Completely Infected...Help!

[PaulaKoala]

On the 25th, Avast Antivirus began telling me repeatedly that my computer was infected with a Trojan virus and recommending that I move it to the vault, but it would not allow the file to be moved. I did some searching online and discovered that it was a Vundo Trojan, ran a few more scans as recommended, but nothing seems to be able to isolate or solve the problem. As of now, I have so many different detection programs installed that I'm afraid they are all conflicting with one another. I did my best to follow the instructions in the 'READ ME Before Posting' thread, but my computer won't allow some programs to complete installation. I'm attaching my hijackthis log and my kaspersky log in hopes that they can help you help me. Please!

Thanks,
Paula

[jholland1964]

Download ComboFix from Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[jholland1964]

In your Kaspersky log I see that VundoFix DID remove vundo, I do not see TOO many different detection programs running as you stated. The ones I see that I would TURN off are AdAware2007 and AVG Anti-spy, which are running in the background. I would keep both but only use them for weekly scanning purposes.
You stated you had several programs from the sticky which would not install...which ones were those?
Once you run the combo fix there might be other fixes needed but show me that log first before we make that determination.
Please run a NEW HJT scan AFTER running the combofix and post that new HJT log also.

[PaulaKoala]

ComboFix 07-10-29.1 - Paula 2007-10-30 14:20:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.419 [GMT -4:00]
Running from: C:\Documents and Settings\Paula\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Temp\fCOe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\dbasbbvx.dll
C:\WINDOWS\system32\ddlvepbs.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\oTt06e
C:\WINDOWS\system32\oTt08e
C:\WINDOWS\system32\oyjerxoa.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ptpckcpx.dll
C:\WINDOWS\system32\rwpqjiwy.dllbox
C:\WINDOWS\system32\sbpevldd.ini
C:\WINDOWS\system32\xbgjzuai.dllbox
C:\WINDOWS\system32\xfinkknv.dll
C:\WINDOWS\system32\xpckcptp.ini
C:\WINDOWS\system32\xvbbsabd.ini
C:\WINDOWS\winshow.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 14:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 09:44 <DIR> d-------- C:\KAV
2007-10-30 08:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-30 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-30 08:29 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-30 08:15 1,083,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-30 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-30 01:03 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-30 01:01 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-30 01:01 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-30 00:55 <DIR> d-------- C:\WINDOWS\Sun
2007-10-30 00:51 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-30 00:28 12,413,440 --a------ C:\Program Files\avgas-setup-7.5.1.43.exe
2007-10-29 15:52 589 --a------ C:\WINDOWS\system32\upiakhxm.dll
2007-10-29 11:35 <DIR> d-------- C:\Documents and Settings\Paula\Application Data\Grisoft
2007-10-29 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-29 11:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-29 11:06 <DIR> d-------- C:\Deckard
2007-10-29 10:50 <DIR> d-------- C:\Program Files\PC Registry Cleaner
2007-10-29 10:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-10-29 02:58 <DIR> d-------- C:\Program Files\Hijack This
2007-10-29 01:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-28 13:53 <DIR> d-------- C:\VundoFix Backups
2007-10-26 21:51 3,334 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-26 21:42 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-26 21:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-26 21:42 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-26 21:42 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-26 21:42 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-26 20:15 <DIR> d-------- C:\Program Files\SpyNoMore
2007-10-26 20:15 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-10-10 11:02 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-05 20:27 <DIR> d-------- C:\Program Files\iTunes
2007-10-05 20:27 <DIR> d-------- C:\Program Files\iPod
2007-10-05 20:22 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-04 16:56 <DIR> d-------- C:\Documents and Settings\Paula\Application Data\Leadertech
2007-10-04 15:17 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2007-10-04 15:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-10-04 15:16 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2007-10-04 13:36 61,440 -ra------ C:\WINDOWS\system32\vuins32.dll
2007-10-04 13:36 43,008 -ra------ C:\WINDOWS\system32\drivers\dlkfet5b.sys
2007-10-03 12:52 <DIR> d-------- C:\Program Files\support.com
2007-10-03 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-10-01 11:37 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-01 11:37 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-09-05 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-09-05 18:12 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-09-05 18:12 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-09-05 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-09-05 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-30 18:28 13,724 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-30 18:05 --------- d-----w C:\Program Files\Java
2007-10-30 12:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 14:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 04:51 --------- d-----w C:\Program Files\Picasa2
2007-10-04 19:17 --------- d--h--w C:\Documents and Settings\Paula\Application Data\GTek
2007-10-04 18:59 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-04 18:59 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-16 14:43 --------- d-----w C:\Documents and Settings\Paula\Application Data\U3
2007-09-14 19:59 --------- d-----w C:\Program Files\AIM
2007-09-14 19:58 --------- d-----w C:\Documents and Settings\Paula\Application Data\Aim
2007-09-06 20:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 20:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-09 13:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-06-27 03:31 17,896,352 ----a-w C:\Program Files\aaw2007.exe
2007-06-07 22:37 32,168 -c--a-w C:\Documents and Settings\Paula\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C24D5130-56F2-4185-9B8D-176699246E07}]
C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\addyw32.exe]
C:\WINDOWS\addyw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???
?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MISAggregator]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R2 elagopro;GoProto Protocol Driver for LELA;C:\WINDOWS\system32\DRIVERS\elagopro.sys
R2 elaunidr;UniDriver for LELA;C:\WINDOWS\system32\DRIVERS\elaunidr.sys
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d9479720-2cd7-11db-a491-00018036482e}]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e2ffe6f0-2bdd-11db-a489-000039727365}]
AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 22:45:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-30 18:18:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 14:31:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-30 14:33:56 - machine was rebooted
.
--- E O F ---

[PaulaKoala]

Here is my new Hijackthis log. Can you give me the steps to take to turn off AdAware2007 and AVG Anti-spy? I'm going to take another look at the sticky and let you know what I wasn't able to complete. Thank you!

[PaulaKoala]

Sorry. HERE is the log...

[PaulaKoala]

Right now it's running much better. I'm able to access the Internet (especially my email) without any pop-ups and things are running faster. Does everything look okay to you?

[jholland1964]

Run HJT again and place a checkmark next to the following entries;
O2 - BHO: (no name) - {C24D5130-56F2-4185-9B8D-176699246E07} - C:\WINDOWS\system32\ssqpn.dll (file missing)O18 - Protocol: bw+0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw+0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw-0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw-0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw00 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw00s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw10 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw10s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw20 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw20s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw30 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw30s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw40 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw40s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw50 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw50s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw60 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw60s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw70 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw70s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw80 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw80s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw90 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bw90s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwa0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwa0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwb0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwb0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwc0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwc0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwd0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwd0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwe0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwe0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwf0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwf0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwg0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwh0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwh0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwi0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwi0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwj0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwj0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwk0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwk0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwl0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwl0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwm0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwm0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwn0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwn0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwo0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwo0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwp0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwp0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwq0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwq0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwr0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwr0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bws0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bws0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwt0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwt0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwu0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwu0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwv0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwv0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bww0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bww0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwx0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwx0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwy0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwy0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwz0 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: bwz0s - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)
O18 - Protocol: offline-8876480 - {C386A2F7-A223-48F9-9A18-6FC0441A6B07} - (no file)

Once you have placed the checkmarks then click the Fix Checked Button.
Exit HJT.
Reboot and run a new HJT scan and post the log here.

[PaulaKoala]

Here's the new log.

[jholland1964]

What anti-virus scanner do you use? I don't see an active one on the computer.