Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

I think I am still infected

This is a discussion on I think I am still infected within the Resolved HJT Threads forums, part of the Tech Support Forum category. I let my daughter use my laptop for a few weeks. She claims she only wanted to watch netflix on


 
 
Thread Tools Search this Thread
Old 08-02-2015, 03:23 PM   #1
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



I let my daughter use my laptop for a few weeks. She claims she only wanted to watch netflix on it. However, shortly after she started using it she complained about the computer not working. It was extremely infected. I had trouble running anything. I finally was able to run Avast and then Malwarebytes and cleaned up a ton of trojans and maleware. However, this computer still acts funny, runs super slow, and sometimes doesn't want to even boot up. I would love some help cleaning it up. I was hoping to give this to my son to use for college in a few weeks. Thank you in advance for your help.
Attached Files
File Type: txt dds.txt (20.7 KB, 25 views)
File Type: txt attach.txt (11.1 KB, 23 views)
spudnud is offline  
Sponsored Links
Advertisement
 
Old 08-03-2015, 07:00 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, avast! and TrendMicro.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-05-2015, 09:23 PM   #3
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



Which virus protection program do you recommend? I installed Avast when trendmicro did not prevent the infection. I am thinking I'll keep Avast for that reason, but do you recommend differently or a different one all together?
spudnud is offline  
Sponsored Links
Advertisement
 
Old 08-05-2015, 09:40 PM   #4
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



# AdwCleaner v4.208 - Logfile created 05/08/2015 at 22:23:48
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : youngfamily - YOUNG
# Running from : C:\Users\youngfamily\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : 5df783dc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\The AdBlocker
Folder Deleted : C:\ProgramData\1235940965688534687
Folder Deleted : C:\ProgramData\3b4f3ff200000d0c
Folder Deleted : C:\ProgramData\f6e0ae46000008bc
Folder Deleted : C:\ProgramData\{1f8e3f9c-ea15-91da-1f8e-e3f9cea1fe73}
Folder Deleted : C:\ProgramData\{223a9654-1b32-e19b-223a-a96541b35950}
Folder Deleted : C:\ProgramData\{deb89d57-2d38-8649-deb8-89d572d3755c}
Folder Deleted : C:\ProgramData\{f0c019ff-6330-1a10-f0c0-019ff63367fd}
Folder Deleted : C:\ProgramData\{f1f581ea-2c33-f37a-f1f5-581ea2c307a8}
Folder Deleted : C:\ProgramData\{f7817e0e-f596-6c0e-f781-17e0ef59f83b}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files\DriverRestore
Folder Deleted : C:\Program Files\SoftwareHelp
Folder Deleted : C:\Program Files\SaveeNeWaAappz
Folder Deleted : C:\Users\hyoung\AppData\Roaming\download Manager
Folder Deleted : C:\Users\vbushell\AppData\Roaming\download Manager
Folder Deleted : C:\Users\youngfamily\AppData\Local\4C4C4544-1428757468-4610-8036-B1C04F324D31
File Deleted : C:\Program Files\prefs.js
File Deleted : C:\Users\youngfamily\AppData\Roaming\Mozilla\Firefox\Profiles\dd18ssiw.default\invalidprefs.js
File Deleted : C:\Users\youngfamily\AppData\Roaming\Mozilla\Firefox\Profiles\dd18ssiw.default\user.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****

Task Deleted : LaunchPreSignup
Task Deleted : UPDTEXE4_WDR
Task Deleted : IE_ERR4WDR

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\9ebe3b3f-8671-a145-fda5-3f7a82a33830
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ce8d8085}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5D9FB48A-5CE2-4118-B19F-F88ADDB0F814}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0B55F99-F893-4F84-AE82-CAE0E70DFDFA}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7304C9D1-98AD-55F0-636E-22D8DD57F176}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v37.0.2 (x86 en-US)

[dd18ssiw.default\prefs.js] - Line Deleted : user_pref("extensions.fDDewFRNZ64kNqty.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdgFpdYFrdwFrdwGpda8rjUGqn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]

*************************

AdwCleaner[R0].txt - [3527 bytes] - [05/08/2015 22:14:15]
AdwCleaner[S0].txt - [3521 bytes] - [05/08/2015 22:23:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3580 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
Ran by youngfamily (administrator) on YOUNG (05-08-2015 22:35:09)
Running from C:\Users\youngfamily\Desktop
Loaded Profiles: youngfamily (Available Profiles: youngfamily)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe
() C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [278528 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495711 2010-01-14] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-01-15] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824 2009-11-30] (Dell Inc.)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-14] (Wave Systems Corp.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-14] (Broadcom Corporation)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [DellBtrEvent] => D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe [147456 2009-08-25] (DeviceVM, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797488 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [133424 2011-10-17] (Trend Micro Inc.)
HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [45384 2011-08-26] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk [2010-05-14]
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2010-05-14]
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
Startup: C:\Users\hyoung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-06-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\youngfamily\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\vbushell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011-06-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\youngfamily\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\youngfamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MovieStarPlanet Hack v1.1.lnk [2015-02-11]
ShortcutTarget: MovieStarPlanet Hack v1.1.lnk -> C:\ProgramData\{223a9654-1b32-e19b-223a-a96541b35950}\MovieStarPlanet Hack v1.1.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-25] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2009-11-24] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2009-11-24] (Wave Systems Corp.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A} URL =
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4098221577-3929148139-2341364456-1005 -> {5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A} URL =
SearchScopes: HKU\S-1-5-21-4098221577-3929148139-2341364456-1005 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-19] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ToolbarIE.dll [2011-11-10] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-4098221577-3929148139-2341364456-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://server1.rockymtn.local:4343/...l/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://server1.rockymtn.local:4343/...tall/setup.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://dlm.tools.akamai.com/dlmanage...ex-2.2.5.7.cab
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\TmIEPlg.dll [2011-09-28] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ToolbarIE.dll [2011-11-10] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll [2011-11-10] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3318BCB-1630-4D1F-B1FE-D177CBE310FC}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\youngfamily\AppData\Roaming\Mozilla\Firefox\Profiles\dd18ssiw.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-04-07]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\firefoxextension
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\firefoxextension [2015-02-12]
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension [2011-05-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-25] (Avast Software s.r.o.)
R2 buttonsvc32; c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2009-12-17] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2009-12-17] (Broadcom Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [386848 2009-12-10] (Dell Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.0\DVMExportService.exe [327680 2009-08-03] (DeviceVM, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-05-14] (Macrovision Europe Ltd.) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe [229461 2010-01-14] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
R3 TmListen; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [689680 2011-11-16] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4038656 2009-11-30] (Dell Inc.) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [X]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-25] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-25] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-25] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-30] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-25] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-25] ()
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-11-30] (Broadcom Corporation)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-11-03] (Broadcom Corporation)
R1 DVMIO; D:\Program Files\Dell\Reader 2.0\dvmio.sys [16984 2009-07-10] (DeviceVM, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59392 2010-02-21] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-02-21] (REDC)
R3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [32864 2013-05-06] (ShoreTel, Inc)
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [81168 2011-06-23] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [191248 2011-06-23] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65296 2011-06-23] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-10-01] (Trend Micro Inc.)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-14] (Wave Systems Corp.)
U3 tmpfw; No ImagePath
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 22:35 - 2015-08-05 22:35 - 00022260 _____ C:\Users\youngfamily\Desktop\FRST.txt
2015-08-05 22:34 - 2015-08-05 22:35 - 00000000 ____D C:\FRST
2015-08-05 22:27 - 2015-08-05 22:27 - 00003660 _____ C:\Users\youngfamily\Desktop\AdwCleaner[S0].txt
2015-08-05 22:14 - 2015-08-05 22:24 - 00000000 ____D C:\AdwCleaner
2015-08-05 22:12 - 2015-08-05 22:12 - 02248704 _____ C:\Users\youngfamily\Desktop\AdwCleaner.exe
2015-08-05 22:12 - 2015-08-05 22:12 - 01673728 _____ (Farbar) C:\Users\youngfamily\Desktop\FRST.exe
2015-08-02 16:22 - 2015-08-02 16:22 - 00021169 _____ C:\Users\youngfamily\Desktop\dds.txt
2015-08-02 16:22 - 2015-08-02 16:22 - 00011345 _____ C:\Users\youngfamily\Desktop\attach.txt
2015-08-02 16:21 - 2015-08-02 16:21 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-02 16:16 - 2015-08-02 16:16 - 00688992 ____R (Swearware) C:\Users\youngfamily\Downloads\dds.scr
2015-08-02 16:10 - 2015-07-25 11:51 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-02 16:10 - 2015-07-25 11:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-02 16:10 - 2015-07-25 11:47 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-02 16:10 - 2015-07-25 11:46 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-02 16:10 - 2015-07-25 11:46 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-02 16:10 - 2015-07-25 11:46 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-02 16:10 - 2015-07-25 11:46 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-02 16:10 - 2015-07-25 11:40 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-02 16:10 - 2015-07-01 14:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-02 16:10 - 2015-07-01 14:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-02 16:10 - 2015-07-01 14:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-02 16:10 - 2015-07-01 14:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-02 16:10 - 2015-07-01 14:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-02 16:10 - 2015-07-01 14:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-02 16:10 - 2015-07-01 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-02 16:10 - 2015-07-01 14:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-02 16:10 - 2015-07-01 14:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-02 16:10 - 2015-07-01 13:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-02 16:10 - 2015-07-01 13:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-02 16:10 - 2015-07-01 13:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-02 16:10 - 2015-06-25 02:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-02 16:09 - 2015-07-04 11:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-02 16:09 - 2015-06-17 11:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-02 16:09 - 2015-06-15 15:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-02 16:09 - 2015-06-15 15:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-02 16:09 - 2015-06-15 15:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-02 16:09 - 2015-06-15 15:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-02 16:09 - 2015-06-15 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-02 16:09 - 2015-06-15 15:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-02 16:09 - 2015-06-15 15:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-02 16:07 - 2015-07-14 20:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-02 16:07 - 2015-07-14 20:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-02 16:07 - 2015-07-14 20:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-02 16:07 - 2015-07-14 20:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-02 16:07 - 2015-07-14 19:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-02 16:06 - 2015-04-27 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-02 16:06 - 2015-04-27 13:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-08-02 16:06 - 2015-04-27 13:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-08-02 16:06 - 2015-04-27 13:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-08-02 16:04 - 2015-07-09 11:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-02 16:04 - 2015-07-09 11:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-02 16:04 - 2015-07-09 11:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-02 16:04 - 2015-07-09 11:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-02 16:04 - 2015-07-09 11:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-02 16:04 - 2015-07-09 11:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-02 16:04 - 2015-07-09 11:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-02 16:04 - 2015-07-09 11:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-02 16:04 - 2015-07-09 11:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-02 16:04 - 2015-07-09 11:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-02 16:04 - 2015-07-09 11:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-02 16:04 - 2015-07-02 15:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-02 16:04 - 2015-07-02 15:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-02 16:04 - 2015-07-02 14:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-02 16:04 - 2015-07-02 14:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-02 16:04 - 2015-07-02 13:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-02 16:04 - 2015-06-26 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-02 16:04 - 2015-06-26 19:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-02 16:04 - 2015-06-01 17:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-02 16:03 - 2015-07-02 14:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-02 15:56 - 2015-06-25 11:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-02 15:56 - 2015-06-19 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-02 15:56 - 2015-06-19 12:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-02 15:56 - 2015-06-19 12:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-02 15:56 - 2015-06-19 12:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-02 15:56 - 2015-06-19 12:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-02 15:56 - 2015-06-19 12:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-02 15:56 - 2015-06-19 12:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-02 15:56 - 2015-06-19 12:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-02 15:56 - 2015-06-19 12:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-02 15:56 - 2015-06-19 12:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-02 15:56 - 2015-06-19 12:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-02 15:56 - 2015-06-19 12:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-02 15:56 - 2015-06-19 12:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-02 15:56 - 2015-06-19 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-02 15:56 - 2015-06-19 11:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-02 15:56 - 2015-06-19 11:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-02 15:56 - 2015-06-19 11:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-02 15:56 - 2015-06-19 11:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-02 15:56 - 2015-06-19 11:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-02 15:56 - 2015-06-19 11:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-02 15:56 - 2015-06-19 11:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-02 15:56 - 2015-06-19 11:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-02 15:56 - 2015-06-19 11:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 22:34 - 2009-07-13 22:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-05 22:34 - 2009-07-13 22:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-05 22:33 - 2010-05-14 12:19 - 00866878 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-05 22:31 - 2009-07-13 22:55 - 01550111 _____ C:\Windows\WindowsUpdate.log
2015-08-05 22:26 - 2014-02-03 10:53 - 00000000 _____ C:\Users\youngfamily\AppData\Local\WavXMapDrive.bat
2015-08-05 22:25 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-05 22:25 - 2009-07-13 22:39 - 00065231 _____ C:\Windows\setupact.log
2015-08-05 22:24 - 2011-10-17 21:02 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3703720776-1548383884-3637819134-1147UA.job
2015-08-05 22:00 - 2011-10-17 21:02 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3703720776-1548383884-3637819134-1147Core.job
2015-08-03 04:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2015-08-03 03:47 - 2015-04-05 18:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-03 03:45 - 2009-07-13 22:33 - 00414888 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-03 03:44 - 2010-05-14 14:06 - 01077454 _____ C:\Windows\PFRO.log
2015-08-03 03:43 - 2015-01-31 16:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-03 03:43 - 2014-06-10 03:56 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-03 03:25 - 2013-09-09 00:10 - 00000000 ____D C:\Windows\system32\MRT
2015-08-03 03:11 - 2010-05-14 12:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-02 16:19 - 2015-04-23 20:58 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-08-02 16:18 - 2013-09-08 16:17 - 00000000 ____D C:\Program Files\Java
2015-07-13 21:27 - 2015-04-19 17:55 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2015-06-30 18:33 - 2015-06-30 18:33 - 50063360 _____ () C:\Program Files\GUT3708.tmp
2013-11-13 01:19 - 2013-11-13 01:19 - 50053120 _____ () C:\Program Files\GUT8427.tmp
2014-02-01 11:39 - 2014-02-01 11:39 - 49940480 _____ () C:\Program Files\GUT9E71.tmp
2014-02-03 10:53 - 2015-08-05 22:26 - 0000000 _____ () C:\Users\youngfamily\AppData\Local\WavXMapDrive.bat
2012-03-23 17:22 - 2012-03-28 22:28 - 0000451 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\first\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\hyoung\AppData\Local\Temp\Abspdf.exe
C:\Users\hyoung\AppData\Local\Temp\acfpdfu.dll
C:\Users\hyoung\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\hyoung\AppData\Local\Temp\acfpdfui.dll
C:\Users\hyoung\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\hyoung\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\hyoung\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\hyoung\AppData\Local\Temp\cdintf.dll
C:\Users\hyoung\AppData\Local\Temp\JingSetup.exe
C:\Users\hyoung\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\hyoung\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\hyoung\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\hyoung\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\hyoung\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\hyoung\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\hyoung\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\hyoung\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\hyoung\AppData\Local\Temp\olrhup2b.dll
C:\Users\hyoung\AppData\Local\Temp\PDFPRT400.exe
C:\Users\hyoung\AppData\Local\Temp\xmllite.dll
C:\Users\hyoung\AppData\Local\Temp\ydaxfhu3.dll
C:\Users\vbushell\AppData\Local\Temp\atl80.dll
C:\Users\vbushell\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\vbushell\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\vbushell\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\vbushell\AppData\Local\Temp\GURA87F.exe
C:\Users\vbushell\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\vbushell\AppData\Local\Temp\IPx86_1033.exe
C:\Users\vbushell\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\vbushell\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\vbushell\AppData\Local\Temp\mfc80.dll
C:\Users\vbushell\AppData\Local\Temp\mfc80u.dll
C:\Users\vbushell\AppData\Local\Temp\mfcm80.dll
C:\Users\vbushell\AppData\Local\Temp\mfcm80u.dll
C:\Users\vbushell\AppData\Local\Temp\MSIZAP.EXE
C:\Users\vbushell\AppData\Local\Temp\msvcm80.dll
C:\Users\vbushell\AppData\Local\Temp\msvcp80.dll
C:\Users\vbushell\AppData\Local\Temp\msvcr80.dll
C:\Users\vbushell\AppData\Local\Temp\qbinstal.dll
C:\Users\vbushell\AppData\Local\Temp\stlport_r50.dll
C:\Users\vbushell\AppData\Local\Temp\TmDbg32.dll
C:\Users\youngfamily\AppData\Local\Temp\cw.exe
C:\Users\youngfamily\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\youngfamily\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\youngfamily\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\youngfamily\AppData\Local\Temp\flash_setup.exe
C:\Users\youngfamily\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.169.exe
C:\Users\youngfamily\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\youngfamily\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\youngfamily\AppData\Local\Temp\Quarantine.exe
C:\Users\youngfamily\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 16:45

Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
Ran by youngfamily (2015-08-05 22:36:39)
Running from C:\Users\youngfamily\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4098221577-3929148139-2341364456-500 - Administrator - Disabled)
Guest (S-1-5-21-4098221577-3929148139-2341364456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4098221577-3929148139-2341364456-1007 - Limited - Enabled)
youngfamily (S-1-5-21-4098221577-3929148139-2341364456-1005 - Administrator - Enabled) => C:\Users\youngfamily

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Trend Micro Security Agent (Enabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Security Agent (Enabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.00.12 - STMicroelectronics)
Adobe Acrobat 9 Standard - English, Franšais, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version: - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DCP32MMWrapper (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Dell Backup and Recovery Manager (HKLM\...\{AC474F86-9A17-4BCB-8B15-11ABFD5B7F95}) (Version: 1.2.3 - Dell Inc.)
Dell Control Point (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.455.70 - Dell Inc.)
Dell ControlPoint System Manager (HKLM\...\{057159C5-3B94-4E36-9271-11615618CACE}) (Version: 1.4.00000 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.450.290 - Broadcom Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.085 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1006.101.111 - ALPS ELECTRIC CO., LTD.)
Document Manager Lite (Version: 06.09.00.147 - Wave Systems Corp.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.44 - Dell Inc.)
EMBASSY Security Center (Version: 04.00.00.075 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.066 - Wave Systems Corp) Hidden
ESC Home Page Plugin (Version: 04.00.00.010 - Wave Systems Corp) Hidden
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Talk Plugin (HKLM\...\{325045C9-F040-3D98-892D-53D5E840266C}) (Version: 2.9.10.7526 - Google)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel(R) Network Connections 14.8.43.0 (HKLM\...\PROSetDX) (Version: 14.8.43.0 - Dell)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MFCLOC (Version: 1.00.0000 - Dell Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{CD232781-26CA-4E18-BC70-4343A2F0D583}) (Version: 8.01.249.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Preboot Manager (Version: 03.00.00.089 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.057 - Wave Systems Corp.) Hidden
Reader 2.0 (HKLM\...\Reader2.0) (Version: 2.0.1.1038 - Dell Inc.)
Reader 2.0 (Version: 2.0.1.1038 - Dell Inc.) Hidden
ScrewDrivers Client v4 (rdp only) (HKLM\...\{5D1210C2-FAD4-4946-88B4-C5F9DC8690E7}) (Version: 4.6.01.09 - triCerat, Inc.)
Security Wizards (Version: 01.07.00.023 - Your Company Name) Hidden
SO32MMWrapper (Version: 1.6.455.70 - Broadcom Corporation) Hidden
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 7.0.2316 - Trend Micro Incorporated)
Trend Micro Worry-Free Business Security Agent (Version: 1.0.0 - Trend Micro Inc.) Hidden
Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Wave Infrastructure Installer (Version: 07.01.21.0015 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.062 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

22-02-2015 21:20:01 Windows Update
25-03-2015 17:54:28 Windows Update
28-03-2015 03:01:02 Windows Update
04-04-2015 18:04:41 Windows Update
05-04-2015 18:14:01 Windows Update
11-04-2015 12:28:36 Windows Update
11-04-2015 13:32:45 Removed GeekBuddy.
11-04-2015 13:36:05 Removed GeekBuddy.
11-04-2015 13:40:58 Removed WeatherApp
14-04-2015 15:33:06 Windows Update
15-04-2015 03:00:50 Windows Update
19-04-2015 17:59:34 avast! antivirus system restore point
21-04-2015 06:38:39 Windows Update
25-04-2015 19:24:31 Windows Update
25-04-2015 21:22:45 avast! antivirus system restore point
13-05-2015 18:38:29 Windows Update
13-05-2015 21:15:04 Windows Update
30-06-2015 19:17:49 Windows Update
01-07-2015 03:01:23 Windows Update
12-07-2015 17:38:05 Windows Update
02-08-2015 15:56:29 Windows Update
03-08-2015 03:01:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FE4EBA7-9F9B-4889-A187-9CF350DEECA1} - System32\Tasks\{E68A4A11-59C9-48C4-A5BC-ECD520DEF26A} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{9C0F91E5-4FA1-4D0F-A14C-035914F6EF02}\Setup.exe"
Task: {2682D563-0960-4F3C-937D-3010215DBE4A} - System32\Tasks\{81ECCFD1-AA12-47EA-8929-EDC255E494B2} => pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\Mobile Drivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\Mobile Drivers\"
Task: {2DCCF3B7-2CE2-47C2-978A-50C8337C2654} - System32\Tasks\{4E033019-8D02-4391-9E1A-C14B66A414F7} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {55EBD76E-9AC7-465D-A65B-2B26A785E0B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3703720776-1548383884-3637819134-1147UA => C:\Users\vbushell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17] (Google Inc.)
Task: {B83F3A48-4131-44EF-B268-A8D8301A0057} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3703720776-1548383884-3637819134-1147Core => C:\Users\vbushell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17] (Google Inc.)
Task: {C96E9457-6B41-429B-A711-F90B1D9819D5} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {DA24125A-5E98-4D9A-87A5-2F2D647F1A00} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {E12BF410-DC9C-4100-B7AF-FDD1308F2C45} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-25] (Avast Software s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3703720776-1548383884-3637819134-1147Core.job => C:\Users\vbushell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3703720776-1548383884-3637819134-1147UA.job => C:\Users\vbushell\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-05-14 12:18 - 2009-11-30 06:32 - 00026112 _____ () C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
2015-04-25 21:24 - 2015-04-25 21:24 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-25 21:24 - 2015-04-25 21:24 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-05 22:01 - 2015-08-05 22:01 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080502\algo.dll
2011-05-17 12:51 - 2011-01-04 03:53 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-05-17 12:51 - 2011-01-04 03:53 - 00057344 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2011-05-17 12:51 - 2011-01-03 21:53 - 00442368 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2011-05-17 12:51 - 2011-01-03 21:53 - 01081344 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2012-03-30 14:27 - 2011-10-05 02:15 - 00174624 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2010-05-14 12:19 - 2010-01-10 11:01 - 00060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2010-05-14 12:17 - 2010-01-15 11:35 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2009-11-19 14:47 - 2009-11-19 14:47 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2009-11-13 07:17 - 2009-11-13 07:17 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 12:24 - 2008-11-12 12:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2015-04-19 18:04 - 2015-04-19 18:05 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-03-30 14:27 - 2011-01-03 07:53 - 00049152 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\boost_thread-vc80-mt-1_36.dll
2012-03-30 14:27 - 2011-01-03 07:53 - 00057344 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\boost_date_time-vc80-mt-1_36.dll
2012-03-30 14:27 - 2011-11-16 06:37 - 00233472 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\libTmHttpServer.dll
2012-03-30 14:27 - 2011-11-16 06:37 - 00126976 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\libTmHttpClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\youngfamily\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{763A781C-3578-4563-AF24-C936AE56970E}] => (Allow) svchost.exe
FirewallRules: [{31824029-7F83-4C10-A37F-D5F15CE1C151}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{FECF8BE1-BBF4-483E-A1A1-486962AF5E87}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{E269A31E-EAA9-4A63-8592-0B7B9916BFCE}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0984E2BB-1CAD-4A1D-A251-55BDD74601D0}] => (Allow) LPort=2869
FirewallRules: [{224811FF-652A-4B97-A193-25F2B1A42D1A}] => (Allow) LPort=1900
FirewallRules: [{535B359A-ABB6-4D6D-BD57-AD16C3B94943}] => (Allow) C:\Users\vbushell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{847E3FA1-9262-4143-8F63-BC1E62663290}] => (Allow) C:\Users\vbushell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2C80AACC-6CA2-4162-BB63-7D79EAF67415}C:\program files\shoreline communications\shoreware client\shoretel.exe] => (Allow) C:\program files\shoreline communications\shoreware client\shoretel.exe
FirewallRules: [UDP Query User{E78CF783-C032-48ED-9148-5DA7BD870C43}C:\program files\shoreline communications\shoreware client\shoretel.exe] => (Allow) C:\program files\shoreline communications\shoreware client\shoretel.exe
FirewallRules: [TCP Query User{E3F42D8E-4811-4AE2-85B9-DE177F47EE3E}C:\users\vbushell\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\vbushell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A03B3EAA-05C9-4DA5-96D9-4747592D23EB}C:\users\vbushell\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\vbushell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{44C25BA9-B41D-470B-BB79-3229BE4F4E72}] => (Allow) LPort=20923
FirewallRules: [{4D706425-0CA4-4105-BDF7-991964D24894}] => (Allow) LPort=20923
FirewallRules: [{396EFBA3-55C4-40E6-AD39-052D5943E167}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{6A7CFFC8-267E-4509-AE71-BE1610CD1DA1}C:\users\vbushell\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\vbushell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4E9EEF4F-61A5-4287-8C54-7EEB647D26C3}C:\users\vbushell\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\vbushell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{34F1EECA-EE80-4BC4-8804-56CDC04ADE3A}] => (Allow) C:\Users\hyoung\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CDCDA6FC-7AB4-429B-BC0C-D6A4FD3E75B8}] => (Allow) C:\Users\hyoung\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{CD1E87B7-539B-4B81-8B75-C28128E46122}C:\users\hyoung\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\hyoung\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C6A9F78D-947B-44D9-926D-4B4CC86F40CC}C:\users\hyoung\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\hyoung\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4042DDF2-30F1-4FA4-92E9-96E2A183833C}] => (Allow) LPort=41272
FirewallRules: [TCP Query User{A5D0BEE1-3039-4376-9D84-E70EA5BF0598}C:\program files\shoreline communications\shoreware client\shoretel.exe] => (Block) C:\program files\shoreline communications\shoreware client\shoretel.exe
FirewallRules: [UDP Query User{B0D13267-8E6A-44A4-9AF3-67036C9440C9}C:\program files\shoreline communications\shoreware client\shoretel.exe] => (Block) C:\program files\shoreline communications\shoreware client\shoretel.exe
FirewallRules: [TCP Query User{EEEBADBD-2C8A-4E63-94A6-81F50AD0461C}C:\users\hyoung\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hyoung\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{565C6347-0D57-4041-A705-B08883F151BA}C:\users\hyoung\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hyoung\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{414C65A4-F86E-4A43-9070-985D9BE5D4E5}] => (Allow) LPort=41272
FirewallRules: [TCP Query User{4AD46B34-E2AE-4AD3-9631-CF01E96B8587}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A9C9BD3D-477B-41EB-9C2C-C143972B71BE}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{D8D95FDB-DD9E-4B95-AC46-8A172B2C733F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EB252EAC-D03A-48C4-935C-D3079E422913}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AC3DD791-3DB8-445F-89A0-88AA1BB856D9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A77FCA1E-6E63-493A-8AF8-93B7251872B2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2015 09:29:50 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

Error: (08/02/2015 03:43:32 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

Error: (07/26/2015 05:38:06 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

Error: (07/13/2015 09:27:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GWXUX.exe version 6.3.9600.17813 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bf8

Start Time: 01d0bde4d98bd3b2

Termination Time: 0

Application Path: C:\Windows\System32\GWX\GWXUX.exe

Report Id: 2d4f58fa-29d8-11e5-8bbe-0026b9d14ca5

Error: (07/12/2015 07:00:05 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

Error: (07/12/2015 05:38:59 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

Error: (05/13/2015 05:44:50 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/13/2015 05:44:50 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (05/13/2015 05:40:58 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

Error: (04/21/2015 09:30:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bcmwltry.exe, version: 5.60.18.8, time stamp: 0x4a8f3820
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03e96f6c
Faulting process id: 0x6a8
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3


System errors:
=============
Error: (08/05/2015 10:26:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (08/05/2015 10:25:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (08/05/2015 10:24:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server Browser service failed to start due to the following error:
%%1069

Error: (08/05/2015 10:24:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The SQLBrowser service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/05/2015 10:24:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (08/05/2015 10:24:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/05/2015 10:24:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (08/05/2015 10:24:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (08/05/2015 10:24:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (08/05/2015 10:24:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056


Microsoft Office:
=========================
Error: (04/01/2013 09:50:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/28/2013 01:10:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7271 seconds with 5220 seconds of active time. This session ended with a crash.

Error: (01/07/2013 01:52:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9017 seconds with 5220 seconds of active time. This session ended with a crash.

Error: (12/21/2012 04:17:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/28/2012 05:11:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1023 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/28/2012 04:42:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 74 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/28/2012 04:40:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/28/2012 04:39:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/28/2012 04:34:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 103 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/28/2012 04:32:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 301 seconds with 60 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 61%
Total physical RAM: 1973.84 MB
Available physical RAM: 759.86 MB
Total Virtual: 3947.67 MB
Available Virtual: 2470.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:221.23 GB) (Free:138.38 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.91 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 8A427EA7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

==================== End of log ============================
spudnud is offline  
Old 08-06-2015, 05:21 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello spudnud. avast! is fine. Please uninstall TrendMicro before running the fix below.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

You can also download recovery software if you don't have an installation DVD:

Microsoft Software Recovery

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Trend Micro Worry-Free Business Security Agent (Version: 1.0.0 - Trend Micro Inc.) Hidden
    Task: {DA24125A-5E98-4D9A-87A5-2F2D647F1A00} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
    C:\Program Files\Trend Micro
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [133424 2011-10-17] (Trend Micro Inc.)
    Startup: C:\Users\vbushell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011-06-22]
    ShortcutTarget: Dropbox.lnk -> C:\Users\youngfamily\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4098221577-3929148139-2341364456-1005 -> {5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A} URL = 
    Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ToolbarIE.dll [2011-11-10] (Trend Micro Inc.)
    Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\TmIEPlg.dll [2011-09-28] (Trend Micro Inc.)
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ToolbarIE.dll [2011-11-10] (Trend Micro Inc.)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll [2011-11-10] (Trend Micro Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\firefoxextension
    FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\firefoxextension [2015-02-12]
    FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension
    FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension [2011-05-17]
    R3 TmListen; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [689680 2011-11-16] (Trend Micro Inc.)
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [X]
    R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [81168 2011-06-23] (Trend Micro Inc.)
    R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [191248 2011-06-23] (Trend Micro Inc.)
    R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65296 2011-06-23] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-10-01] (Trend Micro Inc.)
    U3 tmpfw; No ImagePath
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-06-2015, 10:11 PM   #6
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



I uninstalled TrendMicro.

I went to create a system disk and now my CD Rom Drive is not working. Is it possible I lost the connection to it through the computer or is it dead? It worked fine last time I used it.

That is how far I have gotten on your list of tasks.

Thanks!!!
spudnud is offline  
Old 08-07-2015, 05:50 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello spudnud. You're welcome. You can always make a repair CD on any other Win7 machine, so you can proceed with the rest of the instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-09-2015, 10:18 PM   #8
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



Fix result of Farbar Recovery Scan Tool (x86) Version:09-08-2015
Ran by youngfamily (2015-08-09 23:01:27) Run:1
Running from C:\Users\youngfamily\Desktop
Loaded Profiles: youngfamily (Available Profiles: youngfamily)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
createrestorepoint:
Trend Micro Worry-Free Business Security Agent (Version: 1.0.0 - Trend Micro Inc.) Hidden
Task: {DA24125A-5E98-4D9A-87A5-2F2D647F1A00} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
C:\Program Files\Trend Micro
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [133424 2011-10-17] (Trend Micro Inc.)
Startup: C:\Users\vbushell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011-06-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\youngfamily\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4098221577-3929148139-2341364456-1005 -> {5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A} URL =
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ToolbarIE.dll [2011-11-10] (Trend Micro Inc.)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\TmIEPlg.dll [2011-09-28] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ToolbarIE.dll [2011-11-10] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll [2011-11-10] (Trend Micro Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\firefoxextension
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\firefoxextension [2015-02-12]
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension [2011-05-17]
R3 TmListen; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [689680 2011-11-16] (Trend Micro Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [X]
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [81168 2011-06-23] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [191248 2011-06-23] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65296 2011-06-23] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-10-01] (Trend Micro Inc.)
U3 tmpfw; No ImagePath
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA24125A-5E98-4D9A-87A5-2F2D647F1A00}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA24125A-5E98-4D9A-87A5-2F2D647F1A00}" => key removed successfully.
C:\Windows\System32\Tasks\HDNINSTSCHD => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD" => key removed successfully.
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe => No running process found
C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe => No running process found
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe => No running process found
C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe => No running process found
C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe => No running process found
C:\Program Files\Trend Micro => moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Trend Micro Client Framework => value not found.
C:\Users\vbushell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => moved successfully.
C:\Users\youngfamily\AppData\Roaming\Dropbox\bin\Dropbox.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A}" => key removed successfully.
HKCR\CLSID\{5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-4098221577-3929148139-2341364456-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A}" => key removed successfully.
HKCR\CLSID\{5BA9E1FE-B307-434F-AE3E-F5CE0D3C6B6A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} => value not found.
HKCR\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2} => key not found.
"HKCR\PROTOCOLS\Handler\intu-help-qb6" => key removed successfully.
HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491} => key not found.
HKCR\PROTOCOLS\Handler\tmpx => key not found.
HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => key not found.
HKCR\PROTOCOLS\Handler\tmtb => key not found.
HKCR\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} => key not found.
HKCR\PROTOCOLS\Handler\tmtbim => key not found.
HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
FF Plugin: @microsoft.com/GENUINE -> disabled No File not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} => value not found.
C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1089\firefoxextension => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc} => value not found.
C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension => not found.
TmListen => service not found.
Amsp => service not found.
tmactmon => service not found.
tmcomm => service not found.
tmevtmgr => service not found.
tmtdi => Unable to stop service.
tmtdi => service removed successfully.
tmpfw => service removed successfully.
EmptyTemp: => 3.7 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:11:16 ====
spudnud is offline  
Old 08-10-2015, 07:55 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, spudnud. How is the machine behaving?

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-12-2015, 07:49 PM   #10
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



ComboFix 15-08-08.01 - youngfamily 08/12/2015 20:22:33.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1974.483 [GMT -6:00]
Running from: c:\users\youngfamily\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LILE7BF.tmp
C:\LILE7DE.tmp
C:\LILE7EE.tmp
C:\LILE8E8.tmp
C:\LILE907.tmp
C:\LILE908.tmp
c:\programdata\ntuser.pol
c:\users\hyoung\AppData\Local\assembly\tmp
c:\users\hyoung\g2ax_customer_downloadhelper_win32_x86.exe
c:\windows\security\logs\scecomp.log
c:\windows\system32\AdobePDF.dll
c:\windows\system32\SET1C70.tmp
c:\windows\system32\SETFB03.tmp
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2015-07-13 to 2015-08-13 )))))))))))))))))))))))))))))))
.
.
2015-08-13 02:35 . 2015-08-13 02:39 -------- d-----w- c:\users\youngfamily\AppData\Local\temp
2015-08-13 02:35 . 2015-08-13 02:35 -------- d-----w- c:\users\vbushell\AppData\Local\temp
2015-08-13 02:35 . 2015-08-13 02:35 -------- d-----w- c:\users\mconnors\AppData\Local\temp
2015-08-13 02:35 . 2015-08-13 02:35 -------- d-----w- c:\users\lschumann\AppData\Local\temp
2015-08-13 02:35 . 2015-08-13 02:35 -------- d-----w- c:\users\hyoung\AppData\Local\temp
2015-08-13 02:35 . 2015-08-13 02:35 -------- d-----w- c:\users\first\AppData\Local\temp
2015-08-13 02:35 . 2015-08-13 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-10 05:10 . 2015-07-15 01:33 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F343154B-E3CB-43C7-A487-1426B6D26DC4}\mpengine.dll
2015-08-06 04:34 . 2015-08-10 05:14 -------- d-----w- C:\FRST
2015-08-06 04:14 . 2015-08-06 04:24 -------- d-----w- C:\AdwCleaner
2015-08-02 22:21 . 2015-08-02 22:21 -------- d-----w- c:\program files\Common Files\Java
2015-08-02 22:09 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\system32\msi.dll
2015-08-02 22:09 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\system32\authui.dll
2015-08-02 22:09 . 2015-06-15 21:47 101824 ----a-w- c:\windows\system32\consent.exe
2015-08-02 22:09 . 2015-06-15 21:43 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-08-02 22:09 . 2015-06-15 21:42 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-08-02 22:09 . 2015-06-15 21:43 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-08-02 22:09 . 2015-06-15 21:37 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-08-02 22:09 . 2015-06-17 17:39 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-08-02 22:09 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-08-02 22:07 . 2015-07-15 02:55 26624 ----a-w- c:\windows\system32\lpk.dll
2015-08-02 22:07 . 2015-07-15 02:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-02 22:07 . 2015-07-15 01:52 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-08-02 22:07 . 2015-07-15 02:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-08-02 22:07 . 2015-07-15 02:55 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-08-02 22:06 . 2015-04-27 19:04 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-08-02 22:06 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-08-02 22:06 . 2015-04-27 19:05 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-08-02 22:06 . 2015-04-27 19:04 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-10 05:14 . 2014-02-03 16:53 0 ----a-w- c:\users\youngfamily\AppData\Local\WavXMapDrive.bat
2015-08-02 22:19 . 2015-04-24 02:58 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-14 03:27 . 2015-04-19 23:55 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-01 01:15 . 2015-04-20 00:05 428120 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-07-01 00:33 . 2015-07-01 00:33 50063360 ----a-w- c:\program files\GUT3708.tmp
2015-06-23 19:27 . 2011-03-29 18:08 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 14:41 . 2015-04-19 23:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 14:41 . 2015-04-19 23:55 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 14:41 . 2015-04-19 23:55 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 07:01 . 2015-06-17 07:01 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-05-25 18:07 . 2015-07-01 01:19 3989440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-05-25 18:07 . 2015-07-01 01:19 3934144 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:04 . 2015-07-01 01:19 1307648 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:01 . 2015-07-01 01:19 853504 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:01 . 2015-07-01 01:19 635392 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:01 . 2015-07-01 01:19 400896 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:01 . 2015-07-01 01:19 43008 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:01 . 2015-07-01 01:19 92160 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:01 . 2015-07-01 01:19 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:01 . 2015-07-01 01:19 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:00 . 2015-07-01 01:19 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:00 . 2015-07-01 01:19 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:00 . 2015-07-01 01:19 69632 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:00 . 2015-07-01 01:19 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:00 . 2015-07-01 01:19 37888 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:00 . 2015-07-01 01:19 82944 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:00 . 2015-07-01 01:19 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 17:55 . 2015-07-01 01:19 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 16:53 . 2015-07-01 01:19 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-21 13:20 . 2015-07-01 01:23 163840 ----a-w- c:\windows\system32\aepic.dll
2014-02-01 17:39 . 2014-02-01 17:39 49940480 ----a-w- c:\program files\GUT9E71.tmp
2013-11-13 07:19 . 2013-11-13 07:19 50053120 ----a-w- c:\program files\GUT8427.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-26 03:24 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 278528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-14 495711]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-02 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-02 166936]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-01-15 284696]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-11-30 4685824]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-14 147328]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-14 34232]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"DellBtrEvent"="d:\program files\Dell\Reader 2.0\DellBtrEvent.exe" [2009-08-26 147456]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ScrewDrivers RDP Plugin"="c:\program files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe" [2011-08-26 45384]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-14 5515496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-06-09 334896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1327392]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2014-07-01 30504]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-06-19 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-14 98520]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-02-21 48640]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-02-21 38912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-26 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-07-01 428120]
S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.0\dvmio.sys [2009-07-10 16984]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe [2010-01-14 81920]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-26 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-26 74976]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-26 106912]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-12-17 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-12-17 27040]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 386848]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.0\DVMExportService.exe [2009-08-03 327680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-01-15 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-02-21 59392]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 33832]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 132352]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 staccel;staccel;c:\windows\system32\DRIVERS\staccel.sys [2013-05-07 32864]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
utcsvc REG_MULTI_SZ DiagTrack
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3703720776-1548383884-3637819134-1147Core.job
- c:\users\vbushell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 03:02]
.
2015-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3703720776-1548383884-3637819134-1147UA.job
- c:\users\vbushell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 03:02]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\youngfamily\AppData\Roaming\Mozilla\Firefox\Profiles\dd18ssiw.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\youngfamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MovieStarPlanet Hack v1.1.lnk - c:\programdata\{223a9654-1b32-e19b-223a-a96541b35950}\MovieStarPlanet Hack v1.1.exe --startup=1
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(1884)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\msiexec.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2015-08-12 20:44:51 - machine was rebooted
ComboFix-quarantined-files.txt 2015-08-13 02:44
.
Pre-Run: 152,035,057,664 bytes free
Post-Run: 152,082,968,576 bytes free
.
- - End Of File - - 1C0CB3FE640C38C84FD024A0DAC596F0
5C616939100B85E558DA92B899A0FC36
spudnud is offline  
Old 08-13-2015, 04:41 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, spudnud. How is the machine behaving?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 8 Update 45

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Leave this one as it has the latest definitions:

Java 8 Update 51

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-16-2015, 11:34 PM   #12
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/16/2015
Scan Time: 11:21 PM
Logfile: malwarehistorylog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.17.02
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: youngfamily

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 583661
Time Elapsed: 47 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Old Java removed.

How is it working? I'm not sure since I have purposely stopped using this since it was workin g so poorly. I'll start trying this out now.

Running ESET scan right now. I'll post it once it is done. It has found 9 infections so far. I may not be able to post the results until tomorrow night.
spudnud is offline  
Old 08-17-2015, 07:21 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, spudnud. That's fine, let me know when it is done. Use the machine as normal, and let me know how it behaves.

Remember, most of the ESET finds have likely already been quarantined by ComboFix, AdwCleaner, and/or FRST, so don't worry too much about what ESET has detected so far.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-18-2015, 05:33 AM   #14
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



ESET log

C:\AdwCleaner\Quarantine\C\Program Files\SoftwareHelp\SoftwareHelp.dll.vir a variant of Win32/Adware.MultiPlug.NV.gen application
C:\AdwCleaner\Quarantine\C\Users\youngfamily\AppData\Local\4C4C4544-1428757468-4610-8036-B1C04F324D31\rnsl392C.exe.vir a variant of Win32/Adware.ConvertAd.PU application
C:\CCE_Quarantine\{1F87D656-E73E-4801-B162-2B69779088D8} a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\CCE_Quarantine\{3BDA6E5A-3035-4467-8F52-6B0E55C5A50D} Win32/VOPackage.BV potentially unwanted application
C:\CCE_Quarantine\{413BD13C-A2F2-4119-8B01-8FA504BD7D33} multiple threats
C:\CCE_Quarantine\{5283BD20-0E90-4BB7-9280-A49BEFB0D771} a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\CCE_Quarantine\{8F21589C-CA02-4DED-9233-DD59D637B472} multiple threats
C:\CCE_Quarantine\{8FD1D617-7485-4AC4-ABC5-09B9D436F2A6} Win32/VOPackage.BV potentially unwanted application
C:\CCE_Quarantine\{D314027B-A57D-4F36-8F46-D94C9E3F0187} a variant of Win32/Adware.SpeedingUpMyPC.AA application


The computer seems to be working fine now. Does it look good on your end?
spudnud is offline  
Old 08-18-2015, 07:28 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, spudnud. Glad to hear it. Looks good on this end.

Was COMODO a previous install? Those CCE_Quarantine finds belong to COMODO.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-18-2015, 07:46 AM   #16
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7


No, I installed it from your link above. That's weird.

Do I remove the tools I uploaded now?

Thank you for your help!
spudnud is offline  
Old 08-18-2015, 12:58 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, spudnud. You're very welcome. We'll remove the tools shortly.

Quote:
I installed it from your link above
What link above? I didn't give any link to COMODO.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-19-2015, 04:55 AM   #18
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7


Oh, I have no idea. I bought this computer from my office and they left a lot on there. Maybe from a previous thing tech support did?
spudnud is offline  
Old 08-19-2015, 05:06 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, spudnud.

Navigate to, right-click and delete this folder:

C:\CCE_Quarantine

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-23-2015, 05:57 PM   #20
Registered Member
 
Join Date: Jul 2011
Posts: 26
OS: Windows 7



Resolved. Thank you so much for your help!!!!
spudnud is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Security 2011/Java-CVE-2010/Cycbot Removal
Hey, everybody. Here's the lowdown: A couple of months ago my sister accidentally sent me the XP Security 2011 virus in a .JPG attached to her e-mail. (I know it was her, alas, as that's how she caught the exact same virus.) I took my PC to a local computer company and paid good money to...
KeithEKimball Resolved HJT Threads 20 08-15-2011 03:34 PM
Laptop barely works, can't access task manager
No access to a Windows install disc or a boot CD Computer takes way too long to start. Takes way too long to restart and shut down. The internet shuts off after a couple of hours and I have to restart the computer. Pop-up keeps appearing even when a web page isn't open....
BalloonBottle Resolved HJT Threads 21 07-25-2011 02:36 PM
"The memory could not be written"
Hi. I appreciate any help you could provide. Recently, I started getting an error that popped up when I run Real Player. Now, anytime I try to install a program I get an application error referencing memory at "0x71ab4a07" and am unable to complete installation. Here is the specific message when...
calbum2 Inactive Malware Help Topics 6 05-09-2011 07:32 AM
Windows 7 Recovery Problem
Hello, I first got this about a month ago as "Win 7 2011 Security Alert" which wouldn't let me open internet explorer, disabled malwarebytes and caused general chaos. I managed to get malware bytes open by running an antivirus scan (Panda) and then malware bytes could update and detect/remove...
RichieFth Virus/Trojan/Spyware Help 21 04-28-2011 01:08 PM
XP security center
Hi, using XP SP3, with up to date AVG free. Using other PC to post this. I got the XP security center malware while browsing. I can not open exe files (but get no prompts like for missing associations for example, anything I have tried like Firefox, etc. I can navigate in windows explorer...
rgmm Resolved HJT Threads 16 04-09-2011 08:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:09 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts