done all i can

[brownhornet]

this computer would bluescreen constantly,found out it was running 2 AV programs which i uninstalled. no more BSOD.i ran the following which got rid of a bunch of stuff: MB,adwcleaner,TFC,superantispyware,tried running JRT but it quit just after starting. even ran a scan by Avast. the computer is still get pop up adds after installing adblock plus as well as redirects. here is a HJT log after scanning...sad to say this is running XP

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:15:05 PM, on 9/7/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

FIREFOX: 40.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Auslogics\DiskDefrag\DiskDefrag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=odc179
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1434231795578
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Hyphen Multimedia (doviqexy) - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4848 bytes

[Juliet]

Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
• Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
• Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

[brownhornet]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
Ran by Owner (administrator) on D2YGHXB1 (08-09-2015 04:58:28)
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe
( ) C:\WINDOWS\system32\lxducoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-07] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
AppInit_DLLs: c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => No File
AppInit_DLLs: c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll => No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{EAF49E9D-1EE2-4C89-8BEF-685E228449E3}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1395439306718
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-04] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xz1s2yzz.default-1441700062562
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-07] ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4000980144-3649526369-3817165490-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xz1s2yzz.default-1441700062562\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]
CHR HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)
R2 lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2009-08-19] (Lexmark International, Inc.)
R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [594600 2009-08-19] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]
S2 doviqexy; C:\Documents and Settings\Owner\Application Data\VOPackage\nsh148.tmpfs [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-09-07] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-08] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [1076968 2013-03-12] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1107224 2006-02-10] (SigmaTel, Inc.)
S3 bvrp_pci; no ImagePath
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [X]
S1 gfilterdrv; system32\drivers\gfilterdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
S1 ywiynzu4njzmymj; system32\drivers\ywiynzu4njzmymj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 04:54 - 2015-09-08 04:58 - 00000000 ____D C:\FRST
2015-09-08 04:53 - 2015-09-08 04:53 - 00000885 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to FRST.lnk
2015-09-08 04:24 - 2013-01-31 02:02 - 00144160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcolor.exe
2015-09-08 04:23 - 2015-09-08 04:23 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2015-09-08 04:23 - 2015-09-08 04:23 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2015-09-08 04:23 - 2015-09-08 04:23 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2015-09-08 04:23 - 2015-09-08 04:23 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk
2015-09-08 04:23 - 2013-01-31 04:22 - 00065536 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-09-08 04:22 - 2015-09-08 04:24 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-09-08 04:22 - 2013-01-31 04:22 - 17551360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-09-08 04:22 - 2013-01-31 04:22 - 07536640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-08 04:22 - 2013-01-31 04:22 - 05967872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-08 04:22 - 2013-01-31 04:22 - 02816504 _____ C:\WINDOWS\system32\nvdata.data
2015-09-08 04:22 - 2013-01-31 04:22 - 02581792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-08 04:22 - 2013-01-31 04:22 - 01869088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2015-09-08 04:22 - 2013-01-31 04:22 - 01010464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco32.dll
2015-09-08 04:22 - 2013-01-31 04:22 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco32.dll
2015-09-08 04:22 - 2013-01-31 04:22 - 00015449 _____ C:\WINDOWS\system32\nvinfo.pb
2015-09-08 04:21 - 2015-09-08 04:21 - 00000000 ____D C:\NVIDIA
2015-09-08 03:42 - 2015-09-08 03:42 - 00000917 _____ C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
2015-09-08 03:42 - 2015-09-08 03:42 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-08 03:28 - 2015-09-08 03:28 - 00000971 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\Shortcut to TFC.lnk
2015-09-08 03:26 - 2015-09-08 03:26 - 00000000 __SHD C:\Documents and Settings\Administrator.D2YGHXB1\PrivacIE
2015-09-08 01:25 - 2015-09-08 01:25 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2015-09-08 01:25 - 2015-09-08 01:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adblock Plus for IE
2015-09-08 01:25 - 2015-09-08 01:25 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Adblock Plus for IE
2015-09-08 01:02 - 2015-09-08 01:02 - 00000290 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\Shortcut (2) to AdwCleaner(1).lnk
2015-09-08 00:59 - 2015-09-08 00:59 - 00060846 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\eset.txt
2015-09-07 23:47 - 2015-09-07 23:47 - 00000000 ____D C:\Program Files\ESET
2015-09-07 23:44 - 2015-09-07 23:44 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\SUPERAntiSpyware.com
2015-09-07 23:40 - 2015-09-07 23:40 - 00000971 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\Shortcut to JRT.lnk
2015-09-07 23:40 - 2015-09-07 23:40 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\Macromedia
2015-09-07 23:40 - 2015-09-07 23:40 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\Adobe
2015-09-07 23:38 - 2015-09-07 23:38 - 00000000 __SHD C:\Documents and Settings\Administrator.D2YGHXB1\IETldCache
2015-09-07 23:38 - 2015-09-07 23:38 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Application Data\Mozilla
2015-09-07 23:38 - 2015-09-07 23:38 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\Mozilla
2015-09-07 23:29 - 2015-09-07 23:29 - 00000803 _____ C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2015-09-07 23:28 - 2015-09-08 04:25 - 00002884 _____ C:\WINDOWS\COM+.log
2015-09-07 23:11 - 2015-09-07 23:12 - 00037780 _____ C:\WINDOWS\KB2909921-IE8.log
2015-09-07 23:11 - 2015-09-07 23:11 - 00042185 _____ C:\WINDOWS\KB982381-IE8.log
2015-09-07 23:11 - 2015-09-07 23:11 - 00031251 _____ C:\WINDOWS\KB2598845-IE8.log
2015-09-07 23:10 - 2015-09-07 23:29 - 00007295 _____ C:\WINDOWS\spupdsvc.log
2015-09-07 23:09 - 2015-09-07 23:11 - 00042994 _____ C:\WINDOWS\ie8.log
2015-09-07 23:09 - 2015-09-07 23:11 - 00000000 __HDC C:\WINDOWS\ie8
2015-09-07 22:59 - 2015-09-07 23:00 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-09-07 22:59 - 2015-09-07 22:59 - 00000754 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2015-09-07 22:59 - 2015-09-07 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2015-09-07 22:59 - 2015-09-07 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2015-09-07 20:16 - 2015-09-07 20:16 - 00004849 _____ C:\Documents and Settings\Owner\Desktop\HJT.txt
2015-09-07 20:14 - 2015-09-07 20:14 - 00000919 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to HijackThis.lnk
2015-09-07 20:11 - 2015-09-07 20:11 - 00000822 _____ C:\Documents and Settings\Owner\Desktop\Auslogics DiskDefrag.lnk
2015-09-07 20:08 - 2015-09-07 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2015-09-07 20:06 - 2015-09-07 20:11 - 00000000 ____D C:\Program Files\Auslogics
2015-09-07 20:06 - 2015-09-07 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2015-09-07 20:06 - 2015-09-07 20:06 - 00000889 _____ C:\Documents and Settings\Owner\Desktop\Auslogics Registry Cleaner.lnk
2015-09-07 19:16 - 2015-09-07 19:16 - 00238202 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2015-09-07 19:16 - 2015-09-07 19:16 - 00172856 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2015-09-07 19:11 - 2015-05-29 00:43 - 00303744 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-09-07 19:10 - 2015-09-07 19:10 - 00000036 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2015-09-07 18:32 - 2015-09-08 03:35 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-07 18:32 - 2015-09-07 18:32 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-07 18:32 - 2015-09-07 18:32 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-07 18:32 - 2015-09-07 18:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-07 18:32 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-07 18:32 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-07 17:43 - 2015-09-07 17:43 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-09-07 17:43 - 2015-09-07 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-09-07 17:42 - 2015-09-08 04:47 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-09-07 17:42 - 2015-09-07 17:42 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-07 17:42 - 2015-09-07 17:42 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-07 17:42 - 2015-09-07 17:42 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-07 17:42 - 2015-09-07 17:42 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-07 17:42 - 2015-09-07 17:42 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-09-07 17:42 - 2015-09-07 17:42 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-07 17:42 - 2015-09-07 17:42 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-09-07 17:42 - 2015-09-07 17:42 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-09-07 17:42 - 2015-09-07 17:42 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-07 17:42 - 2015-09-07 17:42 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-07 17:42 - 2015-09-07 17:42 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-07 17:41 - 2015-09-07 17:41 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-07 17:27 - 2015-09-07 17:27 - 00000919 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to AdwCleaner.lnk
2015-09-07 17:26 - 2015-09-07 17:26 - 00000878 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to JRT.lnk
2015-09-07 17:25 - 2015-09-07 17:25 - 00000878 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to TFC.lnk
2015-09-07 16:52 - 2015-09-07 16:52 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2015-09-07 16:51 - 2015-09-07 16:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-07 16:51 - 2015-09-07 16:51 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-09-07 16:51 - 2015-09-07 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-09-07 16:51 - 2015-09-07 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-09-07 16:48 - 2015-09-07 16:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-09-07 16:32 - 2015-09-07 16:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-07 16:32 - 2015-09-07 16:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-07 16:21 - 2013-03-12 05:49 - 01076968 ____R (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\RTL8192cu.sys
2015-09-07 16:03 - 2015-09-08 04:32 - 00000000 ____D C:\AdwCleaner
2015-09-07 16:03 - 2015-09-07 16:03 - 00000290 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Desktop\Shortcut to AdwCleaner(1).lnk
2015-09-07 15:58 - 2015-09-08 03:36 - 00000178 ___SH C:\Documents and Settings\Administrator.D2YGHXB1\ntuser.ini
2015-09-07 15:58 - 2015-09-08 03:31 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp
2015-09-07 15:58 - 2015-09-08 03:26 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1
2015-09-07 15:58 - 2015-03-23 22:26 - 00001774 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Internet Explorer.lnk
2015-09-07 15:58 - 2014-03-21 14:54 - 00000000 ___HD C:\Documents and Settings\Administrator.D2YGHXB1\Application Data\Gtek
2015-09-07 15:58 - 2006-10-05 15:51 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Application Data\Musicmatch
2015-09-07 15:58 - 2006-10-05 15:50 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Application Data\Google
2015-09-07 15:58 - 2006-10-05 15:36 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2015-09-07 15:58 - 2006-10-05 15:28 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Dell Accessories
2015-09-07 15:58 - 2006-10-05 15:28 - 00000000 ____D C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Dell
2015-09-07 15:58 - 2004-08-10 11:08 - 00000642 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Outlook Express.lnk
2015-09-07 15:58 - 2004-08-10 11:04 - 00001503 _____ C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Remote Assistance.lnk
2015-09-07 15:58 - 2004-08-10 11:02 - 00000000 ___RD C:\Documents and Settings\Administrator.D2YGHXB1\Start Menu\Programs\Accessories
2015-09-07 15:48 - 2015-09-07 17:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-09-07 15:48 - 2015-09-07 15:48 - 00000000 ____D C:\Documents and Settings\Administrator
2015-09-07 15:48 - 2015-03-23 22:26 - 00001774 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2015-09-07 15:48 - 2014-03-21 14:54 - 00000000 ___HD C:\Documents and Settings\Administrator\Application Data\Gtek
2015-09-07 15:48 - 2006-10-05 15:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
2015-09-07 15:48 - 2006-10-05 15:50 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-09-07 15:48 - 2006-10-05 15:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-09-07 15:48 - 2006-10-05 15:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2015-09-07 15:48 - 2006-10-05 15:28 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories
2015-09-07 15:48 - 2006-10-05 15:28 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dell
2015-09-07 15:48 - 2004-08-10 11:08 - 00000642 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2015-09-07 15:48 - 2004-08-10 11:04 - 00001503 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-09-07 15:48 - 2004-08-10 11:02 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-09-07 15:47 - 2015-09-07 15:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini090715-03.dmp
2015-09-07 15:44 - 2015-09-07 15:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini090715-02.dmp
2015-09-07 15:34 - 2015-09-07 15:35 - 00000000 ____D C:\WINDOWS\pss
2015-09-07 13:49 - 2015-09-07 13:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini090715-01.dmp
2015-08-31 15:45 - 2015-08-31 15:45 - 00090112 _____ C:\WINDOWS\Minidump\Mini083115-01.dmp
2015-08-27 16:03 - 2015-08-27 16:02 - 00090112 _____ C:\WINDOWS\Minidump\Mini082715-02.dmp
2015-08-27 15:53 - 2015-08-27 15:53 - 00090112 _____ C:\WINDOWS\Minidump\Mini082715-01.dmp
2015-08-26 15:28 - 2015-08-26 15:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini082615-03.dmp
2015-08-26 15:22 - 2015-08-26 15:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini082615-02.dmp
2015-08-26 15:18 - 2015-08-26 15:18 - 00090112 _____ C:\WINDOWS\Minidump\Mini082615-01.dmp
2015-08-24 15:47 - 2015-08-24 15:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini082415-03.dmp
2015-08-24 15:39 - 2015-08-24 15:39 - 00090112 _____ C:\WINDOWS\Minidump\Mini082415-02.dmp
2015-08-24 15:36 - 2015-08-24 15:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini082415-01.dmp
2015-08-23 13:45 - 2015-08-23 13:45 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-12.dmp
2015-08-23 13:41 - 2015-08-23 13:41 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-11.dmp
2015-08-23 13:36 - 2015-08-23 13:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-10.dmp
2015-08-23 13:28 - 2015-08-23 13:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-09.dmp
2015-08-23 10:22 - 2015-08-23 10:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-08.dmp
2015-08-23 10:16 - 2015-08-23 10:16 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-07.dmp
2015-08-23 10:11 - 2015-08-23 10:11 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-06.dmp
2015-08-23 10:08 - 2015-08-23 10:08 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-05.dmp
2015-08-23 10:03 - 2015-08-23 10:03 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-04.dmp
2015-08-23 09:59 - 2015-08-23 09:59 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-03.dmp
2015-08-23 09:53 - 2015-08-23 09:53 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-02.dmp
2015-08-23 09:49 - 2015-08-23 09:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini082315-01.dmp
2015-08-22 20:22 - 2015-08-22 20:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-05.dmp
2015-08-22 20:10 - 2015-08-22 20:10 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-04.dmp
2015-08-22 20:03 - 2015-08-22 20:03 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-03.dmp
2015-08-22 10:37 - 2015-08-22 10:37 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-02.dmp
2015-08-22 10:31 - 2015-08-22 10:31 - 00090112 _____ C:\WINDOWS\Minidump\Mini082215-01.dmp
2015-08-21 16:25 - 2015-08-21 16:25 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-08.dmp
2015-08-21 15:37 - 2015-08-21 15:37 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-07.dmp
2015-08-21 15:28 - 2015-08-21 15:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-06.dmp
2015-08-21 15:23 - 2015-08-21 15:23 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-05.dmp
2015-08-21 15:16 - 2015-08-21 15:16 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-04.dmp
2015-08-21 10:35 - 2015-08-21 10:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-03.dmp
2015-08-21 10:28 - 2015-08-21 10:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-02.dmp
2015-08-21 10:23 - 2015-08-21 10:23 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-21 10:23 - 2015-08-21 10:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini082115-01.dmp
2015-08-20 15:29 - 2015-08-20 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-20 15:29 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-08-20 15:28 - 2015-09-07 17:43 - 00193739 _____ C:\WINDOWS\Wdf01009Inst.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 04:58 - 2004-08-10 11:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-09-08 04:42 - 2004-08-10 11:02 - 01521049 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-08 04:42 - 2004-08-10 10:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-08 04:41 - 2014-06-03 23:13 - 00000342 _____ C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_LogonTask.job
2015-09-08 04:41 - 2014-04-12 00:22 - 00337936 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-09-08 04:41 - 2014-03-21 16:43 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-08 04:41 - 2004-08-10 11:08 - 00032638 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-08 04:41 - 2004-08-10 11:08 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-09-08 04:41 - 2004-08-10 11:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-08 04:41 - 2004-08-10 10:59 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-08 04:40 - 2004-08-10 10:51 - 00000593 _____ C:\WINDOWS\win.ini
2015-09-08 04:40 - 2004-08-10 10:51 - 00000227 _____ C:\WINDOWS\system.ini
2015-09-08 04:40 - 2004-08-10 10:51 - 00000210 __RSH C:\boot.ini
2015-09-08 04:23 - 2015-02-19 23:36 - 00116651 _____ C:\WINDOWS\setupapi.log
2015-09-08 04:23 - 2014-06-09 17:22 - 00000000 ____D C:\temp
2015-09-08 04:22 - 2006-10-05 15:27 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-09-08 04:15 - 2004-08-10 11:02 - 00000000 ____D C:\WINDOWS\Registration
2015-09-08 04:14 - 2004-08-10 10:57 - 00563380 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-08 04:13 - 2014-06-03 23:13 - 00000348 _____ C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_RS_DailyTask.job
2015-09-08 03:37 - 2004-08-10 11:08 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-09-08 01:14 - 2015-03-23 13:00 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Old Firefox Data
2015-09-08 01:06 - 2014-09-19 15:48 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin
2015-09-07 23:29 - 2004-08-10 11:08 - 00000000 ___RD C:\Documents and Settings\Owner\Start Menu\Programs\Accessories
2015-09-07 23:29 - 2004-08-10 10:52 - 00000000 ____D C:\WINDOWS\Help
2015-09-07 23:13 - 2014-06-03 23:13 - 00000354 _____ C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_RS_WeeklyTask.job
2015-09-07 23:13 - 2014-06-03 23:13 - 00000354 _____ C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_LG_DailyTask.job
2015-09-07 23:12 - 2015-03-19 15:27 - 00044582 _____ C:\WINDOWS\ie8_main.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00099270 _____ C:\WINDOWS\FaxSetup.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00066797 _____ C:\WINDOWS\ocgen.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00042502 _____ C:\WINDOWS\tsoc.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00035831 _____ C:\WINDOWS\updspapi.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00033665 _____ C:\WINDOWS\comsetup.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00022712 _____ C:\WINDOWS\ntdtcsetup.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00013714 _____ C:\WINDOWS\iis6.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00005869 _____ C:\WINDOWS\ocmsn.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00005632 _____ C:\WINDOWS\msgsocm.log
2015-09-07 23:12 - 2015-02-19 23:36 - 00001355 _____ C:\WINDOWS\imsins.log
2015-09-07 23:11 - 2015-02-19 23:36 - 00001355 _____ C:\WINDOWS\imsins.BAK
2015-09-07 23:10 - 2004-08-10 10:52 - 00000000 ____D C:\WINDOWS\Media
2015-09-07 23:03 - 2004-08-10 11:09 - 00000000 ____D C:\WINDOWS\system32\URTTemp
2015-09-07 23:00 - 2014-04-11 16:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-09-07 22:13 - 2004-08-10 10:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-07 22:10 - 2015-02-19 23:36 - 00000359 _____ C:\WINDOWS\setupact.log
2015-09-07 21:36 - 2014-04-11 15:31 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003UA.job
2015-09-07 20:08 - 2014-05-06 22:30 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Control Center for KODAK Webcams
2015-09-07 20:08 - 2014-04-11 11:21 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts
2015-09-07 18:55 - 2004-08-10 10:52 - 00000000 ____D C:\WINDOWS\Driver Cache
2015-09-07 18:54 - 2015-03-21 16:22 - 00000000 ____D C:\Program Files\Windows Network Accelerater
2015-09-07 18:54 - 2015-03-21 15:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\ywyyyzvxnmtmbwj
2015-09-07 18:54 - 2014-08-27 21:21 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Company
2015-09-07 17:32 - 2015-07-18 15:23 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-07 17:32 - 2015-07-18 15:23 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-07 17:29 - 2015-03-24 12:58 - 00000000 ____D C:\Program Files\7a4ae2b6-199c-4ced-9b64-c3391b605c78
2015-09-07 17:29 - 2015-02-27 10:22 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\4C4C4544-1425032576-4710-8048-B2C04F584231
2015-09-07 17:29 - 2015-02-05 09:01 - 00000000 ____D C:\87deb6e3-fd2e-49e8-9f4c-ebabfc3e2656
2015-09-07 17:29 - 2015-02-03 13:51 - 00000000 ____D C:\0098302f-83d5-4d32-ada4-16fb751ac877
2015-09-07 16:32 - 2015-03-19 13:22 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-07 16:32 - 2015-03-19 13:22 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-07 15:35 - 2014-04-11 15:54 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Skype
2015-08-20 15:36 - 2014-04-11 15:31 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003Core.job
2015-08-17 23:40 - 2014-09-19 11:48 - 00524288 ____N C:\WINDOWS\system32\config\pastalea.evt
2015-08-17 17:53 - 2014-04-26 20:48 - 00000000 ____D C:\Documents and Settings\All Users\Lx_cats
2015-08-11 23:35 - 2014-04-10 17:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 23:30 - 2014-03-21 15:51 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-12-08 21:02 - 2014-12-08 21:13 - 46776320 _____ () C:\Program Files\GUTE7.tmp
2014-06-11 23:45 - 2014-06-11 23:45 - 0003072 _____ () C:\Documents and Settings\Owner\Application Data\dvd.bmk
2014-08-27 19:52 - 2015-03-19 13:37 - 0000131 _____ () C:\Documents and Settings\Owner\Application Data\WB.CFG
2014-04-10 17:57 - 2014-04-10 17:57 - 0000000 ____C () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2015-09-07 19:16 - 2015-09-07 19:16 - 0172856 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2015-09-07 19:16 - 2015-09-07 19:16 - 0238202 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2015-03-19 13:37 - 2015-03-19 13:37 - 0274045 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\dsi1.dat
2015-03-19 13:37 - 2015-03-19 13:37 - 0161916 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\dsi2.dat
2014-06-11 21:18 - 2014-06-11 21:18 - 0000128 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
2015-09-07 19:10 - 2015-09-07 19:10 - 0000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2014-04-26 20:46 - 2015-02-28 16:19 - 0000504 _____ () C:\Documents and Settings\All Users\FastPics.log
2014-08-16 12:17 - 2014-08-16 12:17 - 0007008 _____ () C:\Documents and Settings\All Users\lxduJSW.log
2014-04-26 20:42 - 2014-04-26 20:42 - 0000000 ____C () C:\Documents and Settings\All Users\UpdaterLog.txt

Some files in TEMP:
====================
C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

[brownhornet]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-09-2015
Ran by Owner (2015-09-08 04:59:06)
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2014-03-21 19:34:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4000980144-3649526369-3817165490-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.D2YGHXB1
ASPNET (S-1-5-21-4000980144-3649526369-3817165490-1007 - Limited - Enabled)
Guest (S-1-5-21-4000980144-3649526369-3817165490-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-4000980144-3649526369-3817165490-1006 - Limited - Disabled)
Owner (S-1-5-21-4000980144-3649526369-3817165490-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-4000980144-3649526369-3817165490-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.2.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 5.0.2.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Dropbox (HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Update Helper (Version: 1.3.21.153 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideo (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-09-2015 20:03:32 JRT Pre-Junkware Removal
07-09-2015 23:00:44 JRT Pre-Junkware Removal
07-09-2015 23:03:09 Software Distribution Service 3.0
08-09-2015 01:06:48 Removed 3D Tropical Sunsets ScreenSaver
08-09-2015 01:25:19 Installed Adblock Plus for IE (32-bit)
08-09-2015 03:43:43 Revo Uninstaller's restore point - ooVoo
08-09-2015 03:43:50 Removed ooVoo
08-09-2015 03:46:56 Revo Uninstaller's restore point - FindingDiscount
08-09-2015 03:48:37 Revo Uninstaller's restore point - Oovoo Toolbar
08-09-2015 04:13:55 Software Distribution Service 3.0
08-09-2015 04:34:43 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 10:51 - 2015-09-07 15:52 - 00000736 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_LG_DailyTask.job => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_LogonTask.job => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_RS_DailyTask.job => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: C:\WINDOWS\Tasks\PCHB_Owner_PCHealthBoost_RS_WeeklyTask.job => C:\Program Files\PC HealthBoost\PCHealthBoost.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-07 17:42 - 2015-09-07 17:42 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-07 17:42 - 2015-09-07 17:42 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-08 01:39 - 2015-09-08 01:39 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15090800\algo.dll
2014-04-26 20:46 - 2009-05-14 00:23 - 00045056 _____ () C:\WINDOWS\system32\LXDUPMON.DLL
2014-04-26 20:46 - 2009-09-04 00:31 - 00086016 _____ () C:\WINDOWS\system32\LXDUOEM.DLL
2014-04-26 20:46 - 2009-09-04 00:29 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll
2014-04-26 20:47 - 2009-08-19 09:51 - 00155648 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdudrpp.dll
2015-09-07 17:42 - 2015-09-07 17:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\facebook.com -> hxxps://www.facebook.com
IE trusted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\microsoft.com -> hxxp://windows.microsoft.com
IE trusted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\msn.com -> hxxp://www.msn.com
IE trusted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\skype.com -> hxxps://apps.skype.com

IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Corel Photo Album 6 Wallpaper.bmp
DNS Servers: 68.105.28.12 - 68.105.29.12
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk => C:\WINDOWS\pss\Desktop Temperature Monitor.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Weather Alerts.lnk => C:\WINDOWS\pss\Weather Alerts.lnkStartup
MSCONFIG\startupreg: AnyProtect Scanner => "C:\Program Files\AnyProtectEx\AnyProtect.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avast-Browser-Cleanup => "C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe"/RunOnce
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DMXLauncher => C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
MSCONFIG\startupreg: fst_us_227 =>
MSCONFIG\startupreg: gmsd_us_342 =>
MSCONFIG\startupreg: gmsd_us_343 =>
MSCONFIG\startupreg: gmsd_us_349 =>
MSCONFIG\startupreg: gmsd_us_359 =>
MSCONFIG\startupreg: gmsd_us_372 =>
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Lexmark 5600-6600 Series Fax Server => "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
MSCONFIG\startupreg: lxdumon.exe => "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: ProPCCleaner => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe true
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: upgmsd_us_342.exe => C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exe -runhelper
MSCONFIG\startupreg: upgmsd_us_343.exe => C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exe -runhelper
MSCONFIG\startupreg: upgmsd_us_349.exe => C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exe -runhelper
MSCONFIG\startupreg: upgmsd_us_372.exe => C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe -runhelper

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\lxducoms.exe] => Enabled:5600-6600 Series Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\LibreOffice 4\program\soffice.bin] => Enabled:LibreOffice
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Enabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Enabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2015 05:01:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 6.0.0.1204, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/07/2015 05:00:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 6.0.0.1204, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/07/2015 03:32:41 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.

Error: (09/07/2015 03:31:58 PM) (Source: Google Update) (EventID: 20) (User: D2YGHXB1)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, named proxy=http=127.0.0.1:8800;https=127.0.0.1:8800;, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, named proxy=http=12

Error: (08/26/2015 03:19:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module explorer.exe, version 6.0.2900.5512, fault address 0x00009409.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/20/2015 10:36:26 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.

Error: (08/19/2015 08:51:41 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.

Error: (08/18/2015 10:00:23 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.

Error: (08/17/2015 05:55:11 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.

Error: (08/16/2015 10:03:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 desktoptemperature.exe, P2 1.24.0.0, P3 54591580, P4 system.configuration, P5 2.0.0.0, P6 51edf2f3, P7 1a9, P8 4d, P9 clr20r30, P10 clr20r31.


System errors:
=============
Error: (09/08/2015 04:42:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
gfilterdrv
ywiynzu4njzmymj

Error: (09/08/2015 04:41:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hyphen Multimedia service failed to start due to the following error:
%%2

Error: (09/08/2015 04:31:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
gfilterdrv
ywiynzu4njzmymj

Error: (09/08/2015 04:31:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hyphen Multimedia service failed to start due to the following error:
%%2

Error: (09/08/2015 04:31:42 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).

Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (09/08/2015 04:30:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (09/07/2015 05:01:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SUPERAntiSpyware.exe6.0.0.1204hungapp0.0.0.000000000

Error: (09/07/2015 05:00:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SUPERAntiSpyware.exe6.0.0.1204hungapp0.0.0.000000000

Error: (09/07/2015 03:32:41 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNIL

Error: (09/07/2015 03:31:58 PM) (Source: Google Update) (EventID: 20) (User: D2YGHXB1)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, named proxy=http=127.0.0.1:8800;https=127.0.0.1:8800;, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, named proxy=http=12

Error: (08/26/2015 03:19:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512explorer.exe6.0.2900.551200009409

Error: (08/20/2015 10:36:26 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNIL

Error: (08/19/2015 08:51:41 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNIL

Error: (08/18/2015 10:00:23 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNIL

Error: (08/17/2015 05:55:11 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNIL

Error: (08/16/2015 10:03:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3desktoptemperature.exe1.24.0.054591580system.configuration2.0.0.051edf2f31a94dioibmurhynrxkw0zxkyrvfn0boyyufowNIL


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 27%
Total physical RAM: 3070.07 MB
Available physical RAM: 2233.22 MB
Total Virtual: 5980.13 MB
Available Virtual: 5273.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:294.83 GB) (Free:273.09 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=294.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.2 GB) - (Type=DB)

==================== End of Addition.txt ============================

[Juliet]

Running from C:\Documents and Settings\Owner\My Documents\Downloads

 

It's best we move Farbar's to desktop.

 

Please go to your My Documents\downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

 

 

start

CreateRestorePoint:

CloseProcesses:

AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File

AppInit_DLLs: c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => No File

AppInit_DLLs: c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll => No File

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)

ProxyEnable: [.DEFAULT] => Proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:47574

Internet Explorer: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}

HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179

HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

S2 doviqexy; C:\Documents and Settings\Owner\Application Data\VOPackage\nsh148.tmpfs [X]

C:\Documents and Settings\Owner\Application Data\VOPackage

S1 ywiynzu4njzmymj; C:\WINDOWS\system32\drivers\ywiynzu4njzmymj.sys [X]

C:\WINDOWS\system32\AI_RecycleBin

2015-09-07 18:54 - 2015-03-21 15:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\ywyyyzvxnmtmbwj

C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp\sqlite3.dll

C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll

CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).

CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No (the data entry has 5 more characters).

CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideo (the data entry has 19 more characters).

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

C:\Program Files\AnyProtectEx\AnyProtect.exe

C:\Program Files\AnyProtectEx

C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe

C:\Program Files\Pro PC Cleaner

C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe

EmptyTemp:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

~~~~~~~~~~~~~~~~~~

Open MBAM (Malwarebytes' Anti-Malware)

• On the Dashboard click on Update Now
• Go to the Setting Tab
• Under Setting go to Detection and Protection
• Under PUP and PUM make sure both are set to show Treat Detections as Malware
• Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
• Then on the Dashboard click on Scan
• Make sure to select THREAT SCAN
• Then click on Scan
• When the scan is finished and the log pops up...select Copy to Clipboard
• Please paste the log back into this thread for review
• Exit Malwarebytes

   

   

   

  Post these 2 logs when finished.

[brownhornet]

Fix result of Farbar Recovery Scan Tool (x86) Version:07-09-2015
Ran by Owner (2015-09-08 11:31:08) Run:2
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
AppInit_DLLs: _C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
AppInit_DLLs: c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => No File
AppInit_DLLs: c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
Internet Explorer: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 doviqexy; C:\Documents and Settings\Owner\Application Data\VOPackage\nsh148.tmpfs [X]
C:\Documents and Settings\Owner\Application Data\VOPackage
S1 ywiynzu4njzmymj; C:\WINDOWS\system32\drivers\ywiynzu4njzmymj.sys [X]
C:\WINDOWS\system32\AI_RecycleBin
2015-09-07 18:54 - 2015-03-21 15:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\ywyyyzvxnmtmbwj
C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideo (the data entry has 19 more characters).
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
C:\Program Files\AnyProtectEx\AnyProtect.exe
C:\Program Files\AnyProtectEx
C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe
C:\Program Files\Pro PC Cleaner
C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"_C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value data not found.
"c:\progra~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL" => Value data not found.
"c:\documents and settings\all users\application data\performance optimizer\performanceoptimizer.dll" => Value data not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => File/Folder not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
doviqexy => service not found.
"C:\Documents and Settings\Owner\Application Data\VOPackage" => File/Folder not found.
ywiynzu4njzmymj => service not found.
"C:\WINDOWS\system32\AI_RecycleBin" => File/Folder not found.
"C:\Documents and Settings\Owner\Application Data\ywyyyzvxnmtmbwj" => File/Folder not found.
"C:\Documents and Settings\Administrator.D2YGHXB1\Local Settings\Temp\sqlite3.dll" => File/Folder not found.
"C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll" => File/Folder not found.
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found.
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
HKU\S-1-5-21-4000980144-3649526369-3817165490-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} => key not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":5C321E34" ADS not found.
"C:\Program Files\AnyProtectEx\AnyProtect.exe" => File/Folder not found.
"C:\Program Files\AnyProtectEx" => File/Folder not found.
"C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe" => File/Folder not found.
"C:\Program Files\Pro PC Cleaner" => File/Folder not found.
"C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exe" => File/Folder not found.
"C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exe" => File/Folder not found.
"C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exe" => File/Folder not found.
"C:\Documents and Settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe" => File/Folder not found.
EmptyTemp: => 62.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:31:32 ====

[brownhornet]

malewarebytes scan log:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/8/2015
Scan Time: 11:36:25 AM
Logfile: mb.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.08.05
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 400872
Time Elapsed: 14 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[brownhornet]

just want to add that even after scans with ADWcleaner these items keep popping up,by that i mean right after it is cleaned i run a scan and there they are again:

 

 

# AdwCleaner v5.006 - Logfile created 08/09/2015 at 12:22:58
# Updated 06/09/2015 by Xplode
# Database : 2015-09-07.1 [server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - D2YGHXB1
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\system32\config\pastalea.evt

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [915 bytes] ##########

Edited September 8, 2015 by brownhornet

[Juliet]

 

Ran by Owner (2015-09-08 11:31:08) Run:2

Running from C:\Documents and Settings\Owner\Desktop

You ran the script I created twice?

 

Let's pull out some big guns.

 

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

How to use ComboFix

 

Download ComboFix from here:

Link 1

Link 2

Link 3

 

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

   

  You can get help on disabling your protection programs here

• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply

   

  Note:

  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

   

  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

   

  ---------------------------------------------------------------------------------------------

• Ensure your AntiVirus and AntiSpyware applications are re-enabled.

   

  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

  ---------------------------------------------------------------------------------------------

• If there are Internet issues after running ComboFix:

  Internet Explorer:

  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

  Firefox:

  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

  Chrome:

  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

  Safari

  Launch Safari

  Go to general settings menu

  Then in Preferences/ Advanced

  Then on line click Proxies change settings ...

  Click Internet Options, then click the Connections tab, click Network Settings.

  Disable option (uncheck) for the use of proxy server ...

~~~~~~~~~~~~~~~~~~`

 

[brownhornet]

ComboFix 15-09-07.01 - Owner 09/08/2015 14:52:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2172 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-08-08 to 2015-09-08 )))))))))))))))))))))))))))))))
.
.
2015-09-08 11:54 . 2015-09-08 18:33 -------- d-----w- C:\FRST
2015-09-08 11:21 . 2015-09-08 11:21 -------- d-----w- C:\NVIDIA
2015-09-08 10:42 . 2015-09-08 10:42 -------- d-----w- c:\program files\VS Revo Group
2015-09-08 08:25 . 2015-09-08 08:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adblock Plus for IE
2015-09-08 08:25 . 2015-09-08 08:25 -------- d-----w- c:\program files\Adblock Plus for IE
2015-09-08 08:25 . 2015-09-08 08:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Adblock Plus for IE
2015-09-08 06:47 . 2015-09-08 06:47 -------- d-----w- c:\program files\ESET
2015-09-08 06:09 . 2015-09-08 06:11 -------- dc-h--w- c:\windows\ie8
2015-09-08 05:59 . 2015-09-08 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
2015-09-08 05:59 . 2015-09-08 06:00 -------- d-----w- c:\program files\SpywareBlaster
2015-09-08 03:08 . 2015-09-08 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics
2015-09-08 03:06 . 2015-09-08 03:11 -------- d-----w- c:\program files\Auslogics
2015-09-08 02:11 . 2015-05-29 07:43 303744 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2015-09-08 01:32 . 2015-09-08 18:35 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-08 01:32 . 2015-06-18 15:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-08 01:32 . 2015-06-18 15:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-08 01:32 . 2015-09-08 01:32 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-09-08 00:42 . 2015-09-08 00:42 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-09-08 00:42 . 2015-09-08 00:42 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-09-08 00:42 . 2015-09-08 00:42 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-09-08 00:42 . 2015-09-08 00:42 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-09-08 00:42 . 2015-09-08 00:42 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-09-08 00:42 . 2015-09-08 00:42 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-09-08 00:42 . 2015-09-08 00:42 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-09-08 00:42 . 2015-09-08 00:42 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-09-08 00:42 . 2015-09-08 00:42 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-09-08 00:42 . 2015-09-08 00:42 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-08 00:42 . 2015-09-08 00:42 43112 ----a-w- c:\windows\avastSS.scr
2015-09-08 00:41 . 2015-09-08 00:41 -------- d-----w- c:\program files\AVAST Software
2015-09-07 23:52 . 2015-09-07 23:52 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2015-09-07 23:51 . 2015-09-07 23:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-09-07 23:51 . 2015-09-07 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2015-09-07 23:48 . 2015-09-07 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-09-07 23:32 . 2015-09-07 23:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-09-07 23:21 . 2013-03-12 12:49 1076968 ----a-r- c:\windows\system32\drivers\RTL8192cu.sys
2015-09-07 23:03 . 2015-09-08 19:25 -------- d-----w- C:\AdwCleaner
2015-09-07 22:48 . 2015-09-07 22:48 -------- d-----w- c:\documents and settings\Administrator
2015-08-20 22:29 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-08 00:32 . 2015-07-18 22:23 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-08 00:32 . 2015-07-18 22:23 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 04:13 . 2014-12-09 04:02 46776320 ----a-w- c:\program files\GUTE7.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-08 00:42 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-08 6111824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
backup=c:\windows\pss\Desktop Temperature Monitor.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Weather Alerts.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Weather Alerts.lnk
backup=c:\windows\pss\Weather Alerts.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avast-Browser-Cleanup]
c:\program files\AVAST Software\Avast\BrowserCleanup.exe/RunOnce [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-14 02:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2015-09-08 00:42 6111824 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2009-09-04 07:51 131752 ----a-w- c:\program files\Lexmark 5600-6600 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2014-04-11 22:31 138096 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2015-03-02 09:03 2477056 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 18:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 18:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 18:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5600-6600 Series Fax Server]
2009-09-04 07:51 311976 ----a-w- c:\program files\Lexmark 5600-6600 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdumon.exe]
2009-09-04 07:51 676520 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxdumon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 11:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-01-31 09:02 15517472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-01-31 09:02 108832 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-02-10 16:17 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-10-01 20:51 22067296 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2015-07-30 20:02 6815512 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [9/7/2015 5:42 PM 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [9/7/2015 5:42 PM 208664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/7/2015 5:42 PM 788784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/7/2015 5:42 PM 433264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 4:47 PM 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [9/7/2015 5:42 PM 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [9/7/2015 5:42 PM 76000]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [4/26/2014 8:47 PM 98984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [9/7/2015 6:32 PM 1871160]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [9/7/2015 5:42 PM 161472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/7/2015 6:32 PM 23256]
R3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [9/7/2015 4:21 PM 1076968]
S1 gfilterdrv;gfilterdrv;c:\windows\system32\drivers\gfilterdrv.sys --> c:\windows\system32\drivers\gfilterdrv.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [9/7/2015 6:32 PM 1133880]
S3 cpuz134;cpuz134;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [9/7/2015 6:32 PM 98520]
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-08 00:42]
.
2015-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-11 22:31]
.
2015-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4000980144-3649526369-3817165490-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-04-11 22:31]
.
2015-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-21 01:59]
.
2015-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-21 01:59]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
Trusted Zone: facebook.com\www
Trusted Zone: microsoft.com\windows
Trusted Zone: msn.com\www
Trusted Zone: skype.com\apps
Trusted Zone: yahoo.com\www
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xz1s2yzz.default-1441700062562\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-AnyProtect Scanner - c:\program files\AnyProtectEx\AnyProtect.exe
MSConfigStartUp-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
MSConfigStartUp-InboxToolbar - c:\program files\Inbox Toolbar\Inbox.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
MSConfigStartUp-ProPCCleaner - c:\program files\Pro PC Cleaner\ProPCCleaner.exe
MSConfigStartUp-upgmsd_us_342 - c:\documents and settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_342.exe
MSConfigStartUp-upgmsd_us_343 - c:\documents and settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_343.exe
MSConfigStartUp-upgmsd_us_349 - c:\documents and settings\Owner\Local Settings\Application Data\gmsd_us_342\upgmsd_us_349.exe
MSConfigStartUp-upgmsd_us_372 - c:\documents and settings\Owner\Local Settings\Application Data\gmsd_us_359\upgmsd_us_372.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-08 14:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2015-09-08 14:59:57
ComboFix-quarantined-files.txt 2015-09-08 21:59
.
Pre-Run: 293,818,036,224 bytes free
Post-Run: 293,796,065,280 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 69A081A75F5D4EBC8034BD8F8D0FCB96
91722E6BC3A2B40FF00222DCA4A3DB3E

[Juliet]

Let's try a different anti-malware scanner.

 

Emsisoft Anti-Malware

• Download and save the Emsisoft Anti-Malware setup program to your desktop. The download is fairly large, so please be patient while it downloads.
• Once the file has been downloaded, close all open programs.
• Double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
• If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
• You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
• Click on the Freeware trail mode link:

  

• You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
• Allow it to update the definitions. Please be patient as it may take a few minutes for the updates to finish downloading.
• When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
• Please select the Deep Scan option and then click on the Scan button. The Deep Scan option will take the longest time to scan your computer, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned. Please don't run any other program while it is scanning.
• When the scan has finished, the program will display the scan results that shows what infections where found.
• Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports)
• Click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.

~~~~~~~~~~~~~~~

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

 

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

 

ESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points.
• Click and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.
• ~~~

  In your next reply, please include:

  • Emsisoft Anti-Malware log (located at C:\Users\Documents\Anti-Malware\Reports)
  • Eset log

[Juliet]

Forgot to ask, how is the computer?

[brownhornet]

its running kinda sluggish or maybe its just XP. how bad was the computer? running emsisoft now

[Juliet]

I didn't think to devastating but I never got to see any of these logs you ran first

MB,adwcleaner,superantispyware,tried running JRT

[Juliet]

 

still get pop up adds

can you remember where to?

[Juliet]

Sorry I'm so dense today and not thinking of this before now.

 

Please do the following:

 

Reset all the browsers back to default:

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

 

Backup Internet Explorer Bookmarks

https://kb.wisc.edu/helpdesk/page.php?id=1419

Backup Firefox Bookmarks

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Backup Chrome Bookmarks

http://www.wikihow.com/Export-Bookmarks-from-Chrome

 

Proceed with the reset once done.

 

I.E.

 

Open Internet Explorer, click on the gear icon at the top (far right), then click again on Internet Options.

In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.

Reset Internet Explorer

In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset Internet Explorer back to its default settings

When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.

Close Internet Explorer.

 

Firefox

 

At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.

Click the Refresh Firefox button in the upper-right corner of the Troubleshooting Information page.

To continue, click Refresh Firefox in the confirmation window that opens.

Firefox will close and be reset. When its done, a window will list the information that was imported. Click Finish

 

Google Chrome

 

enter the following into the Chrome address bar:

 

chrome://settings/personal

 

and at the bottom click on "Advanced Settings"

At the very bottom of the page click on "Reset Browser Settings"

 

Then if you use the sync feature, check the section for "delete your synced data from your Google Account " at the bottom of this page

http://support.google.com/chrome/bin/answer.py?hl=en&answer=185277

[brownhornet]

quick question,i ran the emsisoft scanner and it quarantined 46 of 48 objects. the other 2 it wont,should i delete them???

[Juliet]

the other 2 it wont,should i delete them

Can you tell me which 2 your talking about?

 

 

 

You should be able to hold the program to view the list of objects found.

Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports)

[brownhornet]

Can you tell me which 2 your talking about?

 

 

 

You should be able to hold the program to view the list of objects found.

Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports)

i closed the program since i wanted to run the Eset scan,takes a long time. one file was a quarantined file from ADWcleaner the other was a registry file that was labled as ''no risk''. sorry to jump the gun before hearing back from you,its my aunts computer and she leaves for arizona tomorrow.Eset scan is at 50% and 17min.

Edited September 9, 2015 by brownhornet

[Juliet]

one file was a quarantined file from ADWcleaner the other was a registry file that was labled as ''no risk''.

 

don't worry over what is found in quarantine folders from other tools, thats to be expected.

[brownhornet]

the eset scan came up with no detections. here is the Emsisoft log:

 

 

 

Emsisoft Anti-Malware - Version 10.0.0.5641
Last update: 9/8/2015 3:56:22 PM
Initiated by:

Scan settings:

Scan type:
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: On

Advanced caching: On
Direct disk access: Off

Scan start: 9/8/2015 3:59:32 PM
Key: HKEY_USERS\.DEFAULT\SOFTWARE\SOLID PROGRAM Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-4000980144-3649526369-3817165490-1003\SOFTWARE\SOLID PROGRAM Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\SOLID PROGRAM Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} Application.AdShopper (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} Application.AdShopper (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.FEEDMANAGER Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.FEEDMANAGER.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.HTMLMENU Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.HTMLMENU.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.HTMLPANEL Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.HTMLPANEL.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.MULTIPLEBUTTON Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.MULTIPLEBUTTON.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.PSEUDOTRANSPARENTPLUGIN Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.PSEUDOTRANSPARENTPLUGIN.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.SCRIPTBUTTON Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.SCRIPTBUTTON.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.SETTINGSPLUGIN Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.SETTINGSPLUGIN.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.THIRDPARTYINSTALLER Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAPSGALAXY_39.THIRDPARTYINSTALLER.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\YT.YTNAVASSISTPLUGIN Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\YT.YTNAVASSISTPLUGIN.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SLIMWARE UTILITIES, INC.\DRIVERAPP Application.InstallDrive (A)
C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\FlashBeat\SoftConfigTest.exe.vir Gen:Variant.Adware.Kazy.604816 (
C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Windows Discount\FindingDiscount\FindingDiscount.exe.vir Trojan.Generic.14571572 (
C:\AdwCleaner\Quarantine\C\Program Files\pastaleads\PastaLeadsService.exe.vir Adware.Agent.PIL (
C:\AdwCleaner\Quarantine\C\Program Files\V-bates\libwinhook.dll.vir Adware.PassionFruit.A (
C:\AdwCleaner\Quarantine\C\Program Files\ver6BlockAndSurf\temp\i.arc.vir -> (Embedded EXE 2g) Gen:Variant.Adware.Zusy.132667 (
C:\AdwCleaner\Quarantine\C\Program Files\ver6BlockAndSurf\temp\i.arc.vir -> (Embedded EXE 3g) Gen:Variant.Zusy.128867 (
C:\Documents and Settings\Owner\Desktop\Old Firefox Data\u1mf7z30.default\extensions\{1a4f7658-8acd-c8ae-404b-4eab4d23beb0}\chrome\content\main.js Adware.ZoomIt.A (
C:\Documents and Settings\Owner\Desktop\Old Firefox Data\u1mf7z30.default\extensions\{1a4f7658-8acd-c8ae-404b-4eab4d23beb0}\chrome\content\zoom.js Adware.ZoomIt.A (
C:\Documents and Settings\Owner\Desktop\Old Firefox Data\u1mf7z30.default\extensions\{c0427b7e-9c3b-3b57-2c10-7c3fd39b3605}\chrome\content\main.js Adware.ZoomIt.A (
C:\Documents and Settings\Owner\Desktop\Old Firefox Data\u1mf7z30.default\extensions\{c0427b7e-9c3b-3b57-2c10-7c3fd39b3605}\chrome\content\zoom.js Adware.ZoomIt.A (

Scanned 123976
Found 48

Scan end: 9/8/2015 4:25:09 PM
Scan time: 0:25:37

Edited September 9, 2015 by brownhornet

[brownhornet]

seems to be doing ok,not like it was before at all

[Juliet]

seems to be doing ok,not like it was before at all

glad to hear that.

 

C:\Documents and Settings\Owner\Desktop\Old Firefox Data

 

Her Firefox backup had some minor issues, if you can get her to delete that out or run the Emsisoft Anti-Malware again it will take it out. (Unless you allowed it to when running the scan) <--ideal

 

Were you able to run the Eset scan?

Edited September 9, 2015 by Juliet

[brownhornet]

glad to hear that.

 

C:\Documents and Settings\Owner\Desktop\Old Firefox Data

 

Her Firefox backup had some minor issues, if you can get her to delete that out or run the Emsisoft Anti-Malware again it will take it out. (Unless you allowed it to when running the scan) <--ideal

 

Were you able to run the Eset scan?

 

 

yes i deleted the FF stuff and the Eset scan came up with zero issues

 

 

[brownhornet]

feel free to close this topic as i consider it solved/fixed unless you see something i missed......thanks juliet for all you do round the pit..