Excel to Malwarebytes. Please read the information in the link below and see if it can help you on how add exclusions to Malwarebytes:
How to Configure Exclusions with Malwarebytes 3.0


Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316avz&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CtcMogZGNVf-G-hu32O2IMXt-9E?q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default\searchplugins\avg-secure-search.xml [2017-02-07]
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller
C:\Program Files\Common Files\AVG Secure Search
R2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-04-04] (AVG Secure Search)
U2 wltrysvc; %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe [X]
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
S2 portD; system32\DRIVERS\portd2k.sys [X]
U1 WS2IFSL; no ImagePath
2017-04-07 15:25 - 2011-05-16 20:43 - 00000000 _____ C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat
2011-05-16 20:43 - 2017-04-07 15:25 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat
2015-09-28 06:15 - 2015-09-28 06:59 - 0012800 ____N () C:\Documents and Settings\User\Local Settings\Temp\00ixi1rq.dll
2016-06-23 11:24 - 2016-05-18 13:03 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081131403087.exe
2015-09-16 11:05 - 2015-08-20 16:32 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081171497270.exe
2016-08-22 12:40 - 2016-07-20 14:01 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081376362929.exe
2015-09-30 18:11 - 2015-09-10 10:54 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081389774009.exe
2016-06-01 10:58 - 2016-04-22 10:01 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081412823630.exe
2016-02-24 11:22 - 2016-01-12 17:23 - 0179624 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08148611852.exe
2015-10-20 04:23 - 2015-09-22 13:13 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08163636161.exe
2016-07-27 06:15 - 2016-06-21 18:49 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_082083955714.exe
2016-01-15 22:11 - 2015-12-08 08:23 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08341710729.exe
2016-01-05 13:09 - 2015-11-12 17:54 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08388909063.exe
2016-05-13 14:21 - 2016-04-14 17:29 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08558079619.exe
2015-11-18 08:43 - 2015-10-16 13:30 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08563171609.exe
2016-04-08 16:26 - 2016-02-18 13:09 - 0179624 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08646450834.exe
2009-07-17 20:12 - 2009-07-17 20:12 - 1957206 ____N (Adobe Systems Incorporated) C:\Documents and Settings\User\Local Settings\Temp\FP_AX_MSI_INSTALLER.exe
2012-09-17 18:06 - 2012-09-17 18:06 - 10217672 ____N (Adobe Systems Incorporated) C:\Documents and Settings\User\Local Settings\Temp\fp_pl_pfs_installer.exe
2013-06-14 09:59 - 2013-06-14 09:59 - 1037120 ____N (Solid State Networks) C:\Documents and Settings\User\Local Settings\Temp\install_reader11_en_mssd_aaa_aih.exe
2015-09-05 15:48 - 2015-09-05 15:48 - 0464896 ____N (Intuit) C:\Documents and Settings\User\Local Settings\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2012-08-29 08:07 - 2012-08-29 08:07 - 0908272 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
2012-10-26 11:05 - 2012-10-26 11:05 - 0912368 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
2013-01-31 14:20 - 2013-01-31 14:20 - 0915376 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
2013-02-16 01:00 - 2013-02-16 01:00 - 0897448 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
2013-03-05 19:59 - 2013-03-05 19:59 - 0897448 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-13 11:36 - 2013-06-13 11:36 - 0903592 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
2013-08-28 12:09 - 2013-08-28 12:09 - 0913832 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
2013-10-08 14:27 - 2013-10-08 14:27 - 0915368 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
2015-09-20 04:46 - 2015-09-20 14:34 - 0012800 ____N () C:\Documents and Settings\User\Local Settings\Temp\nne0nujd.dll
2015-09-05 15:48 - 2015-09-05 15:48 - 0624488 ____N (Intuit Inc.) C:\Documents and Settings\User\Local Settings\Temp\qbinstal.dll
2015-09-05 15:48 - 2015-09-05 15:48 - 0643072 ____N (STLport Consulting, Inc.) C:\Documents and Settings\User\Local Settings\Temp\stlport_r50.dll
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies   ጃ  0 ߡ
              0ߡ
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater
C:\Program Files\Common Files\AVG Secure Search
End

Click on the "File" menu and then Save as;

in the "File name" field box just type fixlist
Click on "Encoding" and select Unicode;
Now search and select your computer's Desktop and click on the Save button (ensure the fixlist.txt file is saved in your computer's Desktop);
Then right-click the FRST icon and select Run as administrator to start the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post its contents in your next reply.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.



Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Double-click on the icon to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

 

Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Double-click on the icon to start the tool. Note:.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.


To summarize please post:
The contents of fixlog.txt produced by FRST (located in your Desktop);
The contents of AdwCleaner clean log;
The contents of JRT.txt file.

How is the computer running at this point. Does it still running slow?

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 132 posts

Posted 10 April 2017 - 04:41 PM

First the end result:  The computer seems to be running okay now.  Would like to "exercise" it a bit before I definitively say the problem is resolved.

 

Now the logs you asked for:

# AdwCleaner v6.045 - Logfile created 10/04/2017 at 16:36:18
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : User - ASM21
# Running from : C:\Documents and Settings\User\Desktop\security apps and logs\adwcleaner_6.045.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found:  WtuSystemSupport


***** [ Folders ] *****

Folder Found:  C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found:  C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found:  C:\Documents and Settings\All Users\Application Data\avg web tuneup
Folder Found:  C:\Program Files\avg web tuneup


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found:  HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\AVG Tuneup
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found:  HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3099 Bytes] - [10/04/2017 16:36:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3172 Bytes] ##########
 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by User (10-04-2017 16:05:53) Run:1
Running from C:\Documents and Settings\User\Desktop\security apps and logs
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316avz&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CtcMogZGNVf-G-hu32O2IMXt-9E?q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default\searchplugins\avg-secure-search.xml [2017-02-07]
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller
C:\Program Files\Common Files\AVG Secure Search
R2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-04-04] (AVG Secure Search)
U2 wltrysvc; %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe [X]
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
S2 portD; system32\DRIVERS\portd2k.sys [X]
U1 WS2IFSL; no ImagePath
2017-04-07 15:25 - 2011-05-16 20:43 - 00000000 _____ C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat
2011-05-16 20:43 - 2017-04-07 15:25 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat
2015-09-28 06:15 - 2015-09-28 06:59 - 0012800 ____N () C:\Documents and Settings\User\Local Settings\Temp\00ixi1rq.dll
2016-06-23 11:24 - 2016-05-18 13:03 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081131403087.exe
2015-09-16 11:05 - 2015-08-20 16:32 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081171497270.exe
2016-08-22 12:40 - 2016-07-20 14:01 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081376362929.exe
2015-09-30 18:11 - 2015-09-10 10:54 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081389774009.exe
2016-06-01 10:58 - 2016-04-22 10:01 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081412823630.exe
2016-02-24 11:22 - 2016-01-12 17:23 - 0179624 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08148611852.exe
2015-10-20 04:23 - 2015-09-22 13:13 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08163636161.exe
2016-07-27 06:15 - 2016-06-21 18:49 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_082083955714.exe
2016-01-15 22:11 - 2015-12-08 08:23 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08341710729.exe
2016-01-05 13:09 - 2015-11-12 17:54 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08388909063.exe
2016-05-13 14:21 - 2016-04-14 17:29 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08558079619.exe
2015-11-18 08:43 - 2015-10-16 13:30 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08563171609.exe
2016-04-08 16:26 - 2016-02-18 13:09 - 0179624 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08646450834.exe
2009-07-17 20:12 - 2009-07-17 20:12 - 1957206 ____N (Adobe Systems Incorporated) C:\Documents and Settings\User\Local Settings\Temp\FP_AX_MSI_INSTALLER.exe
2012-09-17 18:06 - 2012-09-17 18:06 - 10217672 ____N (Adobe Systems Incorporated) C:\Documents and Settings\User\Local Settings\Temp\fp_pl_pfs_installer.exe
2013-06-14 09:59 - 2013-06-14 09:59 - 1037120 ____N (Solid State Networks) C:\Documents and Settings\User\Local Settings\Temp\install_reader11_en_mssd_aaa_aih.exe
2015-09-05 15:48 - 2015-09-05 15:48 - 0464896 ____N (Intuit) C:\Documents and Settings\User\Local Settings\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2012-08-29 08:07 - 2012-08-29 08:07 - 0908272 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
2012-10-26 11:05 - 2012-10-26 11:05 - 0912368 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
2013-01-31 14:20 - 2013-01-31 14:20 - 0915376 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
2013-02-16 01:00 - 2013-02-16 01:00 - 0897448 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
2013-03-05 19:59 - 2013-03-05 19:59 - 0897448 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-13 11:36 - 2013-06-13 11:36 - 0903592 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
2013-08-28 12:09 - 2013-08-28 12:09 - 0913832 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
2013-10-08 14:27 - 2013-10-08 14:27 - 0915368 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
2015-09-20 04:46 - 2015-09-20 14:34 - 0012800 ____N () C:\Documents and Settings\User\Local Settings\Temp\nne0nujd.dll
2015-09-05 15:48 - 2015-09-05 15:48 - 0624488 ____N (Intuit Inc.) C:\Documents and Settings\User\Local Settings\Temp\qbinstal.dll
2015-09-05 15:48 - 2015-09-05 15:48 - 0643072 ____N (STLport Consulting, Inc.) C:\Documents and Settings\User\Local Settings\Temp\stlport_r50.dll
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies   ጃ  0 ߡ
              0ߡ
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater
C:\Program Files\Common Files\AVG Secure Search
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-329068152-115176313-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => key removed successfully.
HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => key not found.
HKU\S-1-5-21-329068152-115176313-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default\searchplugins\avg-secure-search.xml => moved successfully
HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key removed successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7 => moved successfully
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller => moved successfully
C:\Program Files\Common Files\AVG Secure Search => moved successfully
HKLM\System\CurrentControlSet\Services\vToolbarUpdater40.3.7 => key removed successfully.
vToolbarUpdater40.3.7 => service removed successfully.
HKLM\System\CurrentControlSet\Services\wltrysvc => key removed successfully.
wltrysvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\cerc6 => key removed successfully.
cerc6 => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\portD => key removed successfully.
portD => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat => moved successfully
"C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat" => not found.
C:\Documents and Settings\User\Local Settings\Temp\00ixi1rq.dll => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_081131403087.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_081171497270.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_081376362929.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_081389774009.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_081412823630.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_08148611852.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_08163636161.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_082083955714.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_08341710729.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_08388909063.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_08558079619.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_08563171609.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\avguirn_08646450834.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\FP_AX_MSI_INSTALLER.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\fp_pl_pfs_installer.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\install_reader11_en_mssd_aaa_aih.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\nne0nujd.dll => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\qbinstal.dll => moved successfully
C:\Documents and Settings\User\Local Settings\Temp\stlport_r50.dll => moved successfully
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F} => key removed successfully.
HKU\S-1-5-21-329068152-115176313-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313} => key removed successfully.
C:\WINDOWS\Tasks\AVG EUpdate Task.job => moved successfully
0ߡ => Error: No automatic fix found for this entry.
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe" => not found.
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7" => not found.
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" => not found.
"C:\Program Files\Common Files\AVG Secure Search" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 542295 B
Java, Flash, Steam htmlcache => 91112 B
Windows/system/dllcache/drivers => 1421687868 B
Edge => 0 B
Chrome => 0 B
Firefox => 127994342 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 732768518 B
LocalService => 1031 B
NetworkService => 667036 B
User => 34210359443 B

RecycleBin => 0 B
EmptyTemp: => 34 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:17:28 ====

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Microsoft Windows XP x86
Ran by User (Administrator) on Mon 04/10/2017 at 17:18:05.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3R8F1EB3 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7SO5MZPX (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H4IQ0Y8X (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J46XKZ7A (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K4NCJEGE (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O9WR82TU (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q06Y7U5D (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WVC1LUTB (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3R8F1EB3 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7SO5MZPX (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H4IQ0Y8X (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\J46XKZ7A (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K4NCJEGE (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9WR82TU (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q06Y7U5D (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WVC1LUTB (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/10/2017 at 17:19:47.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 10 April 2017 - 05:41 PM

Hello dburkhead.

 

We haven't finished the job yet.

 

Let's check for remnants of infection using ESET Online Scanner. This is a very thorough scan and it may take some hours to complete depending on the number of files on the computer, but it's worth it.
 

 

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

 

How is the computer running? Are there any issues or concerns?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 132 posts

Posted 11 April 2017 - 09:17 AM

Okay, will do.

 

In the meantime, I've been running these tests and repairs "bare"--no external hard drives or flash drives connected.  Is there any significant risk of re-infection when I connect these drives?  What do I need to do to prevent that?



#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 11 April 2017 - 03:07 PM

Hello dburkhead.

 

 

Is there any significant risk of re-infection when I connect these drives?  What do I need to do to prevent that?

Yes there is risk to infect your computer if the external disk drive/USB drive is infected. I suggest you run a scan on any hard drive or USB drive that you will re-connect to your computer.

 

Please read the article in the link below and see if it can help you on how to do that:
How to scan an external hard drive for viruses

 

The article in the following link can help you on how to deal with USB flash drives in safety:
USB/Flash Drive Safety


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#9 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 132 posts

Posted 11 April 2017 - 06:47 PM

Okay, I'll need to scan the external drives.  So next question is:  given whatever it was you found in the computer will our existing antivirus (AVG) and Malwarebytes be adequate or do I need something extra?

 

And it may be a couple of days before I can run this stuff.  When I thought we were done I passed the laptop back to an associate and now I've got to get it back from him. ;) So please bear with me.

 

And I just want to say that I really appreciate the help you have been giving me.



#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,003 posts

Posted 12 April 2017 - 06:11 AM

Hello dburkhead.
 

 

And I just want to say that I really appreciate the help you have been giving me.

You're welcome! :thumbup:
 

 

So next question is:  given whatever it was you found in the computer will our existing antivirus (AVG) and Malwarebytes be adequate or do I need something extra?

Using Malwarebytes alongside your Anti-Virus is a good combination and it will be an excellent security measure to protect your computer. After the malware removal process is complete I will give you some more extra recommendations to keep your computer protected.

 

The cleaning process has not ended yet, there is still some work to do. You need to check for leftovers.

When you have your laptop back, please run the scan with ESET Online Scanner and post the contents of its log (if it produced one) in your reply.

 

p.s.

So please bear with me.

I will be out tomorrow (April 13th) and will be back on next Tuesday (April 18th). If you can wait that's fine, otherwise we will try to keep someone working with you.

 

Thank you.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 132 posts

Posted 13 April 2017 - 09:12 AM

I was, perhaps a little unclear on my question.  What I meant was:  given what you found on my computer when I want to scan those external drives (after we're done getting the computer itself cleaned up) are those adequate to clean up those external drives.  i.e. plug in the external drive and run an AVG scan, then a Malwarebytes scan on it.  Or will I need more than that to clean up any "residue" from the infections we're cleaning up from the computer?



#12 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 132 posts

Posted 13 April 2017 - 11:54 AM

Ran Eset on the computer.  No infections found.



#13 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,810 posts

Posted 13 April 2017 - 08:43 PM

Hello dburkhead

Android 8888 will be away for the next few days. I will be helping you.

 

Well done! Your computer appears to be clean.

 

The external drives: If these drives have not been plugged into the computer while it was being cleaned then I suggest you run MBAM - AVG - AdwCleaner on them.
Warning: Do not open any of these drives as they can reinfect the computer.

 

If any infections were found then I suggest you run another scan with ESet on the computer with all the external drives plugged in to the computer. This is just in case any infections on the external drives were transferred to the computer.

Please let me know how you get on.


Rocket Grannie
 


a95.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!