Hi Mal,
Thanks for sticking with me on this. I really appreciate it. Things seem to be working pretty darn well. So far so good. The service out here is poor a lot of the time, but taking that into consideration the lockups are much better. I think we may finally be at the end of this madness. Looking forward to your reply.
TTFN,
LGW
Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Teresa's Laptop (2015-10-01 13:56:25) Run:9
Running from C:\Users\Teresa's Laptop\Desktop
Loaded Profiles: Teresa's Laptop (Available Profiles: Teresa's Laptop)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\GWX\GWX.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-09-10] ()
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3797571617-2345687493-384676197-1002 -> OldDefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 ogmservice; "C:\Program Files (x86)\Online Games Manager\ogmservice.exe" --service-run [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\system32\GWX
C:\Windows\SysWOW64\GWX
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
C:\Windows\system32\Drivers\etc\hosts_bak_236
C:\Windows\System32\Tasks\SidebarExecute
C:\Windows\system32\Drivers\etc\hosts_bak_245
C:\Windows\system32\Drivers\TrueSight.sys
C:\ProgramData\Comodo
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
C:\ProgramData\AVAST Software
C:\ProgramData\Real
015-09-23 18:36 - 2015-09-23 18:36 - 0000017 _____ () C:\Users\Teresa's Laptop\AppData\Local\resmon.resmoncfg
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Task: {A9EA09CC-0210-4813-9E2E-C3929101A8B6} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {CEBD64CB-0BA9-4BF9-909A-7C46A4503760} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com
CMD: netsh winsock reset catalog
hosts:
Emptytemp:
reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\GWX\GWX.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => moved successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\OldDefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully
HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin" => key removed successfully
C:\Program Files (x86)\PDFlite\npPdfViewer.dll => not found.
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll => moved successfully
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll => not found.
WinDefend => service removed successfully
ogmservice => service removed successfully
catchme => service removed successfully
C:\Windows\system32\GWX => moved successfully
C:\Windows\SysWOW64\GWX => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => moved successfully
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => moved successfully
C:\Windows\system32\Drivers\etc\hosts_bak_236 => moved successfully
C:\Windows\System32\Tasks\SidebarExecute => moved successfully
C:\Windows\system32\Drivers\etc\hosts_bak_245 => moved successfully
C:\Windows\system32\Drivers\TrueSight.sys => moved successfully
C:\ProgramData\Comodo => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\ProgramData\Real => moved successfully
015-09-23 18:36 - 2015-09-23 18:36 - 0000017 _____ () C:\Users\Teresa's Laptop\AppData\Local\resmon.resmoncfg => Error: No automatic fix found for this entry.
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9EA09CC-0210-4813-9E2E-C3929101A8B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EA09CC-0210-4813-9E2E-C3929101A8B6}" => key removed successfully
C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEBD64CB-0BA9-4BF9-909A-7C46A4503760}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEBD64CB-0BA9-4BF9-909A-7C46A4503760}" => key removed successfully
C:\Windows\System32\Tasks\SidebarExecute => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => not found.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com" => key removed successfully
========= netsh winsock reset catalog =========
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 348.9 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 14:01:16 ====
VirIT eXplorer Lite Log
[SCANNING MEMORY]
OK
--------------------------------------------------------
01/10/2015 - 14:09:19
[SCANNING REGISTRY]
OK
[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FileAssociationManager\FAM.exe.vir Infect of PUP.Win32.AmnisTech.A
* * * CLEAN * * *
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiGuard.exe.vir Infect of PUP.Win32.Reimage.A
* * * CLEAN * * *
C:\Old Disk\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2a-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Application Data\Real\RealPlayer\Update\RealPlayer11.exe Infect of Trojan.Win32.DownLoad1.NWI
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Desktop\Tools\Installs\avg_free_stb_all_2011_1153_cnet.exe -> avgrunasx.exe Infect of Trojan.Win32.Inject1.DAPL
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Desktop\wrar350.exe Infect of Trojan.Win32.Agent2.WQF
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Local Settings\Temporary Internet Files\Content.IE5\BRUDHJ2S\avg_free_stb_all_2011_1153_cnet[1].exe -> avgrunasx.exe Infect of Trojan.Win32.Inject1.DAPL
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Common Files\SpeechEngines\Microsoft\SR61\1033\ITNGRAM.DLL Infect of Trojan.Win32.Crypt_s.FWA
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Dream Chronicles - The Book of Air\xgmddkd.exe Infect of Trojan.Win32.Generic.MZ
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\iWin.com\Nancy Drew Blackmoor\NancyDrewCurse.ifn Infect of Backdoor.Win32.Bandok.B
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Midnight Mysteries - Salem Witch Trials\hqxwpqp.exe Infect of Trojan.Win32.Generic.MZ
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll Infect of Adware.Win32.Coupons.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll Infect of Adware.Win32.Coupons.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Enforce.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\mmlicmgr.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\MMCodec.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\MP3.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.out Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.inp Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\mmlicmgr.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\MP3Pro.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\Musicmatch Update\WMP\MP3Pro.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Enforce.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\MMCodec.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\MP3.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll Infect of Spyware.ViewPoint.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\WebEx\WebEx\832\atscjoin.exe Infect of Trojan.Win32.Generic.CMDR
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Yahoo!\Common\Yshortcut.exe Infect of Trojan.Win32.Click2.BVBU
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Yahoo!\Messenger\YServer.exe Infect of Trojan.Win32.Generic.BYKS
* * * CLEAN * * *
C:\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\Templates\CrazyTalk 4 Template\Effect\Stork.js Infect of I-WORM.JS.A
* * * CLEAN * * *
C:\Program Files (x86)\ERUNT\NTREGOPT.EXE Infect of Trojan.Win32.Banker6.CDPF
* * * CLEAN * * *
C:\Program Files (x86)\Google\Picasa3\PicasaUpdater.exe Infect of Trojan.Win32.Click.CQE
* * * CLEAN * * *
C:\USERS\TERESA'S LAPTOP\DESKTOP\MYPHONEEXPLORER PORTABLE\DLL\MPECLIENT.APK -> classes.dex Infect of Android.Trj.SMSAgent-S.Gen
* * * CLEAN * * *
C:\Users\Teresa's Laptop\Downloads\Installer_mysteriesnevervrunestoneoflight.exe Infect of Trojan.Win32.Stealer.TMS
* * * CLEAN * * *
C:\USERS\TERESA'S LAPTOP\SD CARD DOWNLOAD\DOWNLOAD\360MOBILESAFE_1.0.0.1084.APK -> classes.dex Infect of Android.Trj.SMSAgent-S.Gen
* * * CLEAN * * *
C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll Infect of PUP.Win32.Linkury.A
* * * CLEAN * * *
[D:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK
Infected Registry keys: 0.
Files infected: 39.
Files suspected: 0.
Files scanned: 728843.
Files totals: 728843.
Registry keys clean: 0.
Files cleaned: 38.
Thanks for sticking with me on this. I really appreciate it. Things seem to be working pretty darn well. So far so good. The service out here is poor a lot of the time, but taking that into consideration the lockups are much better. I think we may finally be at the end of this madness. Looking forward to your reply.
TTFN,
LGW
Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Teresa's Laptop (2015-10-01 13:56:25) Run:9
Running from C:\Users\Teresa's Laptop\Desktop
Loaded Profiles: Teresa's Laptop (Available Profiles: Teresa's Laptop)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\GWX\GWX.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-09-10] ()
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3797571617-2345687493-384676197-1002 -> OldDefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 ogmservice; "C:\Program Files (x86)\Online Games Manager\ogmservice.exe" --service-run [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\system32\GWX
C:\Windows\SysWOW64\GWX
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
C:\Windows\system32\Drivers\etc\hosts_bak_236
C:\Windows\System32\Tasks\SidebarExecute
C:\Windows\system32\Drivers\etc\hosts_bak_245
C:\Windows\system32\Drivers\TrueSight.sys
C:\ProgramData\Comodo
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
C:\ProgramData\AVAST Software
C:\ProgramData\Real
015-09-23 18:36 - 2015-09-23 18:36 - 0000017 _____ () C:\Users\Teresa's Laptop\AppData\Local\resmon.resmoncfg
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Task: {A9EA09CC-0210-4813-9E2E-C3929101A8B6} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {CEBD64CB-0BA9-4BF9-909A-7C46A4503760} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com
CMD: netsh winsock reset catalog
hosts:
Emptytemp:
reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\GWX\GWX.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => moved successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\OldDefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully
HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin" => key removed successfully
C:\Program Files (x86)\PDFlite\npPdfViewer.dll => not found.
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll => moved successfully
"HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll => not found.
WinDefend => service removed successfully
ogmservice => service removed successfully
catchme => service removed successfully
C:\Windows\system32\GWX => moved successfully
C:\Windows\SysWOW64\GWX => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => moved successfully
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => moved successfully
C:\Windows\system32\Drivers\etc\hosts_bak_236 => moved successfully
C:\Windows\System32\Tasks\SidebarExecute => moved successfully
C:\Windows\system32\Drivers\etc\hosts_bak_245 => moved successfully
C:\Windows\system32\Drivers\TrueSight.sys => moved successfully
C:\ProgramData\Comodo => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\ProgramData\Real => moved successfully
015-09-23 18:36 - 2015-09-23 18:36 - 0000017 _____ () C:\Users\Teresa's Laptop\AppData\Local\resmon.resmoncfg => Error: No automatic fix found for this entry.
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9EA09CC-0210-4813-9E2E-C3929101A8B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EA09CC-0210-4813-9E2E-C3929101A8B6}" => key removed successfully
C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEBD64CB-0BA9-4BF9-909A-7C46A4503760}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEBD64CB-0BA9-4BF9-909A-7C46A4503760}" => key removed successfully
C:\Windows\System32\Tasks\SidebarExecute => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => not found.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com" => key removed successfully
========= netsh winsock reset catalog =========
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 348.9 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 14:01:16 ====
VirIT eXplorer Lite Log
[SCANNING MEMORY]
OK
--------------------------------------------------------
01/10/2015 - 14:09:19
[SCANNING REGISTRY]
OK
[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FileAssociationManager\FAM.exe.vir Infect of PUP.Win32.AmnisTech.A
* * * CLEAN * * *
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiGuard.exe.vir Infect of PUP.Win32.Reimage.A
* * * CLEAN * * *
C:\Old Disk\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2a-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Application Data\Real\RealPlayer\Update\RealPlayer11.exe Infect of Trojan.Win32.DownLoad1.NWI
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Desktop\Tools\Installs\avg_free_stb_all_2011_1153_cnet.exe -> avgrunasx.exe Infect of Trojan.Win32.Inject1.DAPL
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Desktop\wrar350.exe Infect of Trojan.Win32.Agent2.WQF
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Local Settings\Temporary Internet Files\Content.IE5\BRUDHJ2S\avg_free_stb_all_2011_1153_cnet[1].exe -> avgrunasx.exe Infect of Trojan.Win32.Inject1.DAPL
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Common Files\SpeechEngines\Microsoft\SR61\1033\ITNGRAM.DLL Infect of Trojan.Win32.Crypt_s.FWA
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Dream Chronicles - The Book of Air\xgmddkd.exe Infect of Trojan.Win32.Generic.MZ
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\iWin.com\Nancy Drew Blackmoor\NancyDrewCurse.ifn Infect of Backdoor.Win32.Bandok.B
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Midnight Mysteries - Salem Witch Trials\hqxwpqp.exe Infect of Trojan.Win32.Generic.MZ
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll Infect of Adware.Win32.Coupons.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll Infect of Adware.Win32.Coupons.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Enforce.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\mmlicmgr.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\MMCodec.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\MP3.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.out Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.inp Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\mmlicmgr.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\MP3Pro.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\Musicmatch Update\WMP\MP3Pro.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Enforce.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\MMCodec.dll Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\MP3.cdc Infect of Packer.Vundo.Gen
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll Infect of Spyware.ViewPoint.A
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\WebEx\WebEx\832\atscjoin.exe Infect of Trojan.Win32.Generic.CMDR
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Yahoo!\Common\Yshortcut.exe Infect of Trojan.Win32.Click2.BVBU
* * * CLEAN * * *
C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Yahoo!\Messenger\YServer.exe Infect of Trojan.Win32.Generic.BYKS
* * * CLEAN * * *
C:\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\Templates\CrazyTalk 4 Template\Effect\Stork.js Infect of I-WORM.JS.A
* * * CLEAN * * *
C:\Program Files (x86)\ERUNT\NTREGOPT.EXE Infect of Trojan.Win32.Banker6.CDPF
* * * CLEAN * * *
C:\Program Files (x86)\Google\Picasa3\PicasaUpdater.exe Infect of Trojan.Win32.Click.CQE
* * * CLEAN * * *
C:\USERS\TERESA'S LAPTOP\DESKTOP\MYPHONEEXPLORER PORTABLE\DLL\MPECLIENT.APK -> classes.dex Infect of Android.Trj.SMSAgent-S.Gen
* * * CLEAN * * *
C:\Users\Teresa's Laptop\Downloads\Installer_mysteriesnevervrunestoneoflight.exe Infect of Trojan.Win32.Stealer.TMS
* * * CLEAN * * *
C:\USERS\TERESA'S LAPTOP\SD CARD DOWNLOAD\DOWNLOAD\360MOBILESAFE_1.0.0.1084.APK -> classes.dex Infect of Android.Trj.SMSAgent-S.Gen
* * * CLEAN * * *
C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll Infect of PUP.Win32.Linkury.A
* * * CLEAN * * *
[D:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK
Infected Registry keys: 0.
Files infected: 39.
Files suspected: 0.
Files scanned: 728843.
Files totals: 728843.
Registry keys clean: 0.
Files cleaned: 38.
Last edited by a moderator: