Jump to content

su2.ff.avast.com Pop-ups


Recommended Posts

HI, I'm having trouble with Malwarebytes detecting su2.ff.avast.com and resulting in pop ups every minute or so. My computer seems to be acting fine otherwise and it has been doing this for about three days now. I have Malwarebytes Premium and Avast Free Antivirus. Windows Defender is also active I believe. My operating system is Windows Vista 32 Bit, so it's pretty old. Malwarebytes states that su2.ff.avast.com is an outgoing process, the port is 0, and the IP address is listed as 92.242.140.21 Any assistance you can offer me with this matter would be greatly appreciated.

My FRST.txt file and Addition file will be posted below the following line. Thank you for taking the time to review this.

_________________________________________________

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015
Ran by Raja (administrator) on RAJA-PC (10-09-2015 17:12:25)
Running from C:\Users\Raja\Downloads
Loaded Profiles: Raja & UpdatusUser (Available Profiles: Raja & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
() C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-07-23] (Realtek Semiconductor)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [bambooCore] => C:\Program Files\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2008-07-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-27] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2013-09-10] (Google Inc.)
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [Google Update] => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-17] (Google Inc.)
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1244296 2015-06-25] (Ruiware)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2008-09-23] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-16] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0F2BE87A-A6F8-4B27-985C-983BD65C0A9F}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS553
SearchScopes: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS553
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-16] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Raja\AppData\Roaming\Mozilla\Firefox\Profiles\m0nik5gi.default-1434553743009
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-20] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Raja\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @talk.google.com/O1DPlugin -> C:\Users\Raja\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Raja\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Raja\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-10]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]
CHR Extension: (Google Docs) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]
CHR Extension: (Google Drive) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]
CHR Extension: (YouTube) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]
CHR Extension: (Google Search) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]
CHR Extension: (Google Sheets) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Avast Online Security) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]
CHR Extension: (Gmail) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-16] (AVAST Software)
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S3 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [528256 2012-12-11] (Wacom Technology, Corp.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-16] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-16] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-16] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-16] (AVAST Software)
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [161224 2011-10-31] (Hauppauge, Inc.)
R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-12-03] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-27] (Logitech Inc.)
R3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [70048 2012-12-03] (Wacom Technology)
R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-11-15] (Wacom Technology)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-10 17:12 - 2015-09-10 17:12 - 00017147 _____ C:\Users\Raja\Downloads\FRST.txt
2015-09-10 16:33 - 2015-09-10 17:12 - 00000000 ____D C:\FRST
2015-09-10 16:33 - 2015-09-10 16:33 - 00000000 ____D C:\Users\Raja\Downloads\FRST-OlderVersion
2015-09-09 23:27 - 2015-09-09 23:27 - 00002091 _____ C:\Users\Raja\AppData\Local\recently-used.xbel
2015-09-09 23:22 - 2015-09-09 23:22 - 01660416 _____ C:\Users\Raja\Downloads\AdwCleaner.exe
2015-09-09 23:17 - 2015-09-10 16:33 - 01692672 _____ (Farbar) C:\Users\Raja\Downloads\FRST.exe
2015-09-09 06:30 - 2015-09-09 06:40 - 469590808 _____ C:\Users\Raja\Downloads\xhamster.com_5058864_babe_gets_sensually_sexed_720p.mp4
2015-09-09 03:45 - 2015-08-13 10:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-09 03:45 - 2015-08-13 10:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-09 03:44 - 2015-09-02 17:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 03:44 - 2015-09-02 17:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 03:39 - 2015-07-10 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 03:38 - 2015-09-02 17:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 03:38 - 2015-09-02 15:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 03:38 - 2015-09-02 15:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 03:36 - 2015-08-05 11:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 19:10 - 2015-08-17 13:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 19:10 - 2015-08-17 13:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 19:10 - 2015-08-17 13:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 19:10 - 2015-08-17 13:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 19:10 - 2015-08-17 13:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 19:10 - 2015-08-17 13:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 19:10 - 2015-08-17 13:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 19:10 - 2015-08-17 13:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 19:10 - 2015-08-17 13:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-08 19:10 - 2015-08-17 13:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-08 19:10 - 2015-08-17 13:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-08 19:10 - 2015-08-17 13:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 00:17 - 2015-09-08 00:17 - 00011554 _____ C:\Users\Raja\Documents\Scrap Text.odt
2015-08-23 23:42 - 2015-08-23 23:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2015-08-20 11:28 - 2015-08-20 11:28 - 00000000 ___RD C:\Program Files\Skype
2015-08-20 11:28 - 2015-08-20 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-20 11:28 - 2015-08-20 11:28 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-20 11:25 - 2015-08-20 11:25 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-20 11:24 - 2015-08-20 11:24 - 00000000 ____D C:\Users\Raja\AppData\Roaming\Sun
2015-08-20 11:24 - 2015-08-20 11:24 - 00000000 ____D C:\Users\Raja\.oracle_jre_usage
2015-08-20 11:20 - 2015-09-10 02:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-16 21:51 - 2015-08-16 21:51 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-16 21:51 - 2015-08-16 21:51 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-12 03:37 - 2015-07-21 16:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 03:37 - 2015-07-21 12:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 03:37 - 2015-07-21 12:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 03:37 - 2015-07-21 12:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-12 03:37 - 2015-07-21 12:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 03:37 - 2015-07-21 12:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-12 03:37 - 2015-07-21 12:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 03:37 - 2015-07-21 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 03:36 - 2015-07-31 15:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:35 - 2015-07-10 15:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 03:32 - 2015-07-11 11:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 03:19 - 2015-07-18 12:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 03:07 - 2015-07-31 17:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-12 03:07 - 2015-07-31 17:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-12 03:07 - 2015-07-31 17:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-12 03:07 - 2015-07-31 17:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-12 03:07 - 2015-07-31 16:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 03:07 - 2015-07-31 16:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-12 03:07 - 2015-07-31 16:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-12 03:07 - 2015-07-31 16:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 03:07 - 2015-07-31 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 03:03 - 2015-07-01 11:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 03:02 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 03:02 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-10 17:08 - 2015-06-20 02:44 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000UA.job
2015-09-10 16:51 - 2008-09-23 16:52 - 01418512 _____ C:\Windows\WindowsUpdate.log
2015-09-10 16:50 - 2013-09-10 19:59 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 16:49 - 2013-09-10 19:59 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-10 16:47 - 2015-04-10 20:22 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-10 16:47 - 2008-09-23 17:01 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2015-09-10 16:47 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-10 16:47 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-10 16:47 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-10 16:45 - 2006-11-02 09:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-09 23:27 - 2013-09-10 23:48 - 00000000 ____D C:\Users\Raja\.gimp-2.8
2015-09-09 22:46 - 2013-09-12 00:29 - 00000000 ____D C:\Users\Raja\AppData\Local\gtk-2.0
2015-09-09 22:21 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2015-09-09 22:01 - 2006-11-02 08:47 - 00322392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 07:55 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 03:49 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 03:44 - 2008-08-16 00:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 03:33 - 2006-11-02 06:33 - 00770974 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-09 03:28 - 2013-09-11 00:53 - 00000000 ____D C:\Windows\system32\MRT
2015-09-07 15:08 - 2015-06-20 02:44 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000Core.job
2015-09-06 05:04 - 2015-07-02 23:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-06 01:10 - 2015-04-10 22:52 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-31 18:44 - 2015-08-04 03:24 - 00000000 ____D C:\Users\Raja\AppData\Roaming\vlc
2015-08-26 18:36 - 2006-11-02 06:24 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-23 23:42 - 2006-11-02 08:52 - 00070219 _____ C:\Windows\setupact.log
2015-08-23 23:41 - 2013-09-10 23:38 - 00000000 ____D C:\Program Files\Tablet
2015-08-20 11:28 - 2015-04-10 23:00 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-20 11:28 - 2013-09-10 21:43 - 00000000 ____D C:\Users\Raja\AppData\Roaming\Skype
2015-08-20 11:28 - 2013-09-10 21:42 - 00000000 ____D C:\ProgramData\Skype
2015-08-20 11:24 - 2013-09-10 22:24 - 00000000 ____D C:\Users\Raja
2015-08-20 11:23 - 2014-01-27 17:01 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-08-20 11:23 - 2014-01-27 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-20 11:22 - 2014-01-27 17:00 - 00000000 ____D C:\Program Files\Java
2015-08-20 11:20 - 2013-09-22 17:02 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-20 11:20 - 2013-09-22 17:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-20 10:49 - 2008-01-20 22:47 - 00344734 _____ C:\Windows\PFRO.log
2015-08-16 21:51 - 2015-07-25 12:24 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-08-16 21:51 - 2015-04-10 20:22 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-16 21:51 - 2013-09-10 20:37 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-16 21:51 - 2013-09-10 20:37 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-16 21:51 - 2013-09-10 20:37 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-16 21:51 - 2013-09-10 20:37 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-08-16 21:51 - 2013-09-10 20:37 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-08-16 21:51 - 2013-09-10 20:37 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-16 21:50 - 2013-09-10 20:37 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-13 20:19 - 2013-09-12 00:11 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-08-12 03:39 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
 
==================== Files in the root of some directories =======
 
2015-06-17 09:43 - 2015-06-17 09:43 - 6420480 _____ () C:\Program Files\GUTA840.tmp
2013-10-22 19:44 - 2015-07-12 04:00 - 0013312 _____ () C:\Users\Raja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-09 23:27 - 2015-09-09 23:27 - 0002091 _____ () C:\Users\Raja\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
C:\Users\Raja\AppData\Local\Temp\jre-8u40-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-10 16:53
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015
Ran by Raja (2015-09-10 17:13:12)
Running from C:\Users\Raja\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-09-23 20:57:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1742146434-640598446-4293121517-500 - Administrator - Disabled)
Guest (S-1-5-21-1742146434-640598446-4293121517-501 - Limited - Disabled)
Raja (S-1-5-21-1742146434-640598446-4293121517-1000 - Administrator - Enabled) => C:\Users\Raja
UpdatusUser (S-1-5-21-1742146434-640598446-4293121517-1004 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2225 - AVAST Software)
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Canon MP Navigator EX 2.1 (HKLM\...\MP Navigator EX 2.1) (Version:  - )
Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.4316 - CyberLink Corp.)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.03.01 - AlcorMicro)
Digital Media Reader (Version: 2.01.03.01 - AlcorMicro) Hidden
eMachines Games (HKLM\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.52 - WildTangent)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0808.07150 - Google)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5643 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.1 - Ruiware)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\googletalkax.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\o1dax.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
 
==================== Restore Points =========================
 
07-07-2015 02:18:46 Windows Update
09-07-2015 18:49:32 Scheduled Checkpoint
10-07-2015 16:33:56 Windows Update
13-07-2015 14:47:13 Scheduled Checkpoint
14-07-2015 02:07:28 Windows Update
15-07-2015 18:51:18 Windows Update
16-07-2015 12:39:13 Installed Microsoft Fix it 50052
21-07-2015 01:44:59 Windows Update
21-07-2015 02:00:25 Windows Update
24-07-2015 02:06:16 Windows Update
24-07-2015 21:40:50 Scheduled Checkpoint
25-07-2015 12:22:52 avast! antivirus system restore point
25-07-2015 17:08:18 Device Driver Package Install: Hauppauge, Inc. Sound, video and game controllers
25-07-2015 17:24:46 Installed ShowBiz
28-07-2015 01:58:26 Windows Update
28-07-2015 02:20:44 Revo Uninstaller's restore point - ArcSoft ShowBiz
28-07-2015 02:22:18 Removed ShowBiz
28-07-2015 02:58:25 Revo Uninstaller's restore point - ArcSoft ShowBiz
28-07-2015 02:59:37 Revo Uninstaller's restore point - ArcSoft ShowBiz
28-07-2015 03:05:27 Removed ShowBiz
28-07-2015 03:11:38 Revo Uninstaller's restore point - Vectorian Giotto 3.0.0
03-08-2015 17:25:21 Windows Update
07-08-2015 18:21:49 Windows Update
12-08-2015 00:25:47 Windows Update
12-08-2015 03:01:45 Windows Update
14-08-2015 21:12:36 Scheduled Checkpoint
16-08-2015 21:49:38 avast! antivirus system restore point
20-08-2015 10:58:53 Windows Update
23-08-2015 22:21:25 Windows Update
27-08-2015 15:04:07 Windows Update
30-08-2015 18:16:06 Windows Update
06-09-2015 00:51:41 Windows Update
09-09-2015 03:01:39 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {27480592-B27A-46F0-91E5-369579613BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {29F5E7EF-13C3-4025-92F0-2DAC96BB26D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000UA => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {37C6230A-B329-4051-B73F-9CF31B85C551} - System32\Tasks\{305AE42E-B4EF-48B8-BCDE-B9395205BF20} => pcalua.exe -a D:\install.exe -d D:\
Task: {3D06BA25-38BB-4BB2-81FB-012929F21548} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000Core => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {68DD15ED-8DED-441B-B7C7-87C296B15EFB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {B05983CC-E9B9-4755-AE8B-53F025E67BF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-20] (Adobe Systems Incorporated)
Task: {CE69E5A4-EF5D-418E-926F-82F819270946} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {EF7C5191-519D-45F4-B393-C3D46A445915} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-16] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000Core.job => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000UA.job => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-10 20:21 - 2015-08-16 21:51 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-10 20:21 - 2015-08-16 21:51 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-10 16:32 - 2015-09-10 16:32 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091001\algo.dll
2008-09-23 17:00 - 2008-06-11 14:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2008-09-23 17:00 - 2008-09-23 17:00 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-09-23 17:00 - 2008-09-23 17:00 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-09-23 17:00 - 2008-09-23 17:00 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2008-09-23 17:00 - 2008-09-23 17:00 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2008-09-23 17:00 - 2008-09-23 17:00 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-09-23 17:00 - 2008-09-23 17:00 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2012-10-16 05:39 - 2012-10-16 05:39 - 00646744 _____ () C:\Program Files\Bamboo Dock\BambooCore.exe
2012-10-16 05:39 - 2012-10-16 05:39 - 00060504 _____ () C:\Program Files\Bamboo Dock\BambooWinTab.dll
2013-11-04 21:11 - 2015-04-10 20:21 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-10 23:38 - 2012-12-11 13:07 - 00963456 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-09-12 00:11 - 2013-09-12 00:11 - 00225792 _____ () C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img23.jpg
HKU\S-1-5-21-1742146434-640598446-4293121517-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{AC967495-BF5C-4FAC-BE81-D1930CBCAD46}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D347C07D-B641-4F74-9A37-B990B90FF1AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{72EFED56-D021-437F-935B-C36FE708F5F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{394F95E4-FA95-41C3-90B5-A3E510193619}] => (Allow) LPort=80
FirewallRules: [{FBCC46A1-111B-41D8-B486-049C7FB8916A}] => (Allow) LPort=80
FirewallRules: [{3C6BFE8B-7DC5-4437-B793-8B503FA7A1D2}] => (Allow) LPort=80
FirewallRules: [{B0751E89-A97C-4599-9A38-1FE66AD0E082}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8F9756C3-BDA2-4D34-A84C-53CD4F814ECC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6ED6CF0A-7214-4EF5-BB07-A982A9734578}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A0717BC3-0078-469D-A08F-639721617C33}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2015 04:47:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2015 04:30:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2015 10:02:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2015 03:26:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (09/09/2015 03:26:55 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (09/08/2015 06:31:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, faulting module jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, exception code 0x40000015, fault offset 0x00052d24,
process id 0x9c8, application start time 0xjucheck.exe0.
 
Error: (09/08/2015 06:23:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/07/2015 11:26:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, faulting module jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, exception code 0x40000015, fault offset 0x00052d24,
process id 0x17f0, application start time 0xjucheck.exe0.
 
Error: (09/07/2015 11:13:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/06/2015 12:41:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/10/2015 04:44:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 2Reboot the machinePlug and Play%%1190
 
Error: (09/10/2015 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Plug and Play1600002Reboot the machine
 
Error: (09/10/2015 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: DCOM Server Process Launcher1600002Reboot the machine
 
Error: (09/09/2015 03:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (09/09/2015 03:44:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (09/09/2015 03:38:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (09/09/2015 03:38:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (09/09/2015 03:38:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (09/09/2015 03:38:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (09/09/2015 03:38:15 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-09-10 16:48:48.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 16:31:27.579
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 03:10:59.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 03:10:58.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 03:10:57.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 03:10:56.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 03:10:56.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 03:10:55.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 03:01:39.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-10 00:32:25.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU E1400 @ 2.00GHz
Percentage of memory in use: 76%
Total physical RAM: 1790.51 MB
Available physical RAM: 420.5 MB
Total Virtual: 3832.45 MB
Available Virtual: 2094.14 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:288.09 GB) (Free:180.37 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:1.83 GB) (Free:0.21 GB) FAT
Drive i: () (Removable) (Total:7.44 GB) (Free:7.04 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 74ED8122)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 1.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

Link to post
Share on other sites

  • Root Admin

For the IP block please see the following which should correct that issue.

https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/

 

Then if you want we can continue to look at other possible issues as the logs do indicate the computer could probably use at least some minor clean up.

Fix the DNS issue then let us know if you want to continue to look for other possible malware on the system.

 

Thank you

Link to post
Share on other sites

  • Root Admin

Okay, no problem.

 


Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 

Link to post
Share on other sites

Alright, I'm going to try getting started with this again. I performed the RKill operation without too much of a hitch, but in Step 01 with ERUNT, it doesn't give me the option to decline adding an entry to the startup folder, and the directory my computer is saving it to is program files instead of Windows. Is it ok to proceed with the set up anyway?

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/16/2015

Scan Time: 1:51:54 PM

Logfile: 

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.09.16.04

Rootkit Database: v2015.08.16.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Raja

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 348407

Time Elapsed: 15 min, 8 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

  • Root Admin

Looks good so far, Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites


Ok, here are the logs; didn't indicate any detections from what I saw, but my computer has been trying to redirect me to random sites and Malwarebytes has been blocking it from doing so for a few days now:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.2 (09.14.2015:1)

OS: Windows Vista Home Premium x86

Ran by Raja on Sun 09/20/2015 at 18:26:39.90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Program Files\GUTA840.tmp

Successfully deleted: [File] C:\Users\Public\Desktop\ebay.lnk

Successfully deleted: [File] C:\Users\Raja\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage

Successfully deleted: [File] C:\Users\Raja\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\Raja\Appdata\Local\{4E8386F6-4403-4D95-94E4-54689F62C57F}

Successfully deleted: [Folder] C:\Program Files\bigfix

 

 

 

~~~ Chrome

 

 

[C:\Users\Raja\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Raja\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\Raja\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Raja\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 09/20/2015 at 18:31:55.21

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



# AdwCleaner v5.008 - Logfile created 20/09/2015 at 18:52:57

# Updated 18/09/2015 by Xplode

# Database : 2015-09-20.1 [server]

# Operating system : Windows Vista Home Premium Service Pack 2 (x86)

# Username : Raja - RAJA-PC

# Running from : C:\Users\Raja\Downloads\AdwCleaner (1).exe

# Option : Scan


 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

Folder Found : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

 

***** [ Files ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

 

***** [ Web browsers ] *****

 

[C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com

[C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [977 bytes] ##########

 


 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015

Ran by Raja (administrator) on RAJA-PC (24-09-2015 17:08:52)

Running from C:\Users\Raja\Downloads

Loaded Profiles: Raja & UpdatusUser (Available Profiles: Raja & UpdatusUser)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

() C:\Program Files\Bamboo Dock\BambooCore.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

() C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

(Oracle Corporation) C:\Program Files\Java\jre1.8.0_60\bin\jp2launcher.exe

(Google Inc.) C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe

(Google Inc.) C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

(Google Inc.) C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-07-23] (Realtek Semiconductor)

HKLM\...\Run: [eRecoveryService] => [X]

HKLM\...\Run: [bambooCore] => C:\Program Files\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()

HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2008-07-23] (Realtek Semiconductor Corp.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-27] (AVAST Software)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2013-09-10] (Google Inc.)

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [Google Update] => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-17] (Google Inc.)

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1244296 2015-06-25] (Ruiware)

AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2008-09-23] (Google)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-16] (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0F2BE87A-A6F8-4B27-985C-983BD65C0A9F}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{0F2BE87A-A6F8-4B27-985C-983BD65C0A9F}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w

SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS553

SearchScopes: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS553

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-16] (AVAST Software)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)

Toolbar: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Raja\AppData\Roaming\Mozilla\Firefox\Profiles\m0nik5gi.default-1434553743009

FF DefaultSearchEngine.US: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-20] ()

FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Raja\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @talk.google.com/O1DPlugin -> C:\Users\Raja\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)

FF Plugin ProgramFiles/Appdata: C:\Users\Raja\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Raja\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-11]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-10]

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]

CHR Extension: (Google Docs) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]

CHR Extension: (Google Drive) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]

CHR Extension: (YouTube) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]

CHR Extension: (Google Search) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]

CHR Extension: (Google Sheets) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]

CHR Extension: (Google Docs Offline) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]

CHR Extension: (Avast Online Security) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-10]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]

CHR Extension: (Gmail) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-16] (AVAST Software)

R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]

S3 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [528256 2012-12-11] (Wacom Technology, Corp.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-16] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-16] (AVAST Software)

R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-16] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-16] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-16] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-16] (AVAST Software)

R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-16] (AVAST Software)

S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-16] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-16] (AVAST Software)

R3 eapihdrv; C:\Users\Raja\AppData\Local\Temp\ehdrv.sys [135760 2015-09-24] (ESET)

S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [161224 2011-10-31] (Hauppauge, Inc.)

R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-12-03] (Windows ® Win 7 DDK provider)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-20] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)

S3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-27] (Logitech Inc.)

R3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [70048 2012-12-03] (Wacom Technology)

R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-11-15] (Wacom Technology)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-09-24 17:07 - 2015-09-24 17:07 - 00000515 _____ C:\Users\Raja\Desktop\FRST.exe - Shortcut.lnk

2015-09-24 15:30 - 2015-09-24 15:30 - 00000000 ____D C:\Program Files\ESET

2015-09-24 15:28 - 2015-09-24 15:28 - 02870984 _____ (ESET) C:\Users\Raja\Downloads\esetsmartinstaller_enu.exe

2015-09-20 19:03 - 2015-09-20 19:03 - 00001055 _____ C:\Users\Raja\Desktop\AdwCleaner[s1].txt

2015-09-20 18:52 - 2015-09-20 19:04 - 00000000 ____D C:\AdwCleaner

2015-09-20 18:51 - 2015-09-20 18:51 - 01662976 _____ C:\Users\Raja\Downloads\AdwCleaner (1).exe

2015-09-20 18:31 - 2015-09-20 18:31 - 00001652 _____ C:\Users\Raja\Desktop\JRT.txt

2015-09-20 18:05 - 2015-09-20 18:05 - 01798976 _____ (Malwarebytes) C:\Users\Raja\Downloads\JRT.exe

2015-09-19 16:47 - 2015-09-19 16:47 - 00003398 _____ C:\Users\Raja\AppData\Local\recently-used.xbel

2015-09-19 14:39 - 2015-09-19 14:39 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6436639F.sys

2015-09-17 20:20 - 2015-09-23 01:39 - 00020876 _____ C:\Users\Raja\Documents\Moving Sale.odt

2015-09-17 02:39 - 2015-09-17 17:13 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\40682036.sys

2015-09-16 13:49 - 2015-09-16 13:49 - 00000000 ____D C:\Windows\ERDNT

2015-09-16 13:47 - 2015-09-16 13:47 - 00000735 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk

2015-09-16 13:47 - 2015-09-16 13:47 - 00000735 _____ C:\Users\Raja\Desktop\NTREGOPT.lnk

2015-09-16 13:47 - 2015-09-16 13:47 - 00000716 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk

2015-09-16 13:47 - 2015-09-16 13:47 - 00000716 _____ C:\Users\Raja\Desktop\ERUNT.lnk

2015-09-16 13:47 - 2015-09-16 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2015-09-16 13:47 - 2015-09-16 13:47 - 00000000 ____D C:\Program Files\ERUNT

2015-09-11 20:54 - 2015-09-11 20:54 - 00791393 _____ (Lars Hederer ) C:\Users\Raja\Desktop\erunt-setup.exe

2015-09-11 20:50 - 2015-09-11 20:51 - 00002198 _____ C:\Users\Raja\Desktop\Rkill.txt

2015-09-11 20:50 - 2015-09-11 20:50 - 00000539 _____ C:\Users\Raja\Desktop\iExplore.exe - Shortcut.lnk

2015-09-11 20:49 - 2015-09-11 20:49 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Raja\Downloads\iExplore.exe

2015-09-10 17:13 - 2015-09-10 17:15 - 00038427 _____ C:\Users\Raja\Downloads\Addition.txt

2015-09-10 17:12 - 2015-09-24 17:08 - 00017415 _____ C:\Users\Raja\Downloads\FRST.txt

2015-09-10 16:33 - 2015-09-24 17:08 - 00000000 ____D C:\Users\Raja\Downloads\FRST-OlderVersion

2015-09-10 16:33 - 2015-09-24 17:08 - 00000000 ____D C:\FRST

2015-09-09 23:22 - 2015-09-09 23:22 - 01660416 _____ C:\Users\Raja\Downloads\AdwCleaner.exe

2015-09-09 23:17 - 2015-09-24 17:08 - 01695744 _____ (Farbar) C:\Users\Raja\Downloads\FRST.exe

2015-09-09 03:45 - 2015-08-13 10:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2015-09-09 03:45 - 2015-08-13 10:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2015-09-09 03:44 - 2015-09-02 17:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-09 03:44 - 2015-09-02 17:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-09 03:39 - 2015-07-10 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-09 03:38 - 2015-09-02 17:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-09 03:38 - 2015-09-02 15:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-09 03:38 - 2015-09-02 15:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-09 03:36 - 2015-08-05 11:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-08 19:10 - 2015-08-17 13:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-08 19:10 - 2015-08-17 13:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-08 19:10 - 2015-08-17 13:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-08 19:10 - 2015-08-17 13:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-08 19:10 - 2015-08-17 13:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-08 19:10 - 2015-08-17 13:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-08 19:10 - 2015-08-17 13:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-08 19:10 - 2015-08-17 13:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-08 19:10 - 2015-08-17 13:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-09-08 19:10 - 2015-08-17 13:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-09-08 19:10 - 2015-08-17 13:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-08 00:17 - 2015-09-08 00:17 - 00011554 _____ C:\Users\Raja\Documents\Scrap Text.odt

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-09-24 16:33 - 2013-09-10 19:59 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-09-24 16:19 - 2015-08-20 11:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-09-24 16:14 - 2015-06-20 02:44 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000UA.job

2015-09-24 15:21 - 2008-09-23 16:52 - 01759168 _____ C:\Windows\WindowsUpdate.log

2015-09-24 15:21 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-09-24 15:21 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-09-24 00:36 - 2015-06-20 02:44 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000Core.job

2015-09-24 00:36 - 2013-09-10 19:59 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-09-20 19:31 - 2015-04-10 20:22 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-20 19:30 - 2008-09-23 17:01 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml

2015-09-20 19:30 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-09-20 19:29 - 2006-11-02 09:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-19 23:48 - 2013-09-10 23:48 - 00000000 ____D C:\Users\Raja\.gimp-2.8

2015-09-19 16:47 - 2013-09-12 00:29 - 00000000 ____D C:\Users\Raja\AppData\Local\gtk-2.0

2015-09-16 18:41 - 2015-04-10 22:52 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-09-16 14:08 - 2013-09-10 22:26 - 00000000 ____D C:\Users\Raja\AppData\Local\Google

2015-09-11 00:00 - 2013-09-10 21:43 - 00000000 ____D C:\Users\Raja\AppData\Roaming\Skype

2015-09-11 00:00 - 2013-09-10 21:42 - 00000000 ____D C:\ProgramData\Skype

2015-09-09 22:21 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache

2015-09-09 22:01 - 2006-11-02 08:47 - 00322392 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-09 07:55 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 03:49 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET

2015-09-09 03:44 - 2008-08-16 00:21 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-09-09 03:33 - 2006-11-02 06:33 - 00770974 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-09 03:28 - 2013-09-11 00:53 - 00000000 ____D C:\Windows\system32\MRT

2015-09-06 05:04 - 2015-07-02 23:01 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-08-31 18:44 - 2015-08-04 03:24 - 00000000 ____D C:\Users\Raja\AppData\Roaming\vlc

2015-08-26 18:36 - 2006-11-02 06:24 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

 

==================== Files in the root of some directories =======

 

2013-10-22 19:44 - 2015-07-12 04:00 - 0013312 _____ () C:\Users\Raja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-19 16:47 - 2015-09-19 16:47 - 0003398 _____ () C:\Users\Raja\AppData\Local\recently-used.xbel

 

Some files in TEMP:

====================

C:\Users\Raja\AppData\Local\Temp\GUR56F5.exe

C:\Users\Raja\AppData\Local\Temp\jre-8u40-windows-au.exe

C:\Users\Raja\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-09-20 19:36

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.
Next:

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Next,

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

Here are the requested logs. Just a note, after I had finished using FRST, a pop up came from my WinPatrol program saying that something was trying to have my start up home page changed to some microsoft redirect link, but I didn't think that was related to the program I was running, so I declined it.

 

 

 

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Tue Sep 29 18:42:03 2015
 
Found and removed: C:\Users\Raja\AppData\LocalLow\Sun\Java\jre1.7.0_40
 
Found and removed: C:\Users\Raja\AppData\LocalLow\Sun\Java\jre1.7.0_45
 
Found and removed: C:\Users\Raja\AppData\LocalLow\Sun\Java\jre1.8.0_40
 
Found and removed: C:\Users\Raja\AppData\LocalLow\Sun\Java\jre1.8.0_45
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: JavaPlugin.FamilyVersionSupport
 
Found and removed: Software\JavaSoft\Java Update
 
Found and removed: SOFTWARE\Classes\JavaPlugin
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\Classes\JavaPlugin.10402
 
Found and removed: SOFTWARE\Classes\JavaPlugin.10512
 
------------------------------------
 
Finished reporting.
 
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01
Ran by Raja (2015-09-29 19:30:04) Run:1
Running from C:\Users\Raja\Desktop
Loaded Profiles: Raja & UpdatusUser (Available Profiles: Raja & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS553
SearchScopes: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS553
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-16] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
C:\Users\Raja\AppData\Local\Temp\GUR56F5.exe
C:\Users\Raja\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Raja\AppData\Local\Temp\sqlite3.dll
EmptyTemp:
Reboot:
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-1742146434-640598446-4293121517-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found. 
"HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found. 
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully.
HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key not found. 
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}" => key removed successfully.
HKCR\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} => key not found. 
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key not found. 
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2 => key not found. 
C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2 => key not found. 
C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll => not found.
"C:\Users\Raja\AppData\Local\Temp\GUR56F5.exe" => File/Folder not found.
"C:\Users\Raja\AppData\Local\Temp\jre-8u40-windows-au.exe" => File/Folder not found.
"C:\Users\Raja\AppData\Local\Temp\sqlite3.dll" => File/Folder not found.
EmptyTemp: => 280.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:30:42 ====
Link to post
Share on other sites

  • Root Admin

Yes, the fixlist was trying to reset your home page back to factory defaults in case of any bad entries in it.

How is the computer running now?
Are there still any signs of an infection or pop ups ?

 

 

 

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Link to post
Share on other sites

Augh, I suppose I might have to run the program again to change that setting? I didn't think the home page screen was something that could be altered, so I thought it was a virus trying to restore itself or something. Anytime I see redirect listed in the name, I worry a bit. In the future, I suppose I should allow any automatic setting changes that occur after using a fix tool to go through?

As for the computer itself, it seems faster and is loading pages more regularly now. I used to almost always get a "This page cannot be loaded." screen once before the page would actually load after a refresh. I still often get a blocked outbound pop-up whenever I recover from sleep. I used to notice some as I browsed through Youtube, or anything that loads images/ videos / gifs, but I haven't noticed it in a while. Just now though, the system tried to redirect me to a tumblr page I had visited before despite typing a completely different one in Google search, so I think there might be a problem there. Otherwise, it feels like it's getting better, the constant IP redirect issues are completely gone and the computer feels better, but those odd pop ups are being quite persistant. Going to run the malwarebytes scan now.

Link to post
Share on other sites

Hi, I got the Malwarebytes scan results here. My computer has been doing alright; I haven't had as many reloads of pages anymore, but occasionally it is now saying that I can't open pages because there isn't enough memory available. Also, a gone8.com(?) pop-up is still persisting, despite most concerns having eased quite a degree. Avast has updated since I last posted.Otherwise, the computer shouldn't have had too many changes.
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/7/2015
Scan Time: 2:36:31 AM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.07.01
Rootkit Database: v2015.10.06.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Raja
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346677
Time Elapsed: 13 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • 6 months later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.