brownhornet Posted September 8, 2015 Share Posted September 8, 2015 this computer would bluescreen constantly,found out it was running 2 AV programs which i uninstalled. no more BSOD.i ran the following which got rid of a bunch of stuff: MB,adwcleaner,TFC,superantispyware,tried running JRT but it quit just after starting. even ran a scan by Avast. the computer is still get pop up adds after installing adblock plus as well as redirects. here is a HJT log after scanning...sad to say this is running XP Logfile of Trend Micro HijackThis v2.0.5Scan saved at 8:15:05 PM, on 9/7/2015Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)FIREFOX: 40.0.3 (x86 en-US)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exeC:\WINDOWS\system32\lxducoms.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Auslogics\DiskDefrag\DiskDefrag.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=odc179R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startupO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://www.msn.comO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1434231795578O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: Hyphen Multimedia (doviqexy) - Unknown owner - C:\Documents.exe (file missing)O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exeO23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 4848 bytes Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 Farbar Recovery Scan Tool (FRST) ScanPlease download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop. Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run. Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme. Click Yes to the disclaimer. Ensure the Addition.txt box is checked. Click the Scan button and let the programme run. Upon completion, click OK, then OK on the Addition.txt pop up screen. Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. Link to comment Share on other sites More sharing options...
brownhornet Posted September 8, 2015 Author Share Posted September 8, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015Ran by Owner (administrator) on D2YGHXB1 (08-09-2015 04:58:28)Running from C:\Documents and Settings\Owner\My Documents\DownloadsLoaded Profiles: Owner (Available Profiles: Owner & Administrator)Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)Internet Explorer Version 8 (Default browser not detected!)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe(Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe( ) C:\WINDOWS\system32\lxducoms.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-07] (AVAST Software)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupAppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No FileAppInit_DLLs: c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => No FileAppInit_DLLs: c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll => No FileShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)ProxyEnable: [.DEFAULT] => Proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:47574Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11Tcpip\..\Interfaces\{EAF49E9D-1EE2-4C89-8BEF-685E228449E3}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehpHKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1395439306718DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-04] (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)FireFox:========FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xz1s2yzz.default-1441700062562FF Homepage: hxxps://www.yahoo.com/FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-07] ()FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)FF Plugin HKU\S-1-5-21-4000980144-3649526369-3817165490-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No FileFF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xz1s2yzz.default-1441700062562\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-08]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-10]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]Chrome:=======CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-07]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]CHR HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)R2 lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2009-08-19] (Lexmark International, Inc.)R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [594600 2009-08-19] ( )R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]S2 doviqexy; C:\Documents and Settings\Owner\Application Data\VOPackage\nsh148.tmpfs [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-07] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-09-07] (AVAST Software)S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-07] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-08] (Malwarebytes Corporation)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [1076968 2013-03-12] (Realtek Semiconductor Corporation )R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1107224 2006-02-10] (SigmaTel, Inc.)S3 bvrp_pci; no ImagePathS3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]S3 DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [X]S1 gfilterdrv; system32\drivers\gfilterdrv.sys [X]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)S3 wanatw; system32\DRIVERS\wanatw4.sys [X]S1 ywiynzu4njzmymj; system32\drivers\ywiynzu4njzmymj.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-09-08 04:54 - 2015-09-08 04:58 - 00000000 ____D C:\FRST2015-09-08 04:53 - 2015-09-08 04:53 - 00000885 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to FRST.lnk2015-09-08 04:24 - 2013-01-31 02:02 - 00144160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcolor.exe2015-09-08 04:23 - 2015-09-08 04:23 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin2015-09-08 04:23 - 2015-09-08 04:23 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin2015-09-08 04:23 - 2015-09-08 04:23 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin2015-09-08 04:23 - 2015-09-08 04:23 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk2015-09-08 04:23 - 2013-01-31 04:22 - 00065536 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll2015-09-08 04:22 - 2015-09-08 04:24 - 00000000 ____D C:\Program Files\NVIDIA Corporation2015-09-08 04:22 - 2013-01-31 04:22 - 17551360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll2015-09-08 04:22 - 2013-01-31 04:22 - 07536640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll2015-09-08 04:22 - 2013-01-31 04:22 - 05967872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll2015-09-08 04:22 - 2013-01-31 04:22 - 02816504 _____ C:\WINDOWS\system32\nvdata.data2015-09-08 04:22 - 2013-01-31 04:22 - 02581792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll2015-09-08 04:22 - 2013-01-31 04:22 - 01869088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll2015-09-08 04:22 - 2013-01-31 04:22 - 01010464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco32.dll2015-09-08 04:22 - 2013-01-31 04:22 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco32.dll2015-09-08 04:22 - 2013-01-31 04:22 - 00015449 _____ C:\WINDOWS\system32\nvinfo.pb2015-09-08 04:21 - 2015-09-08 04:21 - 00000000 ____D C:\NVIDIA2015-09-08 03:42 - 2015-09-08 03:42 - 00000917 _____ C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk2015-09-08 03:42 - 2015-09-08 03:42 - 00000000 ____D C:\Program Files\VS Revo Group2015-09-08 03:28 - 2015-09-08 03:28 - 00000971 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\Shortcut to TFC.lnk2015-09-08 03:26 - 2015-09-08 03:26 - 00000000 __SHD C:\Documents and Settings\Administrator.D2YGHXB1\PrivacIE2015-09-08 01:25 - 2015-09-08 01:25 - 00000000 ____D C:\Program Files\Adblock Plus for IE2015-09-08 01:25 - 2015-09-08 01:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adblock Plus for IE2015-09-08 01:25 - 2015-09-08 01:25 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Adblock Plus for IE2015-09-08 01:02 - 2015-09-08 01:02 - 00000290 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\Shortcut (2) to AdwCleaner(1).lnk2015-09-08 00:59 - 2015-09-08 00:59 - 00060846 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\eset.txt2015-09-07 23:47 - 2015-09-07 23:47 - 00000000 ____D C:\Program Files\ESET2015-09-07 23:44 - 2015-09-07 23:44 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\SUPERAntiSpyware.com2015-09-07 23:40 - 2015-09-07 23:40 - 00000971 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\Shortcut to JRT.lnk2015-09-07 23:40 - 2015-09-07 23:40 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\Macromedia2015-09-07 23:40 - 2015-09-07 23:40 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\Adobe2015-09-07 23:38 - 2015-09-07 23:38 - 00000000 __SHD C:\Documents and Settings\Administrator.D2YGHXB1\IETldCache2015-09-07 23:38 - 2015-09-07 23:38 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Application Data\Mozilla2015-09-07 23:38 - 2015-09-07 23:38 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\Mozilla2015-09-07 23:29 - 2015-09-07 23:29 - 00000803 _____ C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk2015-09-07 23:28 - 2015-09-08 04:25 - 00002884 _____ C:\WINDOWS\COM+.log2015-09-07 23:11 - 2015-09-07 23:12 - 00037780 _____ C:\WINDOWS\KB2909921-IE8.log2015-09-07 23:11 - 2015-09-07 23:11 - 00042185 _____ C:\WINDOWS\KB982381-IE8.log2015-09-07 23:11 - 2015-09-07 23:11 - 00031251 _____ C:\WINDOWS\KB2598845-IE8.log2015-09-07 23:10 - 2015-09-07 23:29 - 00007295 _____ C:\WINDOWS\spupdsvc.log2015-09-07 23:09 - 2015-09-07 23:11 - 00042994 _____ C:\WINDOWS\ie8.log2015-09-07 23:09 - 2015-09-07 23:11 - 00000000 __HDC C:\WINDOWS\ie82015-09-07 22:59 - 2015-09-07 23:00 - 00000000 ____D C:\Program Files\SpywareBlaster2015-09-07 22:59 - 2015-09-07 22:59 - 00000754 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk2015-09-07 22:59 - 2015-09-07 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster2015-09-07 22:59 - 2015-09-07 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses2015-09-07 20:16 - 2015-09-07 20:16 - 00004849 _____ C:\Documents and Settings\Owner\Desktop\HJT.txt2015-09-07 20:14 - 2015-09-07 20:14 - 00000919 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to HijackThis.lnk2015-09-07 20:11 - 2015-09-07 20:11 - 00000822 _____ C:\Documents and Settings\Owner\Desktop\Auslogics DiskDefrag.lnk2015-09-07 20:08 - 2015-09-07 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics2015-09-07 20:06 - 2015-09-07 20:11 - 00000000 ____D C:\Program Files\Auslogics2015-09-07 20:06 - 2015-09-07 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics2015-09-07 20:06 - 2015-09-07 20:06 - 00000889 _____ C:\Documents and Settings\Owner\Desktop\Auslogics Registry Cleaner.lnk2015-09-07 19:16 - 2015-09-07 19:16 - 00238202 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache2015-09-07 19:16 - 2015-09-07 19:16 - 00172856 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache2015-09-07 19:11 - 2015-05-29 00:43 - 00303744 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys2015-09-07 19:10 - 2015-09-07 19:10 - 00000036 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache2015-09-07 18:32 - 2015-09-08 03:35 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-09-07 18:32 - 2015-09-07 18:32 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2015-09-07 18:32 - 2015-09-07 18:32 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-09-07 18:32 - 2015-09-07 18:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2015-09-07 18:32 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-09-07 18:32 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-09-07 17:43 - 2015-09-07 17:43 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk2015-09-07 17:43 - 2015-09-07 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software2015-09-07 17:42 - 2015-09-08 04:47 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2015-09-07 17:42 - 2015-09-07 17:42 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys2015-09-07 17:42 - 2015-09-07 17:42 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2015-09-07 17:42 - 2015-09-07 17:42 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2015-09-07 17:42 - 2015-09-07 17:42 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys2015-09-07 17:42 - 2015-09-07 17:42 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys2015-09-07 17:42 - 2015-09-07 17:42 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2015-09-07 17:42 - 2015-09-07 17:42 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys2015-09-07 17:42 - 2015-09-07 17:42 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys2015-09-07 17:42 - 2015-09-07 17:42 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-09-07 17:42 - 2015-09-07 17:42 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2015-09-07 17:42 - 2015-09-07 17:42 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys2015-09-07 17:41 - 2015-09-07 17:41 - 00000000 ____D C:\Program Files\AVAST Software2015-09-07 17:27 - 2015-09-07 17:27 - 00000919 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to AdwCleaner.lnk2015-09-07 17:26 - 2015-09-07 17:26 - 00000878 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to JRT.lnk2015-09-07 17:25 - 2015-09-07 17:25 - 00000878 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to TFC.lnk2015-09-07 16:52 - 2015-09-07 16:52 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com2015-09-07 16:51 - 2015-09-07 16:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2015-09-07 16:51 - 2015-09-07 16:51 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk2015-09-07 16:51 - 2015-09-07 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware2015-09-07 16:51 - 2015-09-07 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com2015-09-07 16:48 - 2015-09-07 16:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes2015-09-07 16:32 - 2015-09-07 16:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2015-09-07 16:32 - 2015-09-07 16:32 - 00000000 ____D C:\Program Files\Mozilla Firefox2015-09-07 16:21 - 2013-03-12 05:49 - 01076968 ____R (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\RTL8192cu.sys2015-09-07 16:03 - 2015-09-08 04:32 - 00000000 ____D C:\AdwCleaner2015-09-07 16:03 - 2015-09-07 16:03 - 00000290 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\Shortcut to AdwCleaner(1).lnk2015-09-07 15:58 - 2015-09-08 03:36 - 00000178 ___SH C:\Documents and Settings\Administrator.D2YGHXB1\ntuser.ini2015-09-07 15:58 - 2015-09-08 03:31 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp2015-09-07 15:58 - 2015-09-08 03:26 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB12015-09-07 15:58 - 2015-03-23 22:26 - 00001774 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Internet Explorer.lnk2015-09-07 15:58 - 2014-03-21 14:54 - 00000000 ___HD C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\Gtek2015-09-07 15:58 - 2006-10-05 15:51 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Application Data\Musicmatch2015-09-07 15:58 - 2006-10-05 15:50 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Application Data\Google2015-09-07 15:58 - 2006-10-05 15:36 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}2015-09-07 15:58 - 2006-10-05 15:28 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Dell Accessories2015-09-07 15:58 - 2006-10-05 15:28 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Dell2015-09-07 15:58 - 2004-08-10 11:08 - 00000642 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Outlook Express.lnk2015-09-07 15:58 - 2004-08-10 11:04 - 00001503 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Remote Assistance.lnk2015-09-07 15:58 - 2004-08-10 11:02 - 00000000 ___RD C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Accessories2015-09-07 15:48 - 2015-09-07 17:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp2015-09-07 15:48 - 2015-09-07 15:48 - 00000000 ____D C:\Documents and Settings\Administrator2015-09-07 15:48 - 2015-03-23 22:26 - 00001774 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk2015-09-07 15:48 - 2014-03-21 14:54 - 00000000 ___HD C:\Documents and Settings\Administrator\Application Data\Gtek2015-09-07 15:48 - 2006-10-05 15:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch2015-09-07 15:48 - 2006-10-05 15:50 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini2015-09-07 15:48 - 2006-10-05 15:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google2015-09-07 15:48 - 2006-10-05 15:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}2015-09-07 15:48 - 2006-10-05 15:28 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories2015-09-07 15:48 - 2006-10-05 15:28 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dell2015-09-07 15:48 - 2004-08-10 11:08 - 00000642 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk2015-09-07 15:48 - 2004-08-10 11:04 - 00001503 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk2015-09-07 15:48 - 2004-08-10 11:02 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories2015-09-07 15:47 - 2015-09-07 15:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini090715-03.dmp2015-09-07 15:44 - 2015-09-07 15:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini090715-02.dmp2015-09-07 15:34 - 2015-09-07 15:35 - 00000000 ____D C:\WINDOWS\pss2015-09-07 13:49 - 2015-09-07 13:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini090715-01.dmp2015-08-31 15:45 - 2015-08-31 15:45 - 00090112 _____ C:\WINDOWS\Minidump\Mini083115-01.dmp2015-08-27 16:03 - 2015-08-27 16:02 - 00090112 _____ C:\WINDOWS\Minidump\Mini082715-02.dmp2015-08-27 15:53 - 2015-08-27 15:53 - 00090112 _____ C:\WINDOWS\Minidump\Mini082715-01.dmp2015-08-26 15:28 - 2015-08-26 15:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini082615-03.dmp2015-08-26 15:22 - 2015-08-26 15:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini082615-02.dmp2015-08-26 15:18 - 2015-08-26 15:18 - 00090112 _____ C:\WINDOWS\Minidump\Mini082615-01.dmp2015-08-24 15:47 - 2015-08-24 15:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini082415-03.dmp2015-08-24 15:39 - 2015-08-24 15:39 - 00090112 _____ C:\WINDOWS\Minidump\Mini082415-02.dmp2015-08-24 15:36 - 2015-08-24 15:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini082415-01.dmp2015-08-23 13:45 - 2015-08-23 13:45 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-12.dmp2015-08-23 13:41 - 2015-08-23 13:41 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-11.dmp2015-08-23 13:36 - 2015-08-23 13:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-10.dmp2015-08-23 13:28 - 2015-08-23 13:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-09.dmp2015-08-23 10:22 - 2015-08-23 10:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-08.dmp2015-08-23 10:16 - 2015-08-23 10:16 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-07.dmp2015-08-23 10:11 - 2015-08-23 10:11 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-06.dmp2015-08-23 10:08 - 2015-08-23 10:08 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-05.dmp2015-08-23 10:03 - 2015-08-23 10:03 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-04.dmp2015-08-23 09:59 - 2015-08-23 09:59 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-03.dmp2015-08-23 09:53 - 2015-08-23 09:53 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-02.dmp2015-08-23 09:49 - 2015-08-23 09:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-01.dmp2015-08-22 20:22 - 2015-08-22 20:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-05.dmp2015-08-22 20:10 - 2015-08-22 20:10 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-04.dmp2015-08-22 20:03 - 2015-08-22 20:03 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-03.dmp2015-08-22 10:37 - 2015-08-22 10:37 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-02.dmp2015-08-22 10:31 - 2015-08-22 10:31 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-01.dmp2015-08-21 16:25 - 2015-08-21 16:25 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-08.dmp2015-08-21 15:37 - 2015-08-21 15:37 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-07.dmp2015-08-21 15:28 - 2015-08-21 15:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-06.dmp2015-08-21 15:23 - 2015-08-21 15:23 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-05.dmp2015-08-21 15:16 - 2015-08-21 15:16 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-04.dmp2015-08-21 10:35 - 2015-08-21 10:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-03.dmp2015-08-21 10:28 - 2015-08-21 10:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-02.dmp2015-08-21 10:23 - 2015-08-21 10:23 - 00000000 ____D C:\WINDOWS\Minidump2015-08-21 10:23 - 2015-08-21 10:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-01.dmp2015-08-20 15:29 - 2015-08-20 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$2015-08-20 15:29 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll2015-08-20 15:28 - 2015-09-07 17:43 - 00193739 _____ C:\WINDOWS\Wdf01009Inst.log==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-09-08 04:58 - 2004-08-10 11:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp2015-09-08 04:42 - 2004-08-10 11:02 - 01521049 _____ C:\WINDOWS\WindowsUpdate.log2015-09-08 04:42 - 2004-08-10 10:59 - 00000159 _____ C:\WINDOWS\wiadebug.log2015-09-08 04:41 - 2014-06-03 23:13 - 00000342 _____ C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_LogonTask.job2015-09-08 04:41 - 2014-04-12 00:22 - 00337936 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2015-09-08 04:41 - 2014-03-21 16:43 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2015-09-08 04:41 - 2004-08-10 11:08 - 00032638 _____ C:\WINDOWS\SchedLgU.Txt2015-09-08 04:41 - 2004-08-10 11:08 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini2015-09-08 04:41 - 2004-08-10 11:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-09-08 04:41 - 2004-08-10 10:59 - 00000048 _____ C:\WINDOWS\wiaservc.log2015-09-08 04:40 - 2004-08-10 10:51 - 00000593 _____ C:\WINDOWS\win.ini2015-09-08 04:40 - 2004-08-10 10:51 - 00000227 _____ C:\WINDOWS\system.ini2015-09-08 04:40 - 2004-08-10 10:51 - 00000210 __RSH C:\boot.ini2015-09-08 04:23 - 2015-02-19 23:36 - 00116651 _____ C:\WINDOWS\setupapi.log2015-09-08 04:23 - 2014-06-09 17:22 - 00000000 ____D C:\temp2015-09-08 04:22 - 2006-10-05 15:27 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups2015-09-08 04:15 - 2004-08-10 11:02 - 00000000 ____D C:\WINDOWS\Registration2015-09-08 04:14 - 2004-08-10 10:57 - 00563380 _____ C:\WINDOWS\system32\PerfStringBackup.INI2015-09-08 04:13 - 2014-06-03 23:13 - 00000348 _____ C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_RS_DailyTask.job2015-09-08 03:37 - 2004-08-10 11:08 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp2015-09-08 01:14 - 2015-03-23 13:00 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Old Firefox Data2015-09-08 01:06 - 2014-09-19 15:48 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin2015-09-07 23:29 - 2004-08-10 11:08 - 00000000 ___RD C:\Documents and Settings\Owner\Start Menu\Programs\Accessories2015-09-07 23:29 - 2004-08-10 10:52 - 00000000 ____D C:\WINDOWS\Help2015-09-07 23:13 - 2014-06-03 23:13 - 00000354 _____ C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_RS_WeeklyTask.job2015-09-07 23:13 - 2014-06-03 23:13 - 00000354 _____ C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_LG_DailyTask.job2015-09-07 23:12 - 2015-03-19 15:27 - 00044582 _____ C:\WINDOWS\ie8_main.log2015-09-07 23:12 - 2015-02-19 23:36 - 00099270 _____ C:\WINDOWS\FaxSetup.log2015-09-07 23:12 - 2015-02-19 23:36 - 00066797 _____ C:\WINDOWS\ocgen.log2015-09-07 23:12 - 2015-02-19 23:36 - 00042502 _____ C:\WINDOWS\tsoc.log2015-09-07 23:12 - 2015-02-19 23:36 - 00035831 _____ C:\WINDOWS\updspapi.log2015-09-07 23:12 - 2015-02-19 23:36 - 00033665 _____ C:\WINDOWS\comsetup.log2015-09-07 23:12 - 2015-02-19 23:36 - 00022712 _____ C:\WINDOWS\ntdtcsetup.log2015-09-07 23:12 - 2015-02-19 23:36 - 00013714 _____ C:\WINDOWS\iis6.log2015-09-07 23:12 - 2015-02-19 23:36 - 00005869 _____ C:\WINDOWS\ocmsn.log2015-09-07 23:12 - 2015-02-19 23:36 - 00005632 _____ C:\WINDOWS\msgsocm.log2015-09-07 23:12 - 2015-02-19 23:36 - 00001355 _____ C:\WINDOWS\imsins.log2015-09-07 23:11 - 2015-02-19 23:36 - 00001355 _____ C:\WINDOWS\imsins.BAK2015-09-07 23:10 - 2004-08-10 10:52 - 00000000 ____D C:\WINDOWS\Media2015-09-07 23:03 - 2004-08-10 11:09 - 00000000 ____D C:\WINDOWS\system32\URTTemp2015-09-07 23:00 - 2014-04-11 16:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP2015-09-07 22:13 - 2004-08-10 10:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2015-09-07 22:10 - 2015-02-19 23:36 - 00000359 _____ C:\WINDOWS\setupact.log2015-09-07 21:36 - 2014-04-11 15:31 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003UA.job2015-09-07 20:08 - 2014-05-06 22:30 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Control Center for KODAK Webcams2015-09-07 20:08 - 2014-04-11 11:21 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts2015-09-07 18:55 - 2004-08-10 10:52 - 00000000 ____D C:\WINDOWS\Driver Cache2015-09-07 18:54 - 2015-03-21 16:22 - 00000000 ____D C:\Program Files\Windows Network Accelerater2015-09-07 18:54 - 2015-03-21 15:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\ywyyyzvxnmtmbwj2015-09-07 18:54 - 2014-08-27 21:21 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Company2015-09-07 17:32 - 2015-07-18 15:23 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-09-07 17:32 - 2015-07-18 15:23 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-09-07 17:29 - 2015-03-24 12:58 - 00000000 ____D C:\Program Files\7a4ae2b6-199c-4ced-9b64-c3391b605c782015-09-07 17:29 - 2015-02-27 10:22 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\4C4C4544-1425032576-4710-8048-B2C04F5842312015-09-07 17:29 - 2015-02-05 09:01 - 00000000 ____D C:\87deb6e3-fd2e-49e8-9f4c-ebabfc3e26562015-09-07 17:29 - 2015-02-03 13:51 - 00000000 ____D C:\0098302f-83d5-4d32-ada4-16fb751ac8772015-09-07 16:32 - 2015-03-19 13:22 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk2015-09-07 16:32 - 2015-03-19 13:22 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk2015-09-07 15:35 - 2014-04-11 15:54 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Skype2015-08-20 15:36 - 2014-04-11 15:31 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003Core.job2015-08-17 23:40 - 2014-09-19 11:48 - 00524288 ____N C:\WINDOWS\system32\config\pastalea.evt2015-08-17 17:53 - 2014-04-26 20:48 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats2015-08-11 23:35 - 2014-04-10 17:00 - 00000000 ____D C:\WINDOWS\system32\MRT2015-08-11 23:30 - 2014-03-21 15:51 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe==================== Files in the root of some directories =======2014-12-08 21:02 - 2014-12-08 21:13 - 46776320 _____ () C:\Program Files\GUTE7.tmp2014-06-11 23:45 - 2014-06-11 23:45 - 0003072 _____ () C:\Documents and Settings\Owner\Application Data\dvd.bmk2014-08-27 19:52 - 2015-03-19 13:37 - 0000131 _____ () C:\Documents and Settings\Owner\Application Data\WB.CFG2014-04-10 17:57 - 2014-04-10 17:57 - 0000000 ____C () C:\Documents and Settings\Owner\Application Data\wklnhst.dat2015-09-07 19:16 - 2015-09-07 19:16 - 0172856 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache2015-09-07 19:16 - 2015-09-07 19:16 - 0238202 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache2015-03-19 13:37 - 2015-03-19 13:37 - 0274045 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\dsi1.dat2015-03-19 13:37 - 2015-03-19 13:37 - 0161916 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\dsi2.dat2014-06-11 21:18 - 2014-06-11 21:18 - 0000128 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat2015-09-07 19:10 - 2015-09-07 19:10 - 0000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache2014-04-26 20:46 - 2015-02-28 16:19 - 0000504 _____ () C:\Documents and Settings\All Users\FastPics.log2014-08-16 12:17 - 2014-08-16 12:17 - 0007008 _____ () C:\Documents and Settings\All Users\lxduJSW.log2014-04-26 20:42 - 2014-04-26 20:42 - 0000000 ____C () C:\Documents and Settings\All Users\UpdaterLog.txtSome files in TEMP:====================C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp\sqlite3.dllC:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End of FRST.txt ============================ Link to comment Share on other sites More sharing options...
brownhornet Posted September 8, 2015 Author Share Posted September 8, 2015 Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-09-2015Ran by Owner (2015-09-08 04:59:06)Running from C:\Documents and Settings\Owner\My Documents\DownloadsMicrosoft Windows XP Home Edition Service Pack 3 (X86) (2014-03-21 19:34:03)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-4000980144-3649526369-3817165490-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.D2YGHXB1ASPNET (S-1-5-21-4000980144-3649526369-3817165490-1007 - Limited - Enabled)Guest (S-1-5-21-4000980144-3649526369-3817165490-501 - Limited - Enabled)HelpAssistant (S-1-5-21-4000980144-3649526369-3817165490-1006 - Limited - Disabled)Owner (S-1-5-21-4000980144-3649526369-3817165490-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\OwnerSUPPORT_388945a0 (S-1-5-21-4000980144-3649526369-3817165490-1002 - Limited - Disabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.2.0 - Auslogics Labs Pty Ltd)Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 5.0.2.0 - Auslogics Labs Pty Ltd)Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)Dropbox (HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )Google Update Helper (Version: 1.3.21.153 - Google Inc.) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No (the data entry has 5 more characters).CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideo (the data entry has 19 more characters).CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)==================== Restore Points =========================07-09-2015 20:03:32 JRT Pre-Junkware Removal07-09-2015 23:00:44 JRT Pre-Junkware Removal07-09-2015 23:03:09 Software Distribution Service 3.008-09-2015 01:06:48 Removed 3D Tropical Sunsets ScreenSaver08-09-2015 01:25:19 Installed Adblock Plus for IE (32-bit)08-09-2015 03:43:43 Revo Uninstaller's restore point - ooVoo08-09-2015 03:43:50 Removed ooVoo08-09-2015 03:46:56 Revo Uninstaller's restore point - FindingDiscount08-09-2015 03:48:37 Revo Uninstaller's restore point - Oovoo Toolbar08-09-2015 04:13:55 Software Distribution Service 3.008-09-2015 04:34:43 Software Distribution Service 3.0==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2004-08-10 10:51 - 2015-09-07 15:52 - 00000736 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_LG_DailyTask.job => C:\Program Files\PC HealthBoost\PCHealthBoost.exeTask: C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_LogonTask.job => C:\Program Files\PC HealthBoost\PCHealthBoost.exeTask: C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_RS_DailyTask.job => C:\Program Files\PC HealthBoost\PCHealthBoost.exeTask: C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_RS_WeeklyTask.job => C:\Program Files\PC HealthBoost\PCHealthBoost.exe==================== Loaded Modules (Whitelisted) ==============2015-09-07 17:42 - 2015-09-07 17:42 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll2015-09-07 17:42 - 2015-09-07 17:42 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll2015-09-08 01:39 - 2015-09-08 01:39 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15090800\algo.dll2014-04-26 20:46 - 2009-05-14 00:23 - 00045056 _____ () C:\WINDOWS\system32\LXDUPMON.DLL2014-04-26 20:46 - 2009-09-04 00:31 - 00086016 _____ () C:\WINDOWS\system32\LXDUOEM.DLL2014-04-26 20:46 - 2009-09-04 00:29 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll2014-04-26 20:47 - 2009-08-19 09:51 - 00155648 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdudrpp.dll2015-09-07 17:42 - 2015-09-07 17:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\facebook.com -> hxxps://www.facebook.comIE trusted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\microsoft.com -> hxxp://windows.microsoft.comIE trusted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\msn.com -> hxxp://www.msn.comIE trusted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\skype.com -> hxxps://apps.skype.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\008i.com -> 008i.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\008k.com -> 008k.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\00hq.com -> 00hq.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0190-dialers.com -> 0190-dialers.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\01i.info -> 01i.infoIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0411dd.com -> 0411dd.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0511zfhl.com -> 0511zfhl.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\05p.com -> 05p.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0632qyw.com -> 0632qyw.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0calories.net -> 0calories.netIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0cj.net -> 0cj.netIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0scan.com -> 0scan.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\1-domains-registrations.com -> 1-domains-registrations.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\1-se.com -> 1-se.comIE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\1001movie.com -> 1001movie.comThere are 6091 more restricted sites.==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Corel Photo Album 6 Wallpaper.bmpDNS Servers: 68.105.28.12 - 68.105.29.12Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk => C:\WINDOWS\pss\Desktop Temperature Monitor.lnkStartupMSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Weather Alerts.lnk => C:\WINDOWS\pss\Weather Alerts.lnkStartupMSCONFIG\startupreg: AnyProtect Scanner => "C:\Program Files\AnyProtectEx\AnyProtect.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: Avast-Browser-Cleanup => "C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe"/RunOnceMSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiMSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exeMSCONFIG\startupreg: DMXLauncher => C:\Program Files\Dell\Media Experience\DMXLauncher.exeMSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverMSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exeMSCONFIG\startupreg: fst_us_227 =>MSCONFIG\startupreg: gmsd_us_342 =>MSCONFIG\startupreg: gmsd_us_343 =>MSCONFIG\startupreg: gmsd_us_349 =>MSCONFIG\startupreg: gmsd_us_359 =>MSCONFIG\startupreg: gmsd_us_372 =>MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostartMSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exeMSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exeMSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exeMSCONFIG\startupreg: InboxToolbar => "C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUPMSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startupMSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startMSCONFIG\startupreg: Lexmark 5600-6600 Series Fax Server => "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /sMSCONFIG\startupreg: lxdumon.exe => "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quietMSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /backgroundMSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupMSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitMSCONFIG\startupreg: ooVoo.exe => C:\Program Files\ooVoo\oovoo.exe /minimizedMSCONFIG\startupreg: ProPCCleaner => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe trueMSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exeMSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeMSCONFIG\startupreg: upgmsd_us_342.exe => C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exe -runhelperMSCONFIG\startupreg: upgmsd_us_343.exe => C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exe -runhelperMSCONFIG\startupreg: upgmsd_us_349.exe => C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exe -runhelperMSCONFIG\startupreg: upgmsd_us_372.exe => C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe -runhelper==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKitStandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\lxducoms.exe] => Enabled:5600-6600 Series ServerStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling PluginStandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows MessengerStandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:SkypeStandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! MessengerStandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management ConsoleStandardProfile\AuthorizedApplications: [C:\Program Files\LibreOffice 4\program\soffice.bin] => Enabled:LibreOfficeStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:DropboxStandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002StandardProfile\GloballyOpenPorts: [5985:TCP] => Enabled:Windows Remote ManagementStandardProfile\GloballyOpenPorts: [80:TCP] => Enabled:Windows Remote Management - Compatibility Mode (HTTP-In)StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002==================== Faulty Device Manager Devices =============Name:Description:Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================Error: (09/07/2015 05:01:31 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application SUPERAntiSpyware.exe, version 6.0.0.1204, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (09/07/2015 05:00:53 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application SUPERAntiSpyware.exe, version 6.0.0.1204, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (09/07/2015 03:32:41 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.Error: (09/07/2015 03:31:58 PM) (Source: Google Update) (EventID: 20) (User: D2YGHXB1)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, named proxy=http=127.0.0.1:8800;https=127.0.0.1:8800;, bypass=<-loopback>.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, named proxy=http=12Error: (08/26/2015 03:19:30 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module explorer.exe, version 6.0.2900.5512, fault address 0x00009409.Processing media-specific event for [explorer.exe!ws!]Error: (08/20/2015 10:36:26 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.Error: (08/19/2015 08:51:41 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.Error: (08/18/2015 10:00:23 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.Error: (08/17/2015 05:55:11 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.Error: (08/16/2015 10:03:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.System errors:=============Error: (09/08/2015 04:42:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:gfilterdrvywiynzu4njzmymjError: (09/08/2015 04:41:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Hyphen Multimedia service failed to start due to the following error:%%2Error: (09/08/2015 04:31:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:gfilterdrvywiynzu4njzmymjError: (09/08/2015 04:31:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Hyphen Multimedia service failed to start due to the following error:%%2Error: (09/08/2015 04:31:42 AM) (Source: 0) (EventID: 1) (User: )Description: 0xC0000001HarddiskVolume2Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).Microsoft Office:=========================Error: (09/07/2015 05:01:31 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: SUPERAntiSpyware.exe6.0.0.1204hungapp0.0.0.000000000Error: (09/07/2015 05:00:53 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: SUPERAntiSpyware.exe6.0.0.1204hungapp0.0.0.000000000Error: (09/07/2015 03:32:41 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNILError: (09/07/2015 03:31:58 PM) (Source: Google Update) (EventID: 20) (User: D2YGHXB1)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, named proxy=http=127.0.0.1:8800;https=127.0.0.1:8800;, bypass=<-loopback>.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, named proxy=http=12Error: (08/26/2015 03:19:30 PM) (Source: Application Error) (EventID: 1000) (User: )Description: explorer.exe6.0.2900.5512explorer.exe6.0.2900.551200009409Error: (08/20/2015 10:36:26 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNILError: (08/19/2015 08:51:41 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNILError: (08/18/2015 10:00:23 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNILError: (08/17/2015 05:55:11 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNILError: (08/16/2015 10:03:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNIL==================== Memory info ===========================Processor: Intel® Pentium® 4 CPU 3.06GHzPercentage of memory in use: 27%Total physical RAM: 3070.07 MBAvailable physical RAM: 2233.22 MBTotal Virtual: 5980.13 MBAvailable Virtual: 5273.98 MB==================== Drives ================================Drive c: () (Fixed) (Total:294.83 GB) (Free:273.09 GB) NTFS ==>[drive with boot components (Windows XP)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 298.1 GB) (Disk ID: 2BD2C32A)Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)Partition 2: (Active) - (Size=294.8 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=3.2 GB) - (Type=DB)==================== End of Addition.txt ============================ Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 Running from C:\Documents and Settings\Owner\My Documents\Downloads It's best we move Farbar's to desktop. Please go to your My Documents\downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT Go to an open spot on your desktop, right click and select PASTE You should now have Farbar Recovery Scan Tool on your desktop. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CreateRestorePoint: CloseProcesses: AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File AppInit_DLLs: c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => No File AppInit_DLLs: c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:47574 Internet Explorer: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179 HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S2 doviqexy; C:\Documents and Settings\Owner\Application Data\VOPackage\nsh148.tmpfs [X] C:\Documents and Settings\Owner\Application Data\VOPackage S1 ywiynzu4njzmymj; C:\WINDOWS\system32\drivers\ywiynzu4njzmymj.sys [X] C:\WINDOWS\system32\AI_RecycleBin 2015-09-07 18:54 - 2015-03-21 15:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\ywyyyzvxnmtmbwj C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp\sqlite3.dll C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters). CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No (the data entry has 5 more characters). CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideo (the data entry has 19 more characters). AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 C:\Program Files\AnyProtectEx\AnyProtect.exe C:\Program Files\AnyProtectEx C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe C:\Program Files\Pro PC Cleaner C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exe C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exe C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exe C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe EmptyTemp: End Open FRST/FRST64 and press the > Fix < button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~~~~~ Open MBAM (Malwarebytes' Anti-Malware) On the Dashboard click on Update Now Go to the Setting Tab Under Setting go to Detection and Protection Under PUP and PUM make sure both are set to show Treat Detections as Malware Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked Then on the Dashboard click on Scan Make sure to select THREAT SCAN Then click on Scan When the scan is finished and the log pops up...select Copy to Clipboard Please paste the log back into this thread for review Exit Malwarebytes Post these 2 logs when finished. Link to comment Share on other sites More sharing options...
brownhornet Posted September 8, 2015 Author Share Posted September 8, 2015 Fix result of Farbar Recovery Scan Tool (x86) Version:07-09-2015Ran by Owner (2015-09-08 11:31:08) Run:2Running from C:\Documents and Settings\Owner\DesktopLoaded Profiles: Owner (Available Profiles: Owner & Administrator)Boot Mode: Normal==============================================fixlist content:*****************startCreateRestorePoint:CloseProcesses:AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No FileAppInit_DLLs: c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => No FileAppInit_DLLs: c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll => No FileGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)ProxyEnable: [.DEFAULT] => Proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:47574Internet Explorer: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =S2 doviqexy; C:\Documents and Settings\Owner\Application Data\VOPackage\nsh148.tmpfs [X]C:\Documents and Settings\Owner\Application Data\VOPackageS1 ywiynzu4njzmymj; C:\WINDOWS\system32\drivers\ywiynzu4njzmymj.sys [X]C:\WINDOWS\system32\AI_RecycleBin2015-09-07 18:54 - 2015-03-21 15:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\ywyyyzvxnmtmbwjC:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp\sqlite3.dllC:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dllCustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No (the data entry has 5 more characters).CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideo (the data entry has 19 more characters).AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34C:\Program Files\AnyProtectEx\AnyProtect.exeC:\Program Files\AnyProtectExC:\Program Files\Pro PC Cleaner\ProPCCleaner.exeC:\Program Files\Pro PC CleanerC:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exeC:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exeC:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exeC:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exeEmptyTemp:End*****************Restore point was successfully created.Processes closed successfully."_C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value data not found."c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL" => Value data not found."c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll" => Value data not found."C:\WINDOWS\system32\GroupPolicy\Machine" => File/Folder not found.HKLM\SOFTWARE\Policies\Google => key not found.HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Google => key not found.HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfullyHKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfullyHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.doviqexy => service not found."C:\Documents and Settings\Owner\Application Data\VOPackage" => File/Folder not found.ywiynzu4njzmymj => service not found."C:\WINDOWS\system32\AI_RecycleBin" => File/Folder not found."C:\Documents and Settings\Owner\Application Data\ywyyyzvxnmtmbwj" => File/Folder not found."C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp\sqlite3.dll" => File/Folder not found."C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll" => File/Folder not found.HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found.HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} => key not found."C:\Documents and Settings\All Users\Application Data\TEMP" => ":5C321E34" ADS not found."C:\Program Files\AnyProtectEx\AnyProtect.exe" => File/Folder not found."C:\Program Files\AnyProtectEx" => File/Folder not found."C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe" => File/Folder not found."C:\Program Files\Pro PC Cleaner" => File/Folder not found."C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exe" => File/Folder not found."C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exe" => File/Folder not found."C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exe" => File/Folder not found."C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe" => File/Folder not found.EmptyTemp: => 62.8 MB temporary data Removed.The system needed a reboot.==== End of Fixlog 11:31:32 ==== Link to comment Share on other sites More sharing options...
brownhornet Posted September 8, 2015 Author Share Posted September 8, 2015 malewarebytes scan log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 9/8/2015Scan Time: 11:36:25 AMLogfile: mb.txtAdministrator: YesVersion: 2.1.8.1057Malware Database: v2015.09.08.05Rootkit Database: v2015.08.16.01License: PremiumMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: OwnerScan Type: Threat ScanResult: CompletedObjects Scanned: 400872Time Elapsed: 14 min, 32 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to comment Share on other sites More sharing options...
brownhornet Posted September 8, 2015 Author Share Posted September 8, 2015 (edited) just want to add that even after scans with ADWcleaner these items keep popping up,by that i mean right after it is cleaned i run a scan and there they are again: # AdwCleaner v5.006 - Logfile created 08/09/2015 at 12:22:58# Updated 06/09/2015 by Xplode# Database : 2015-09-07.1 [server]# Operating system : Microsoft Windows XP Service Pack 3 (x86)# Username : Owner - D2YGHXB1# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] ********** [ Files ] *****[-] File Deleted : C:\WINDOWS\system32\config\pastalea.evt***** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] *****[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}***** [ Web browsers ] ******************************:: Winsock settings cleared########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [915 bytes] ########## Edited September 8, 2015 by brownhornet Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 Ran by Owner (2015-09-08 11:31:08) Run:2 Running from C:\Documents and Settings\Owner\Desktop You ran the script I created twice? Let's pull out some big guns. Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. How to use ComboFix Download ComboFix from here: Link 1 Link 2 Link 3 Place ComboFix.exe on your Desktop <--Important Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can get help on disabling your protection programs here Double click on ComboFix.exe & follow the prompts. You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. --------------------------------------------------------------------------------------------- If there are Internet issues after running ComboFix:Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok. Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself. Chrome: Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself. Safari Launch Safari Go to general settings menu Then in Preferences/ Advanced Then on line click Proxies change settings ... Click Internet Options, then click the Connections tab, click Network Settings. Disable option (uncheck) for the use of proxy server ... ~~~~~~~~~~~~~~~~~~` Link to comment Share on other sites More sharing options...
brownhornet Posted September 8, 2015 Author Share Posted September 8, 2015 ComboFix 15-09-07.01 - Owner 09/08/2015 14:52:28.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2172 [GMT -7:00]Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPC:\install.exe..((((((((((((((((((((((((( Files Created from 2015-08-08 to 2015-09-08 )))))))))))))))))))))))))))))))..2015-09-08 11:54 . 2015-09-08 18:33 -------- d-----w- C:\FRST2015-09-08 11:21 . 2015-09-08 11:21 -------- d-----w- C:\NVIDIA2015-09-08 10:42 . 2015-09-08 10:42 -------- d-----w- c:\program files\VS Revo Group2015-09-08 08:25 . 2015-09-08 08:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adblock Plus for IE2015-09-08 08:25 . 2015-09-08 08:25 -------- d-----w- c:\program files\Adblock Plus for IE2015-09-08 08:25 . 2015-09-08 08:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Adblock Plus for IE2015-09-08 06:47 . 2015-09-08 06:47 -------- d-----w- c:\program files\ESET2015-09-08 06:09 . 2015-09-08 06:11 -------- dc-h--w- c:\windows\ie82015-09-08 05:59 . 2015-09-08 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses2015-09-08 05:59 . 2015-09-08 06:00 -------- d-----w- c:\program files\SpywareBlaster2015-09-08 03:08 . 2015-09-08 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics2015-09-08 03:06 . 2015-09-08 03:11 -------- d-----w- c:\program files\Auslogics2015-09-08 02:11 . 2015-05-29 07:43 303744 ----a-w- c:\windows\system32\drivers\tmcomm.sys2015-09-08 01:32 . 2015-09-08 18:35 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2015-09-08 01:32 . 2015-06-18 15:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2015-09-08 01:32 . 2015-06-18 15:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2015-09-08 01:32 . 2015-09-08 01:32 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2015-09-08 00:42 . 2015-09-08 00:42 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys2015-09-08 00:42 . 2015-09-08 00:42 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys2015-09-08 00:42 . 2015-09-08 00:42 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys2015-09-08 00:42 . 2015-09-08 00:42 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2015-09-08 00:42 . 2015-09-08 00:42 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2015-09-08 00:42 . 2015-09-08 00:42 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys2015-09-08 00:42 . 2015-09-08 00:42 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys2015-09-08 00:42 . 2015-09-08 00:42 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys2015-09-08 00:42 . 2015-09-08 00:42 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys2015-09-08 00:42 . 2015-09-08 00:42 313472 ----a-w- c:\windows\system32\aswBoot.exe2015-09-08 00:42 . 2015-09-08 00:42 43112 ----a-w- c:\windows\avastSS.scr2015-09-08 00:41 . 2015-09-08 00:41 -------- d-----w- c:\program files\AVAST Software2015-09-07 23:52 . 2015-09-07 23:52 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com2015-09-07 23:51 . 2015-09-07 23:52 -------- d-----w- c:\program files\SUPERAntiSpyware2015-09-07 23:51 . 2015-09-07 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2015-09-07 23:48 . 2015-09-07 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2015-09-07 23:32 . 2015-09-07 23:32 -------- d-----w- c:\program files\Mozilla Maintenance Service2015-09-07 23:21 . 2013-03-12 12:49 1076968 ----a-r- c:\windows\system32\drivers\RTL8192cu.sys2015-09-07 23:03 . 2015-09-08 19:25 -------- d-----w- C:\AdwCleaner2015-09-07 22:48 . 2015-09-07 22:48 -------- d-----w- c:\documents and settings\Administrator2015-08-20 22:29 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-09-08 00:32 . 2015-07-18 22:23 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe2015-09-08 00:32 . 2015-07-18 22:23 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-12-09 04:13 . 2014-12-09 04:02 46776320 ----a-w- c:\program files\GUTE7.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2015-09-08 00:42 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-08 6111824]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SoftwareSASGeneration"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnkbackup=c:\windows\pss\Digital Line Detect.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkbackup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnkbackup=c:\windows\pss\Desktop Temperature Monitor.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Weather Alerts.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Weather Alerts.lnkbackup=c:\windows\pss\Weather Alerts.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avast-Browser-Cleanup]c:\program files\AVAST Software\Avast\BrowserCleanup.exe/RunOnce [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2013-09-14 02:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]2015-09-08 00:42 6111824 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]2009-09-04 07:51 131752 ----a-w- c:\program files\Lexmark 5600-6600 Series\ezprint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]2014-04-11 22:31 138096 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]2015-03-02 09:03 2477056 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]2005-10-14 18:46 77824 ----a-w- c:\windows\system32\hkcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]2005-10-14 18:50 114688 ----a-w- c:\windows\system32\igfxpers.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]2005-10-14 18:49 94208 ----a-w- c:\windows\system32\igfxtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5600-6600 Series Fax Server]2009-09-04 07:51 311976 ----a-w- c:\program files\Lexmark 5600-6600 Series\fm3032.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdumon.exe]2009-09-04 07:51 676520 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxdumon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]2012-05-25 11:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2013-01-31 09:02 15517472 ----a-w- c:\windows\system32\nvcpl.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]2013-01-31 09:02 108832 ----a-w- c:\windows\system32\nvmctray.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]2006-02-10 16:17 282624 ----a-w- c:\windows\stsystra.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2014-10-01 20:51 22067296 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]2015-07-30 20:02 6815512 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\WINDOWS\\system32\\lxducoms.exe"="c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\WINDOWS\\system32\\mmc.exe"="c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:Windows Remote Management.R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [9/7/2015 5:42 PM 49776]R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [9/7/2015 5:42 PM 208664]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/7/2015 5:42 PM 788784]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/7/2015 5:42 PM 433264]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 4:47 PM 142648]R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [9/7/2015 5:42 PM 24016]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [9/7/2015 5:42 PM 76000]R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [4/26/2014 8:47 PM 98984]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [9/7/2015 6:32 PM 1871160]R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [9/7/2015 5:42 PM 161472]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/7/2015 6:32 PM 23256]R3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [9/7/2015 4:21 PM 1076968]S1 gfilterdrv;gfilterdrv;c:\windows\system32\drivers\gfilterdrv.sys --> c:\windows\system32\drivers\gfilterdrv.sys [?]S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [9/7/2015 6:32 PM 1133880]S3 cpuz134;cpuz134;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [9/7/2015 6:32 PM 98520].Contents of the 'Scheduled Tasks' folder.2015-09-08 c:\windows\Tasks\avast! Emergency Update.job- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-08 00:42].2015-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003Core.job- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-11 22:31].2015-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003UA.job- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-11 22:31].2015-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job- c:\windows\system32\xp_eos.exe [2014-03-21 01:59].2015-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job- c:\windows\system32\xp_eos.exe [2014-03-21 01:59]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <-loopback>uSearchAssistant = hxxp://www.google.comTrusted Zone: facebook.com\wwwTrusted Zone: microsoft.com\windowsTrusted Zone: msn.com\wwwTrusted Zone: skype.com\appsTrusted Zone: yahoo.com\wwwTCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xz1s2yzz.default-1441700062562\FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)MSConfigStartUp-AnyProtect Scanner - c:\program files\AnyProtectEx\AnyProtect.exeMSConfigStartUp-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exeMSConfigStartUp-InboxToolbar - c:\program files\Inbox Toolbar\Inbox.exeMSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exeMSConfigStartUp-ProPCCleaner - c:\program files\Pro PC Cleaner\ProPCCleaner.exeMSConfigStartUp-upgmsd_us_342 - c:\documents and settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exeMSConfigStartUp-upgmsd_us_343 - c:\documents and settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exeMSConfigStartUp-upgmsd_us_349 - c:\documents and settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exeMSConfigStartUp-upgmsd_us_372 - c:\documents and settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2015-09-08 14:57Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.Completion time: 2015-09-08 14:59:57ComboFix-quarantined-files.txt 2015-09-08 21:59.Pre-Run: 293,818,036,224 bytes freePost-Run: 293,796,065,280 bytes free.WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect.- - End Of File - - 69A081A75F5D4EBC8034BD8F8D0FCB9691722E6BC3A2B40FF00222DCA4A3DB3E Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 Let's try a different anti-malware scanner. Emsisoft Anti-Malware Download and save the Emsisoft Anti-Malware setup program to your desktop. The download is fairly large, so please be patient while it downloads. Once the file has been downloaded, close all open programs. Double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway. If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button. You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware. Click on the Freeware trail mode link: You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button. Allow it to update the definitions. Please be patient as it may take a few minutes for the updates to finish downloading. When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform. Please select the Deep Scan option and then click on the Scan button. The Deep Scan option will take the longest time to scan your computer, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned. Please don't run any other program while it is scanning. When the scan has finished, the program will display the scan results that shows what infections where found. Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports) Click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so. ~~~~~~~~~~~~~~~ What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner. Most reliable and thorough. The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find. This scanner can take quite a bit of time to run, depending of course how full your computer is. Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. ESET Online Scan Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. Please download ESET Online Scan and save the file to your Desktop. Temporarily disable your anti-virus software. For instructions, please refer to the following link. Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start. Agree to the Terms of Use once more and click Start. Allow components to download. Place a checkmark next to Enable detection of potentially unwanted applications. Click Advanced settings. Place a checkmark next to:Scan archives Scan for potentially unsafe applications Enable Anti-Stealth technology Ensure Remove found threats is unchecked. Click Start. Wait for the scan to finish. Please be patient as this can take some time. Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something such as "MyEsetScan". Push the Back button. Place a checkmark next to and click . Re-enable your anti-virus software. Copy the contents of the log and paste in your next reply. ~~~ In your next reply, please include: Emsisoft Anti-Malware log (located at C:\Users\Documents\Anti-Malware\Reports) Eset log Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 Forgot to ask, how is the computer? Link to comment Share on other sites More sharing options...
brownhornet Posted September 8, 2015 Author Share Posted September 8, 2015 its running kinda sluggish or maybe its just XP. how bad was the computer? running emsisoft now Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 I didn't think to devastating but I never got to see any of these logs you ran first MB,adwcleaner,superantispyware,tried running JRT Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 still get pop up adds can you remember where to? Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 Sorry I'm so dense today and not thinking of this before now. Please do the following: Reset all the browsers back to default: Instructions on how to backup your Favourites/Bookmarks and other data can be found below. Backup Internet Explorer Bookmarks https://kb.wisc.edu/helpdesk/page.php?id=1419 Backup Firefox Bookmarks https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer Backup Chrome Bookmarks http://www.wikihow.com/Export-Bookmarks-from-Chrome Proceed with the reset once done. I.E. Open Internet Explorer, click on the gear icon at the top (far right), then click again on Internet Options. In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button. Reset Internet Explorer In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset Internet Explorer back to its default settings When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK. Close Internet Explorer. Firefox At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information. Click the Refresh Firefox button in the upper-right corner of the Troubleshooting Information page. To continue, click Refresh Firefox in the confirmation window that opens. Firefox will close and be reset. When its done, a window will list the information that was imported. Click Finish Google Chrome enter the following into the Chrome address bar: chrome://settings/personal and at the bottom click on "Advanced Settings" At the very bottom of the page click on "Reset Browser Settings" Then if you use the sync feature, check the section for "delete your synced data from your Google Account " at the bottom of this page http://support.google.com/chrome/bin/answer.py?hl=en&answer=185277 Link to comment Share on other sites More sharing options...
brownhornet Posted September 8, 2015 Author Share Posted September 8, 2015 quick question,i ran the emsisoft scanner and it quarantined 46 of 48 objects. the other 2 it wont,should i delete them??? Link to comment Share on other sites More sharing options...
Juliet Posted September 8, 2015 Share Posted September 8, 2015 the other 2 it wont,should i delete them Can you tell me which 2 your talking about? You should be able to hold the program to view the list of objects found. Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports) Link to comment Share on other sites More sharing options...
brownhornet Posted September 9, 2015 Author Share Posted September 9, 2015 (edited) Can you tell me which 2 your talking about? You should be able to hold the program to view the list of objects found. Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports) i closed the program since i wanted to run the Eset scan,takes a long time. one file was a quarantined file from ADWcleaner the other was a registry file that was labled as ''no risk''. sorry to jump the gun before hearing back from you,its my aunts computer and she leaves for arizona tomorrow.Eset scan is at 50% and 17min. Edited September 9, 2015 by brownhornet Link to comment Share on other sites More sharing options...
Juliet Posted September 9, 2015 Share Posted September 9, 2015 one file was a quarantined file from ADWcleaner the other was a registry file that was labled as ''no risk''. don't worry over what is found in quarantine folders from other tools, thats to be expected. Link to comment Share on other sites More sharing options...
brownhornet Posted September 9, 2015 Author Share Posted September 9, 2015 (edited) the eset scan came up with no detections. here is the Emsisoft log: Emsisoft Anti-Malware - Version 10.0.0.5641Last update: 9/8/2015 3:56:22 PMInitiated by:Scan settings:Scan type:Objects: Rootkits, Memory, Traces, C:\Detect PUPs: OnScan archives: OnADS Scan: OnFile extension filter: OnAdvanced caching: OnDirect disk access: OffScan start: 9/8/2015 3:59:32 PMKey: HKEY_USERS\.DEFAULT\SOFTWARE\SOLID PROGRAM Application.Toolbar (A)Key: HKEY_USERS\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\SOLID PROGRAM Application.Toolbar (A)Key: HKEY_USERS\S-1-5-18\SOFTWARE\SOLID PROGRAM Application.Toolbar (A)Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} Application.AdShopper (A)Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} Application.AdShopper (A)Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E} Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.FEEDMANAGER Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.FEEDMANAGER.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.HTMLMENU Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.HTMLMENU.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.HTMLPANEL Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.HTMLPANEL.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.MULTIPLEBUTTON Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.MULTIPLEBUTTON.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.PSEUDOTRANSPARENTPLUGIN Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.PSEUDOTRANSPARENTPLUGIN.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.SCRIPTBUTTON Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.SCRIPTBUTTON.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.SETTINGSPLUGIN Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.SETTINGSPLUGIN.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.THIRDPARTYINSTALLER Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.THIRDPARTYINSTALLER.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\YT.YTNAVASSISTPLUGIN Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\YT.YTNAVASSISTPLUGIN.1 Application.AdReg (A)Key: HKEY_LOCAL_MACHINE\SOFTWARE\SLIMWARE UTILITIES, INC.\DRIVERAPP Application.InstallDrive (A)C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\FlashBeat\SoftConfigTest.exe.vir Gen:Variant.Adware.Kazy.604816 (C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Windows Discount\FindingDiscount\FindingDiscount.exe.vir Trojan.Generic.14571572 (C:\AdwCleaner\Quarantine\C\Program Files\pastaleads\PastaLeadsService.exe.vir Adware.Agent.PIL (C:\AdwCleaner\Quarantine\C\Program Files\V-bates\libwinhook.dll.vir Adware.PassionFruit.A (C:\AdwCleaner\Quarantine\C\Program Files\ver6BlockAndSurf\temp\i.arc.vir -> (Embedded EXE 2g) Gen:Variant.Adware.Zusy.132667 (C:\AdwCleaner\Quarantine\C\Program Files\ver6BlockAndSurf\temp\i.arc.vir -> (Embedded EXE 3g) Gen:Variant.Zusy.128867 (C:\Documents and Settings\Owner\Desktop\Old Firefox Data\u1mf7z30.default\extensions\{1a4f7658-8acd-c8ae-404b-4eab4d23beb0}\chrome\content\main.js Adware.ZoomIt.A (C:\Documents and Settings\Owner\Desktop\Old Firefox Data\u1mf7z30.default\extensions\{1a4f7658-8acd-c8ae-404b-4eab4d23beb0}\chrome\content\zoom.js Adware.ZoomIt.A (C:\Documents and Settings\Owner\Desktop\Old Firefox Data\u1mf7z30.default\extensions\{c0427b7e-9c3b-3b57-2c10-7c3fd39b3605}\chrome\content\main.js Adware.ZoomIt.A (C:\Documents and Settings\Owner\Desktop\Old Firefox Data\u1mf7z30.default\extensions\{c0427b7e-9c3b-3b57-2c10-7c3fd39b3605}\chrome\content\zoom.js Adware.ZoomIt.A (Scanned 123976Found 48Scan end: 9/8/2015 4:25:09 PMScan time: 0:25:37 Edited September 9, 2015 by brownhornet Link to comment Share on other sites More sharing options...
brownhornet Posted September 9, 2015 Author Share Posted September 9, 2015 seems to be doing ok,not like it was before at all Link to comment Share on other sites More sharing options...
Juliet Posted September 9, 2015 Share Posted September 9, 2015 (edited) seems to be doing ok,not like it was before at allglad to hear that. C:\Documents and Settings\Owner\Desktop\Old Firefox Data Her Firefox backup had some minor issues, if you can get her to delete that out or run the Emsisoft Anti-Malware again it will take it out. (Unless you allowed it to when running the scan) <--ideal Were you able to run the Eset scan? Edited September 9, 2015 by Juliet Link to comment Share on other sites More sharing options...
brownhornet Posted September 9, 2015 Author Share Posted September 9, 2015 glad to hear that. C:\Documents and Settings\Owner\Desktop\Old Firefox Data Her Firefox backup had some minor issues, if you can get her to delete that out or run the Emsisoft Anti-Malware again it will take it out. (Unless you allowed it to when running the scan) <--ideal Were you able to run the Eset scan? yes i deleted the FF stuff and the Eset scan came up with zero issues Link to comment Share on other sites More sharing options...
brownhornet Posted September 9, 2015 Author Share Posted September 9, 2015 feel free to close this topic as i consider it solved/fixed unless you see something i missed......thanks juliet for all you do round the pit.. Link to comment Share on other sites More sharing options...
Recommended Posts