Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus effecting finances


  • This topic is locked This topic is locked
26 replies to this topic

#1 kkoz83

kkoz83

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 08 January 2014 - 07:10 PM

Hello, how are you?

 

A day ago I received a phone call about a suspicious charge - it was fraudulent :(  

The next day I cannot get on the main page of the financial  institution which informed me of the fraudulent charge.  I am able to get on the webpage using other PCs.

Other sites seem fine.

 

Please help!!!  Malwarebytes full scan is clean & also Super Antispyware is clean.  I also had a clean scan with Avast.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:26 AM

Posted 13 January 2014 - 07:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520150 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 14 January 2014 - 03:14 PM

Attach text file

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2004 8:33:32 PM
System Uptime: 1/14/2014 1:29:35 PM (2 hours ago)
.
Motherboard: Intel Corporation               |  | D845GVSR                      
Processor:                 Intel® Celeron® CPU 2.66GHz | J2E1 | 2666/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 43.636 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 



#4 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 14 January 2014 - 03:15 PM

DDS text

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Janusz Kozyra at 15:12:08 on 2014-01-14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.399 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eMachines Bay  Reader\shwiconem.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\DOCUME~1\JANUSZ~1\LOCALS~1\TEMP\RAR$EX00.344\PROCEXP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.pl/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IEPluginBHO Class: {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - c:\documents and settings\janusz kozyra\application data\nowe gadu-gadu\_userdata\ggbho.1.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - LocalServer32 - <no file>
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [MWSnap] "c:\program files\mwsnap\MWSnap.exe"
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Nowe Gadu-Gadu] "c:\program files\nowe gadu-gadu\gg.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SunKistEM] c:\program files\emachines bay  reader\shwiconem.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ITPIPSetup] "E:\setupstb.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taskma~1.lnk - c:\windows\system32\taskmgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} - hxxp://www.drivershq.com/files/cab/nonmember/DriverDetective-nm.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {41ACD49D-1974-791A-0981-AA9872721044} - hxxp://67.15.101.33/g_bin/pl/boards_2_0_0_35.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} - hxxp://67.15.101.33/g_bin/pl/navy_2_0_0_29.cab
DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341944576953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/ct.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.kings.edu/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} - hxxp://67.15.101.33/g_bin/pl/soccer_2_0_0_20.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: NameServer = 216.144.187.101 216.144.187.199 204.186.80.251
TCP: Interfaces\{2189A0DF-B289-4B8D-83FD-7972312C85D1} : DHCPNameServer = 216.144.187.101 216.144.187.199 204.186.80.251
TCP: Interfaces\{A7533900-F2DC-4CD3-9B91-46009EC98E3B} : DHCPNameServer = 216.144.187.101 216.144.187.199 204.186.80.251
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
IFEO: taskmgr.exe - "c:\docume~1\janusz~1\locals~1\temp\rar$ex00.344\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-6 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-6 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-23 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2009-7-19 410528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-6 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-22 50344]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-7-11 47640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-10 24652]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\janusz~1\locals~1\temp\cdrmkaun.sys --> c:\docume~1\janusz~1\locals~1\temp\cdrmkaun.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-7-11 13408]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-9-19 25088]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-6-18 14336]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-01-08 03:39:32 -------- d-----w- C:\SUPERDelete
.
==================== Find3M  ====================
.
2013-12-23 23:56:04 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-23 23:56:04 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-23 23:56:04 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-23 23:56:03 43152 ----a-w- c:\windows\avastSS.scr
2013-12-14 18:20:42 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-12-14 18:20:41 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-12-14 18:20:39 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-12-14 18:20:39 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-12-10 21:18:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:18:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-24 19:52:38 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-24 19:52:37 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
.
============= FINISH: 15:14:17.54 ===============

 



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:26 AM

Posted 18 January 2014 - 07:20 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

 

Mod Edit:  Reopened topic per PM request by OP, requested he follow HelpBot instructions from first post - Hamluis.


Edited by hamluis, 19 January 2014 - 09:42 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:26 AM

Posted 21 January 2014 - 09:08 PM

Greetings kkoz83 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run these programs for me.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 22 January 2014 - 12:51 PM

ComboFix 14-01-22.01 - Janusz Kozyra 01/22/2014  11:57:16.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.557 [GMT -5:00]
Running from: c:\documents and settings\Janusz Kozyra\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 0 bytes in 1 streams.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
ADS - svchost.exe: deleted 88 bytes in 2 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\C31F31E6.TMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Janusz Kozyra\Application Data\inst.exe
c:\documents and settings\Janusz Kozyra\g2mdlhlpx.exe
c:\documents and settings\Janusz Kozyra\My Documents\DPE.DUS
c:\documents and settings\Janusz Kozyra\System
c:\documents and settings\Janusz Kozyra\System\win_qs7.jqx
c:\documents and settings\Janusz Kozyra\WINDOWS
c:\documents and settings\LogMeInRemoteUser.JANUSZ\WINDOWS
c:\documents and settings\LogMeInRemoteUser\WINDOWS
c:\documents and settings\Test\WINDOWS
C:\test.txt
c:\windows\help\wmplayer.bak
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\hack
c:\windows\system32\hack\OEMLINK\OEM1.reg
c:\windows\system32\hack\OEMLINK\OEM2.reg
c:\windows\system32\hack\OEMLINK\OEM3.reg
c:\windows\system32\oobe\msoobe.err
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET115.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-22 to 2014-01-22  )))))))))))))))))))))))))))))))
.
.
2014-01-14 20:20 . 2013-12-19 01:46 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-14 20:19 . 2013-12-19 02:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 03:39 . 2014-01-08 03:39 -------- d-----w- C:\SUPERDelete
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-23 23:56 . 2013-03-06 23:59 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-23 23:56 . 2013-03-06 23:59 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-23 23:56 . 2011-02-24 00:11 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-23 23:56 . 2009-07-19 17:57 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-23 23:56 . 2009-07-19 17:57 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-23 23:56 . 2009-07-19 17:57 410528 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-12-23 23:56 . 2010-07-08 22:20 43152 ----a-w- c:\windows\avastSS.scr
2013-12-23 23:56 . 2009-07-19 17:57 270240 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-10 21:18 . 2012-03-29 20:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 21:18 . 2011-07-07 23:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-27 20:21 . 2004-06-18 11:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2004-06-18 11:23 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-05-01 18:06 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-04-15 00:09 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-05-01 17:39 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-24 01:32 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-06-18 11:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-06-18 11:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2004-06-18 11:22 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-24 19:52 . 2006-11-27 01:36 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-23 23:55 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MWSnap"="c:\program files\MWSnap\MWSnap.exe" [2002-07-06 427008]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\eMachines Bay  Reader\shwiconem.exe" [2004-03-12 135168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-12-23 3764024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="c:\program files\Alwil Software\Avast5\setup\emupdate\c9b9c9ad-38eb-4228-8fe5-180d052cb4fc.exe" [2014-01-22 181136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-11-4 1507431]
Task Manager.lnk - c:\windows\system32\taskmgr.exe [2004-6-18 135680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 20:54 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/6/2013 6:59 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/6/2013 6:59 PM 180248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/10/2010 4:57 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/23/2011 7:11 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7/19/2009 12:57 PM 410528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/6/2013 6:59 PM 67824]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 3:45 PM 57440]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\JANUSZ~1\LOCALS~1\Temp\cdrmkaun.sys --> c:\docume~1\JANUSZ~1\LOCALS~1\Temp\cdrmkaun.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 11:10 AM 17149]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/10/2007 4:55 PM 47360]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys --> c:\windows\system32\DRIVERS\radpms.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9/19/2010 1:26 PM 25088]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [1/14/2009 1:23 AM 458752]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvcs_Untrusted_BZ REG_MULTI_SZ    winmgmt_Untrusted_BZ
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:18]
.
2014-01-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-30 23:55]
.
2012-05-12 c:\windows\Tasks\Rescue Reminder for 2HA205TW.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 20:52]
.
2014-01-21 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_JANUSZ_Janusz Kozyra.job
- c:\windows\system32\mobsync.exe [2004-06-18 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.pl/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: DhcpNameServer = 216.144.187.101 216.144.187.199 204.186.80.251
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} - hxxp://www.drivershq.com/files/cab/nonmember/DriverDetective-nm.cab
DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} - hxxp://67.15.101.33/g_bin/pl/navy_2_0_0_29.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.kings.edu/activex/AMC.cab
DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} - hxxp://67.15.101.33/g_bin/pl/soccer_2_0_0_20.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
HKLM-Run-ITPIPSetup - E:\setupstb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-22 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1580682949-1722694458-2177561275-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2014-01-22  12:39:42
ComboFix-quarantined-files.txt  2014-01-22 17:39
.
Pre-Run: 46,748,323,840 bytes free
Post-Run: 49,013,305,344 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect     /NoExecute=OptIn
.
- - End Of File - - FE43C3CF54F529C690C131537A4298A9
1A0CF2F717FD6F57C8577C8FC1DDE7FC
 



#8 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 22 January 2014 - 01:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2014 01
Ran by Janusz Kozyra (administrator) on JANUSZ on 22-01-2014 12:53:49
Running from C:\Documents and Settings\Janusz Kozyra\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(America Online, Inc.) C:\Program Files\Common Files\AOL\ACS\acsd.exe
(Seagate Technology LLC) C:\Program Files\Maxtor\Sync\SyncServices.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Viewpoint Corporation) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Alcor Micro, Corp.) C:\Program Files\eMachines Bay  Reader\shwiconEM.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Mirek Wojtowicz) C:\Program Files\MWSnap\MWSnap.exe
(NETGEAR) C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunKistEM] - C:\Program Files\eMachines Bay  Reader\shwiconem.exe [135168 2004-03-12] (Alcor Micro, Corp.)
HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2780432 2009-05-08] ()
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] - C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2003-03-31] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2002-08-28] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2002-08-28] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2002-08-28] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2013-12-23] (AVAST Software)
HKLM\...\RunOnce: [20131224] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\c9b9c9ad-38eb-4228-8fe5-180d052cb4fc.exe /check [181136 2014-01-22] (AVAST Software)
Winlogon\Notify\crypt32chain: crypt32.dll [X]
Winlogon\Notify\cryptnet: cryptnet.dll [X]
Winlogon\Notify\cscdll: cscdll.dll [X]
Winlogon\Notify\igfxcui: igfxsrvc.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\Schedule: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: sclgntfy.dll [X]
Winlogon\Notify\SensLogn: WlNotify.dll [X]
Winlogon\Notify\termsrv: wlnotify.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
Winlogon\Notify\wlballoon: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Run: [MWSnap] - C:\Program Files\MWSnap\MWSnap.exe [427008 2002-07-06] (Mirek Wojtowicz)
HKCU\...\Run: [Nowe Gadu-Gadu] - C:\Program Files\Nowe Gadu-Gadu\gg.exe [11391592 2009-08-31] (GG Network S.A.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x01000000
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Task Manager.lnk
ShortcutTarget: Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1028665B7881C901
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
SearchScopes: HKCU - DefaultScope 2D3232E0C6E5432A969CA2B3AA7CAF2B URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - 2D3232E0C6E5432A969CA2B3AA7CAF2B URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Janusz Kozyra\Application Data\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -  No File
Toolbar: HKLM - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -  No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} http://www.drivershq.com/files/cab/nonmember/DriverDetective-nm.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab
DPF: {41ACD49D-1974-791A-0981-AA9872721044} http://67.15.101.33/g_bin/pl/boards_2_0_0_35.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} http://67.15.101.33/g_bin/pl/navy_2_0_0_29.cab
DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/ct.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam.kings.edu/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} http://67.15.101.33/g_bin/pl/soccer_2_0_0_20.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 216.144.187.101 216.144.187.199 204.186.80.251

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-10] (SUPERAntiSpyware.com)
R2 ACS; C:\WINDOWS\system32\acs.exe [467028 2008-06-27] (Atheros)
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\acsd.exe [1388648 2003-09-17] (America Online, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-23] (AVAST Software)
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-08-29] (NOS Microsystems Ltd.)
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [360547 2008-02-27] (Atheros Communications, Inc.)
R2 Maxtor Sync Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.)
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2003-03-31] (Microsoft Corporation)
R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [43672 2004-12-23] (Oak Technology Inc.)
R3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [391424 2003-12-12] (Sensaura Ltd)
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [601100 2004-01-10] (Realtek Semiconductor Corp.)
R2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16877 2002-07-17] (Adaptec)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2013-12-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2013-12-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2013-12-23] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-23] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R3 JSWSCIMD; C:\Windows\System32\DRIVERS\jswscimd.sys [57440 2008-10-01] (Atheros Communications, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2009-04-30] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
S3 mxnic; C:\Windows\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-09-10] ()
R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [40564 2004-03-23] (Alcor Micro Corp.)
S3 SunkFilt39; C:\WINDOWS\System32\Drivers\sunkfilt39.sys [42936 2004-03-23] (Alcor Micro Corp.)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-09-13] (TeamViewer GmbH)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2006-08-06] (EnTech Taiwan)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-11] (America Online, Inc.)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2.sys [458752 2009-01-14] (Atheros Communications, Inc.)
R3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [57408 2007-12-14] (Atheros Communications, Inc.)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [122110 2004-01-30] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [99002 2004-01-30] (Intel Corporation)
U3 abfqbhnl; C:\Windows\System32\Drivers\abfqbhnl.sys [0 ] (Microsoft Corporation)
S3 CA561; System32\Drivers\SPCA561.SYS [x]
U3 catchme; \??\C:\DOCUME~1\JANUSZ~1\LOCALS~1\Temp\catchme.sys [x]
S3 cdrmkaun; \??\C:\DOCUME~1\JANUSZ~1\LOCALS~1\Temp\cdrmkaun.sys [x]
S3 FilterService; system32\DRIVERS\lvuvcflt.sys [x]
S3 LMImirr; system32\DRIVERS\LMImirr.sys [x]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]
S3 MRVW245; system32\DRIVERS\MRVW245.sys [x]
S3 QCMerced; system32\DRIVERS\LVCM.sys [x]
S3 radpms; system32\DRIVERS\radpms.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 Sunkfiltp; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [x]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;
S3 usbbus; system32\DRIVERS\lgusbbus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
S3 vsdatant; System32\vsdatant.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-22 12:53 - 2014-01-22 12:54 - 00017939 _____ C:\Documents and Settings\Janusz Kozyra\Desktop\FRST.txt
2014-01-22 12:53 - 2014-01-22 12:53 - 00000000 ____D C:\FRST
2014-01-22 12:52 - 2014-01-22 12:52 - 01221632 _____ (Farbar) C:\Documents and Settings\Janusz Kozyra\Desktop\FRST.exe
2014-01-22 12:39 - 2014-01-22 12:39 - 00015090 _____ C:\ComboFix.txt
2014-01-22 11:22 - 2012-06-15 14:55 - 00000211 _____ C:\Boot.bak
2014-01-22 11:21 - 2014-01-22 11:22 - 00000000 _RSHD C:\cmdcons
2014-01-22 11:21 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-22 10:42 - 2014-01-22 12:39 - 00000000 ____D C:\Qoobox
2014-01-22 10:42 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-22 10:42 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-22 10:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-22 10:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-22 10:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-22 10:42 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-22 10:42 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-22 10:42 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-22 10:42 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-22 10:40 - 2014-01-22 10:40 - 05173757 ____R (Swearware) C:\Documents and Settings\Janusz Kozyra\Desktop\ComboFix.exe
2014-01-21 14:45 - 2014-01-21 14:45 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
2014-01-21 14:45 - 2014-01-21 14:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2014-01-14 15:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-14 15:20 - 2013-12-18 20:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-14 15:19 - 2014-01-14 15:19 - 00005203 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-14 15:19 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-14 15:19 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-14 15:19 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-14 15:14 - 2014-01-14 15:14 - 00016106 _____ C:\Documents and Settings\Janusz Kozyra\Desktop\dds.txt
2014-01-14 15:14 - 2014-01-14 15:14 - 00000915 _____ C:\Documents and Settings\Janusz Kozyra\Desktop\attach.txt
2014-01-14 15:10 - 2014-01-14 15:10 - 00688992 ____R (Swearware) C:\Documents and Settings\Janusz Kozyra\Desktop\dds.com
2014-01-14 13:21 - 2014-01-14 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 13:20 - 2014-01-14 13:22 - 00006271 _____ C:\WINDOWS\KB2914368.log
2014-01-08 23:27 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Janusz Kozyra\Desktop\TDSSKiller.exe
2014-01-07 22:39 - 2014-01-07 22:39 - 00000000 ____D C:\SUPERDelete

==================== One Month Modified Files and Folders =======

2014-01-22 12:54 - 2014-01-22 12:53 - 00017939 _____ C:\Documents and Settings\Janusz Kozyra\Desktop\FRST.txt
2014-01-22 12:53 - 2014-01-22 12:53 - 00000000 ____D C:\FRST
2014-01-22 12:52 - 2014-01-22 12:52 - 01221632 _____ (Farbar) C:\Documents and Settings\Janusz Kozyra\Desktop\FRST.exe
2014-01-22 12:52 - 2004-05-02 02:52 - 00000000 ____D C:\WINDOWS\system32\Restore
2014-01-22 12:40 - 2005-07-30 19:51 - 00000406 ____H C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_JANUSZ_Janusz Kozyra.job
2014-01-22 12:39 - 2014-01-22 12:39 - 00015090 _____ C:\ComboFix.txt
2014-01-22 12:39 - 2014-01-22 10:42 - 00000000 ____D C:\Qoobox
2014-01-22 12:39 - 2004-05-02 02:58 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-22 12:39 - 2004-05-01 12:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-22 12:33 - 2012-08-31 16:13 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-22 12:28 - 2004-05-01 12:39 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-22 12:24 - 2011-12-03 15:58 - 00000000 ____D C:\Documents and Settings\LogMeInRemoteUser.JANUSZ
2014-01-22 12:24 - 2010-09-18 18:43 - 00000000 ____D C:\Documents and Settings\Administrator
2014-01-22 12:24 - 2009-03-29 15:50 - 00000000 ____D C:\Documents and Settings\Test
2014-01-22 12:24 - 2007-02-24 21:21 - 00000000 ____D C:\Documents and Settings\Admin
2014-01-22 12:24 - 2004-08-22 19:33 - 00000000 ____D C:\Documents and Settings\Janusz Kozyra
2014-01-22 12:24 - 2004-05-01 19:43 - 00000000 ____D C:\WINDOWS\Help
2014-01-22 11:22 - 2014-01-22 11:21 - 00000000 _RSHD C:\cmdcons
2014-01-22 11:22 - 2004-05-02 02:40 - 00000328 __RSH C:\boot.ini
2014-01-22 10:53 - 2004-08-23 15:28 - 02008909 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-22 10:42 - 2009-05-16 10:41 - 00032442 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-22 10:40 - 2014-01-22 10:40 - 05173757 ____R (Swearware) C:\Documents and Settings\Janusz Kozyra\Desktop\ComboFix.exe
2014-01-22 10:34 - 2012-06-29 21:28 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-22 10:32 - 2007-07-28 19:21 - 00000000 ____D C:\Documents and Settings\Janusz Kozyra\Application Data\Skype
2014-01-22 10:28 - 2004-05-02 02:39 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-22 10:25 - 2004-05-01 05:48 - 00000157 _____ C:\WINDOWS\wiadebug.log
2014-01-22 10:24 - 2004-05-01 05:48 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-21 15:07 - 2010-06-06 17:09 - 00524288 _____ C:\WINDOWS\system32\config\ACS.evt
2014-01-21 14:59 - 2004-05-01 19:45 - 00215264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-21 14:58 - 2004-08-22 19:33 - 00000278 ___SH C:\Documents and Settings\Janusz Kozyra\ntuser.ini
2014-01-21 14:57 - 2008-05-14 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-01-21 14:54 - 2010-07-11 09:57 - 00460229 ____C C:\WINDOWS\setupapi.log
2014-01-21 14:52 - 2011-12-03 15:58 - 00000178 ___SH C:\Documents and Settings\LogMeInRemoteUser.JANUSZ\ntuser.ini
2014-01-21 14:45 - 2014-01-21 14:45 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
2014-01-21 14:45 - 2014-01-21 14:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2014-01-21 14:45 - 2010-09-18 18:36 - 00000000 ____D C:\Program Files\TeamViewer
2014-01-21 14:37 - 2012-09-02 14:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-21 14:36 - 2011-10-14 10:04 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-21 14:35 - 2004-08-25 17:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-21 14:17 - 2012-03-29 15:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-14 15:19 - 2014-01-14 15:19 - 00005203 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-14 15:19 - 2013-03-07 15:33 - 00000000 ____D C:\Program Files\Java
2014-01-14 15:14 - 2014-01-14 15:14 - 00016106 _____ C:\Documents and Settings\Janusz Kozyra\Desktop\dds.txt
2014-01-14 15:14 - 2014-01-14 15:14 - 00000915 _____ C:\Documents and Settings\Janusz Kozyra\Desktop\attach.txt
2014-01-14 15:10 - 2014-01-14 15:10 - 00688992 ____R (Swearware) C:\Documents and Settings\Janusz Kozyra\Desktop\dds.com
2014-01-14 13:27 - 2013-07-14 14:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-14 13:22 - 2014-01-14 13:20 - 00006271 _____ C:\WINDOWS\KB2914368.log
2014-01-14 13:22 - 2010-07-13 16:09 - 00492252 ____C C:\WINDOWS\tsoc.log
2014-01-14 13:22 - 2010-07-13 16:09 - 00426705 ____C C:\WINDOWS\comsetup.log
2014-01-14 13:22 - 2010-07-13 16:09 - 00259176 ____C C:\WINDOWS\ntdtcsetup.log
2014-01-14 13:22 - 2010-07-13 16:09 - 00205357 ____C C:\WINDOWS\iis6.log
2014-01-14 13:22 - 2010-07-13 16:09 - 00071263 ____C C:\WINDOWS\ocmsn.log
2014-01-14 13:22 - 2010-07-13 16:09 - 00064393 ____C C:\WINDOWS\msgsocm.log
2014-01-14 13:22 - 2010-07-13 16:09 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-14 13:22 - 2010-07-13 16:08 - 01282658 ____C C:\WINDOWS\FaxSetup.log
2014-01-14 13:22 - 2010-07-13 16:08 - 00617573 ____C C:\WINDOWS\ocgen.log
2014-01-14 13:22 - 2005-05-10 19:54 - 83425928 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-14 13:21 - 2014-01-14 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 11:09 - 2004-05-01 19:46 - 00608046 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-12 14:08 - 2010-02-09 11:59 - 00000000 ____D C:\Documents and Settings\Janusz Kozyra\Application Data\Nowe Gadu-Gadu
2014-01-07 22:39 - 2014-01-07 22:39 - 00000000 ____D C:\SUPERDelete
2014-01-07 22:39 - 2009-03-24 12:58 - 00000000 ____D C:\Documents and Settings\Janusz Kozyra\Local Settings\Application Data\The Weather Channel
2014-01-07 22:09 - 2010-09-10 17:21 - 00000000 ____D C:\Documents and Settings\Janusz Kozyra\Desktop\roset
2014-01-07 18:16 - 2009-10-14 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973525$
2013-12-23 18:56 - 2013-03-06 18:59 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-23 18:56 - 2013-03-06 18:59 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-23 18:56 - 2011-02-23 19:11 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-23 18:56 - 2010-07-08 17:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-23 18:56 - 2010-01-22 12:20 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-12-23 18:56 - 2009-07-19 12:57 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2013-12-23 18:56 - 2009-07-19 12:57 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-23 18:56 - 2009-07-19 12:57 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-12-23 18:56 - 2009-07-19 12:57 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#9 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 22 January 2014 - 01:06 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-01-2014 01
Ran by Janusz Kozyra at 2014-01-22 12:58:16
Running from C:\Documents and Settings\Janusz Kozyra\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (Version: 11 - Adobe Systems, Inc.)
AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 43.0.217.000 - Hewlett-Packard) Hidden
AOL Uninstaller (Choose which Products to Remove) (Version:  - )
AutoUpdate (Version: 1.1 - )
avast! Free Antivirus (Version: 9.0.2011 - Avast Software)
AXIS Media Control Embedded (Version:  - )
BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
CompuServe (Version:  - )
Copy (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (Version:  - Microsoft Corporation)
CueTour (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Destinations (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Director (Version: 43.1.5.000 - Hewlett-Packard) Hidden
DivX Codec (Version: 6.8.5 - DivX, Inc.)
DivX Converter (Version: 7.0.0 - DivX, Inc.)
DivX Player (Version: 6.8.2 - DivXNetworks, Inc.)
DivX Version Checker (Version: 7.1.0.2 - DivX, Inc.)
DivX Web Player (Version: 1.4.2 - DivX,Inc.)
DocProc (Version: 4.0.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 43.0.217.000 - Hewlett-Packard) Hidden
eMachines Bay Reader (Version: 1.07 - )
eMachines Bay Reader (Version: 1.07 - ) Hidden
Fax (Version: 43.0.217.000 - Hewlett-Packard) Hidden
GdiplusUpgrade (Version: 1.00.01 - Hewlett-Packard) Hidden
getPlus® for Adobe (Version: 1.5.2.29 - NOS Microsystems Ltd.)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1 - Microsoft Corporation)
HP Diagnostic Assistant (Version: 1.0.0.0 - Hewlett-Packard) Hidden
hpmdtab (Version: 2.0.479.1607 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
InstantShare (Version: 4.0.0.40 - Hewlett-Packard) Hidden
Intel® Extreme Graphics Driver (Version:  - )
Intel® PRO Network Adapters and Drivers (Version:  - )
ipla 2.4 (Version: 2.4 - Redefine Sp z o.o.)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90 - Sun Microsystems, Inc.)
Java 2 Runtime Environment, SE v1.4.2 (Version: 1.4.2 - Sun Microsystems, Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibreOffice 4.0.5.2 (Version: 4.0.5.2 - The Document Foundation)
Logitech Updater (Version: 1.70 - Logitech, Inc.)
Logitech Webcam Software (Version: 12.00.1280 - Logitech Inc.)
Logitech Webcam Software Driver Package (Version: 12.0.1278 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maxtor Manager (Version: 4.02.0303 - Seagate Technology)
Maxtor Manager (Version: 4.02.0303 - Seagate Technology) Hidden
Memories Disc Creator 2.0 (Version: 2.0.588.1728 - Memories Disc Creator 2.0)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (Version:  - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visio Viewer 2002 (Version: 10.2.4922 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (Version:  - )
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)
MWSnap 3 (Version: 3.0.0.74 - Mirek Wojtowicz)
neroxml (Version: 1.0.0 - Nero AG)
NirSoft BlueScreenView (Version:  - )
Nowe Gadu-Gadu (Version:  - GG Network S.A.)
Overland (Version: 2.1.5 - Hewlett-Packard) Hidden
overland (Version: 2.1.6.2 - HP) Hidden
PayPal Plug-In (Version: 2.2.3.0 - PayPal) Hidden
PhotoGallery (Version: 43.1.5.000 - Hewlett-Packard) Hidden
PlayReady PC Runtime x86 (Version: 1.3.0 - Microsoft Corporation)
PowerDVD (Version:  - )
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
ProductContext (Version: 43.0.217.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
RangeMax Wireless-N USB Adapter WN111v2 (Version: 3.0.0.3 - NETGEAR)
Readme (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Realtek AC'97 Audio (Version:  - )
Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (Version: 3.3.5.2 - Rosetta Stone Ltd.)
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
ScreenPrint32 v3.5 (Version:  - )
SkinsHP1 (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Soft Data Fax Modem with SmartCP (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (Version: 5.5.1012 - SUPERAntiSpyware.com)
System Requirements Lab (Version:  - )
TeamViewer 9 (Version: 9.0.24951 - TeamViewer)
TomTom HOME (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Unload (Version: 4.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB968220) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB969497) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971930) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Viewpoint Manager (Remove Only) (Version:  - )
Viewpoint Media Player (Version:  - )
WebEx Support Manager for Internet Explorer (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Windows Backup Utility (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061027.150806 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Media Connect (Version:  - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Movie Maker 2.0 (Version: 2.0.0000 - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.70 - Microsoft)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (Version:  - )
WN111v2 (Version: 3.0.0.3 - NETGEAR) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================

22-01-2014 17:52:45 System Checkpoint

==================== Hosts content: ==========================

2004-06-18 06:23 - 2014-01-22 12:28 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Rescue Reminder for 2HA205TW.job => C:\Program Files\Maxtor\ManagerApp\MaxUtilities.exe
Task: C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_JANUSZ_Janusz Kozyra.job => C:\WINDOWS\system32\mobsync.exe

==================== Loaded Modules (whitelisted) =============

2014-01-22 10:25 - 2014-01-21 17:40 - 02156032 _____ () C:\Program Files\Alwil Software\Avast5\defs\14012101\algo.dll
2003-05-30 18:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2003-05-30 18:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2002-12-12 09:14 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-10-15 14:46 - 2013-10-15 14:46 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2010-07-10 14:17 - 2006-12-03 13:53 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\system32\wbem:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\All Users:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Skype:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\IECompatCache:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\PrivacIE:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data\Macromedia:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data\Microsoft:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data\Skype:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data\skypePM:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Local Settings\History:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Local Settings\Temporary Internet Files:BZ-VIRTUAL-LINK

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2014 02:34:30 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 6.11.0.102, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x0000984e.
Processing media-specific event for [skype.exe!ws!]

Error: (11/09/2013 11:15:25 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/09/2013 11:15:22 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/09/2013 11:15:22 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/09/2013 11:15:21 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (11/09/2013 11:15:21 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (10/31/2013 03:29:50 PM) (Source: LogMeIn) (User: JANUSZ)
Description:

Error: (10/09/2013 02:24:34 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 6.7.0.102, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x0000984e.
Processing media-specific event for [skype.exe!ws!]

Error: (10/08/2013 09:01:43 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/11/2013 04:39:29 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

System errors:
=============
Error: (01/22/2014 00:17:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/22/2014 00:16:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/22/2014 11:55:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/22/2014 10:44:28 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/22/2014 10:41:58 AM) (Source: Service Control Manager) (User: )
Description: The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/14/2014 01:58:07 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A7533900-F2DC-4CD3-9B91-46009EC98E3B}.
The backup browser is stopping.

Error: (01/14/2014 11:02:21 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (01/09/2014 08:25:33 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2189A0DF-B289-4B8D-83FD-7972312C85D1}.
The backup browser is stopping.

Error: (01/08/2014 08:15:52 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2189A0DF-B289-4B8D-83FD-7972312C85D1}.
The backup browser is stopping.

Error: (01/07/2014 06:17:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Microsoft Office Sessions:
=========================
Error: (01/21/2014 02:34:30 PM) (Source: Application Error)(User: )
Description: skype.exe6.11.0.102kernel32.dll5.1.2600.62930000984e

Error: (11/09/2013 11:15:25 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/09/2013 11:15:22 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/09/2013 11:15:22 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/09/2013 11:15:21 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (11/09/2013 11:15:21 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/31/2013 03:29:50 PM) (Source: LogMeIn)(User: JANUSZ)
Description:

Error: (10/09/2013 02:24:34 PM) (Source: Application Error)(User: )
Description: skype.exe6.7.0.102kernel32.dll5.1.2600.62930000984e

Error: (10/08/2013 09:01:43 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/11/2013 04:39:29 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 1014.8 MB
Available physical RAM: 330.42 MB
Total Pagefile: 1677.04 MB
Available Pagefile: 1103.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:45.65 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 3972CD75)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:26 AM

Posted 22 January 2014 - 02:44 PM

Greetings,

Can you tell me if you have ever had Buffer Zone installed on your computer?

Please run this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -  No File
Toolbar: HKLM - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll No File [ ]
U3 abfqbhnl; C:\Windows\System32\Drivers\abfqbhnl.sys [0 ] (Microsoft Corporation)
C:\Windows\System32\Drivers\abfqbhnl.sys
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Buffer Zone?
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 22 January 2014 - 03:26 PM

No, I don't believe Buffer Zone was ever on this PC.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:26 AM

Posted 22 January 2014 - 03:28 PM

Does any of this make sense to you?

 

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\system32\wbem:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\All Users:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Skype:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\IECompatCache:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\PrivacIE:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data\Macromedia:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data\Microsoft:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data\Skype:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Application Data\skypePM:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Local Settings\History:BZ-VIRTUAL-LINK
AlternateDataStreams: C:\Documents and Settings\Janusz Kozyra\Local Settings\Temporary Internet Files:BZ-VIRTUAL-LINK

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 22 January 2014 - 03:30 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-01-2014 02
Ran by Janusz Kozyra at 2014-01-22 15:29:20 Run:1
Running from C:\Documents and Settings\Janusz Kozyra\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -  No File
Toolbar: HKLM - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll No File [ ]
U3 abfqbhnl; C:\Windows\System32\Drivers\abfqbhnl.sys [0 ] (Microsoft Corporation)
C:\Windows\System32\Drivers\abfqbhnl.sys
*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} => Key deleted successfully.
HKCR\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} => Value deleted successfully.
HKCR\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} => Value deleted successfully.
HKCR\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3} => Key not found.
HKCR\PROTOCOLS\Filter\application/octet-stream => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key deleted successfully.
HKCR\PROTOCOLS\Filter\application/x-complus => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-msdownload => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key deleted successfully.
abfqbhnl => Service not found.
"C:\Windows\System32\Drivers\abfqbhnl.sys" => File/Directory not found.

==== End of Fixlog ====



#14 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 22 January 2014 - 03:34 PM

PC seems normal (I'm going through TeamViewer) & that stuff seems okay except for the ends of those files.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:26 AM

Posted 22 January 2014 - 03:34 PM

Looks like we were posting at the same time.  Please don't miss Post #12.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users