Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Programs and Browsers are Infected


  • This topic is locked This topic is locked
1 reply to this topic

#1 markgar

markgar

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 24 January 2014 - 06:24 PM

I'm running Windows XP Professional 64-bit, Version 2003 w/ SP2.
 
Last weekend programs accessing the internet would not run and my Chrome browser would 
only work with about half the URLs, the others gave an Aw Snap screen and would not 
load. I tried IE and these "bad" URLs ran fine. After a reboot of the system, IE will 
no longer run. It opens a screen and immediately hangs (Task Mgr. shows Not 
Responding). 
 
On Wed. and again on Thurs. my DSL line lost internet capability for several hours. 
Internet service resumed later each day. I have taken the problem system off-line and 
no Internet service issues have been seen today.
 
I'm using a 32 bit computer to write this message. I've had to download the scanners 
here and copy them to the infected system to run logs. When I tried to run DDS, it told 
me it did not support an XP 64 bit environment, co I couldn't run it. I also ran 
Security Check and FRST scanners. The log files from these scans are attached below.
 
Thanks in advance for any help or insight you may be able to provide.
 
Mark
 

Results of screen317's Security Check version 0.99.79  
 Windows XP  x64   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
avast! Antivirus                  
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 31.0.1650.63  
 Google Chrome 32.0.1700.76  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014 02
Ran by Administrator (administrator) on WORKSTN on 24-01-2014 15:14:41
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft ActiveSync\rapimgr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.exe
() C:\WINDOWS\SMINST\Scheduler.exe
() C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\WINDOWS\system32\alg.exe
(magicJack L.P.) C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15930880 2008-09-11] (NVIDIA Corporation)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [18084864 2009-01-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\WINDOWS\SkyTel.EXE [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [77824 2008-08-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] - C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [320024 2009-02-06] (PDF Complete Inc)
HKLM-x32\...\Run: [Recguard] - C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] ()
HKLM-x32\...\Run: [Scheduler] - C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM-x32\...\Run: [Control Center] - C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe [2482688 2007-12-18] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-12-19] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2486296 2014-01-06] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Winlogon: [UIHost] C:\Windows\system32\logonui.exe [662016 2007-02-18] ( (Microsoft Corporation))
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKCU\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1681920 2007-02-18] (Microsoft Corporation)
HKCU\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKCU\...\Run: [cdloader] - C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [H/PC Connection Agent] - C:\Program Files (x86)\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
MountPoints2: {61aa0854-6687-11e2-b061-00237d1ba17f} - J:\autorun.exe
MountPoints2: {6e2d2c4e-1aac-11e2-ac39-00237d1ba17f} - F:\TL_Bootstrap.exe
MountPoints2: {81dd18a6-3d5e-11df-851f-00237d1ba17f} - G:\LaunchU3.exe -a
MountPoints2: {b5c6d5fa-6da6-11e1-9def-00237d1ba17f} - F:\TL_Bootstrap.exe
HKU\Default User\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmws
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5D920AB9-798E-41F0-8C82-B95439D141AA}&mid=1f9894b85bb147d3a909d16a3bff488c-faa6d6e156a334bf8c93679273adf78dbf92812d&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2013-12-15 13:03:27&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Fast Search - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/T27L10NSP21/event/ieatgpc.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [388608 2009-05-25] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492544] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
==================== Services (Whitelisted) =================
 
R2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)
R3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2007-02-18] (Microsoft Corporation)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [176193 2005-12-12] (American Power Conversion Corporation)
R2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-12-19] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Browser; C:\Windows\SysWOW64\browser.dll [78336 2012-06-29] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
S4 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29262680 2009-05-27] (Microsoft Corporation)
S4 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S4 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\Windows\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\Windows\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S4 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [164352 2008-09-11] (NVIDIA Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [623640 2009-02-06] (PDF Complete Inc)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\SysWOW64\locator.exe [71680 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-06] (AVG Secure Search)
S4 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog;  [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 MaxBackServiceInt; "C:\Program Files (x86)\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [x]
S3 WinHttpAutoProxySvc; winhttp.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
S4 Abiosdsk; No ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; C:\Windows\system32\DRIVERS\adpu160m.sys [160256 2005-03-24] (Microsoft Corporation)
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; C:\Windows\system32\DRIVERS\aic78u2.sys [117248 2005-03-24] (Microsoft Corporation)
S4 aic78xx; C:\Windows\system32\DRIVERS\aic78xx.sys [120832 2005-03-24] (Microsoft Corporation)
S3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [51712 2007-02-18] (Advanced Micro Devices)
S3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-12-19] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-12-19] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-12-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-12-19] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-12-19] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-12-19] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-12-19] ()
S4 Atdisk; No ImagePath
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2013-12-15] (AVG Technologies)
R3 b57nd; C:\Windows\System32\DRIVERS\b57amd64.sys [262144 2007-09-17] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basamd64.sys [132096 2007-09-11] (Broadcom Corporation)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; No ImagePath
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; C:\Windows\system32\DRIVERS\dpti2o.sys [35328 2005-03-24] (Adaptec, Inc.)
S3 E1000; C:\Windows\System32\DRIVERS\e1G5132e.sys [232960 2005-03-24] (Intel Corporation)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-16] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [187392 2009-02-26] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [48640 2009-02-26] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [50688 2009-02-26] (HP)
S1 i2omgmt; No ImagePath
S1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [5092864 2009-01-13] (Realtek Semiconductor Corp.)
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
S3 KUSBusByTCP; C:\Windows\SysWow64\Drivers\KUSBusByTCP.sys [124952 2008-01-10] (Windows ® Codename Longhorn DDK provider)
R3 KUSBusByTCPMasterBus; C:\Windows\SysWow64\Drivers\KUSBusByTCPMasterBus.sys [73752 2008-01-10] (Windows ® Codename Longhorn DDK provider)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [8044032 2008-09-11] (NVIDIA Corporation)
S3 NVENET; C:\Windows\System32\DRIVERS\NVENET.sys [185344 2005-03-24] (NVIDIA Corporation)
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
S4 Simbad; No ImagePath
R3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [84992 2005-03-24] (LSI Logic)
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; C:\Windows\system32\DRIVERS\toside.sys [8704 2005-03-24] (Microsoft Corporation)
S4 ultra; C:\Windows\system32\DRIVERS\ultra.sys [38912 2005-03-24] (Promise Technology, Inc.)
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-29] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-04-13] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-04-13] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-04-13] (LG Electronics Inc.)
S4 ViaIde; C:\Windows\system32\DRIVERS\viaide.sys [8704 2005-03-24] (Microsoft Corporation)
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
U4 ParVdm; 
S2 sbapifs; system32\drivers\sbapifs.sys [x]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File.
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
2014-01-24 15:14 - 2014-01-24 15:14 - 00034075 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-01-24 15:14 - 2014-01-24 15:14 - 00000000 ____D C:\FRST
2014-01-23 17:35 - 2014-01-23 17:35 - 02077696 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2014-01-23 16:36 - 2014-01-23 16:36 - 00987425 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2014-01-23 16:35 - 2014-01-23 16:35 - 00688992 _____ (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-01-22 16:24 - 2014-01-22 16:24 - 00011794 _____ C:\hijackthis.log
2014-01-22 16:00 - 2012-06-05 02:37 - 00256904 _____ (Trend Micro Inc.) C:\WINDOWS\SysWOW64\Drivers\tmcomm.sys
2014-01-22 11:55 - 2014-01-22 11:55 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-01-22 11:33 - 2014-01-22 11:33 - 00000767 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-01-22 11:33 - 2014-01-22 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-01-22 11:33 - 2014-01-22 11:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-01-22 11:32 - 2014-01-22 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-22 11:32 - 2014-01-22 11:32 - 00000000 ___HD C:\$AVG
2014-01-22 11:30 - 2014-01-22 11:30 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-22 11:15 - 2014-01-24 09:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-21 17:38 - 2014-01-21 17:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2014-01-21 16:07 - 2014-01-23 17:07 - 00000412 _____ C:\WINDOWS\Tasks\RegInOut on user logon - Administrator.job
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Program Files (x86)\RegInOut System Utilities
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RegInOut System Utilities
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RegInOut
2014-01-15 03:04 - 2014-01-15 03:04 - 00004578 _____ C:\WINDOWS\KB2914368.log
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-11 12:53 - 2014-01-23 17:04 - 00001083 _____ C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
2014-01-06 01:39 - 2014-01-06 01:39 - 00000000 ____D C:\WINDOWS\SysWOW64\cache
 
==================== One Month Modified Files and Folders =======
 
2014-01-24 15:14 - 2014-01-24 15:14 - 00034075 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-01-24 15:14 - 2014-01-24 15:14 - 00000000 ____D C:\FRST
2014-01-24 15:12 - 2012-09-23 09:37 - 00000262 _____ C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-01-24 14:52 - 2009-10-25 16:35 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 14:42 - 2011-04-25 15:11 - 00000490 _____ C:\WINDOWS\Tasks\Ad-Aware Scan (bob).job
2014-01-24 14:26 - 2012-11-30 13:56 - 00000314 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2866814949-2479978904-1420319158-500.job
2014-01-24 13:07 - 2011-04-25 15:11 - 00000496 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
2014-01-24 12:23 - 2009-11-23 17:06 - 00002497 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Word (2).lnk
2014-01-24 11:48 - 2011-05-06 10:56 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Investing
2014-01-24 11:12 - 2007-03-14 11:19 - 00032514 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2014-01-24 10:25 - 2011-04-29 08:10 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Simple Sudoku
2014-01-24 09:48 - 2014-01-22 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-24 09:05 - 2013-01-11 10:29 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-24 07:07 - 2011-04-25 15:11 - 00000496 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
2014-01-24 01:07 - 2011-04-25 15:11 - 00000496 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
2014-01-24 00:04 - 2009-06-03 17:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PDFC
2014-01-23 21:41 - 2009-06-03 17:01 - 01137621 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 19:52 - 2009-10-25 16:35 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-23 19:07 - 2011-04-25 15:11 - 00000496 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
2014-01-23 17:35 - 2014-01-23 17:35 - 02077696 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2014-01-23 17:07 - 2014-01-21 16:07 - 00000412 _____ C:\WINDOWS\Tasks\RegInOut on user logon - Administrator.job
2014-01-23 17:05 - 2013-01-25 14:17 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\mjusbsp
2014-01-23 17:04 - 2014-01-11 12:53 - 00001083 _____ C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
2014-01-23 17:04 - 2013-01-24 16:41 - 00001089 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\magicJack.lnk
2014-01-23 17:01 - 2012-11-30 13:56 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2866814949-2479978904-1420319158-500.job
2014-01-23 17:01 - 2010-08-24 11:17 - 00000000 _____ C:\WINDOWS\0.log
2014-01-23 17:01 - 2009-06-03 17:14 - 00000000 ____D C:\WINDOWS\SMINST
2014-01-23 17:01 - 2008-09-11 03:48 - 00195261 _____ C:\WINDOWS\system32\nvapps.xml
2014-01-23 17:01 - 2007-03-14 11:19 - 00000159 _____ C:\Documents and Settings\LocalService\wiadebug.log
2014-01-23 17:01 - 2007-03-14 11:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-23 16:36 - 2014-01-23 16:36 - 00987425 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2014-01-23 16:35 - 2014-01-23 16:35 - 00688992 _____ (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-01-23 12:46 - 2013-04-13 08:32 - 00000000 ____D C:\Documents and Settings\Administrator\.thinkorswim
2014-01-23 12:46 - 2009-10-19 11:31 - 00000000 ____D C:\Program Files (x86)\thinkTDA
2014-01-22 16:24 - 2014-01-22 16:24 - 00011794 _____ C:\hijackthis.log
2014-01-22 16:14 - 2012-05-21 17:14 - 00000000 ____D C:\Download
2014-01-22 15:17 - 2009-06-03 16:00 - 00000000 ____D C:\Documents and Settings\Administrator
2014-01-22 15:17 - 2007-03-14 11:19 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2014-01-22 13:06 - 2009-07-06 15:27 - 00001822 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
2014-01-22 13:06 - 2007-03-14 10:53 - 00001595 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-01-22 13:06 - 2007-03-14 10:50 - 00000804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2014-01-22 12:04 - 2010-08-24 11:17 - 00084524 _____ C:\WINDOWS\PFRO.log
2014-01-22 11:55 - 2014-01-22 11:55 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-01-22 11:34 - 2014-01-22 11:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-22 11:33 - 2014-01-22 11:33 - 00000767 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-01-22 11:33 - 2014-01-22 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-01-22 11:33 - 2014-01-22 11:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-01-22 11:33 - 2010-09-15 17:44 - 00850441 _____ C:\WINDOWS\setupapi.log
2014-01-22 11:32 - 2014-01-22 11:32 - 00000000 ___HD C:\$AVG
2014-01-22 11:30 - 2014-01-22 11:30 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-22 10:41 - 2009-11-23 17:06 - 00002495 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Excel.lnk
2014-01-21 17:39 - 2009-07-05 08:56 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2014-01-21 17:38 - 2014-01-21 17:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Program Files (x86)\RegInOut System Utilities
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RegInOut System Utilities
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RegInOut
2014-01-21 14:03 - 2007-03-14 11:06 - 00772428 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-21 14:02 - 2009-06-03 17:03 - 00759850 ____C C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-21 14:02 - 2009-06-03 16:00 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
2014-01-21 14:02 - 2009-06-03 16:00 - 00000000 ____D C:\WINDOWS\Registration
2014-01-21 13:55 - 2010-09-15 17:44 - 00729036 ____C C:\WINDOWS\FaxSetup.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00435644 ____C C:\WINDOWS\msmqinst.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00313196 ____C C:\WINDOWS\tsoc.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00268650 ____C C:\WINDOWS\comsetup.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00238370 ____C C:\WINDOWS\ocgen.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00224118 ____C C:\WINDOWS\iis6.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00172729 ____C C:\WINDOWS\ntdtcsetup.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00049350 ____C C:\WINDOWS\ocmsn.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00044092 ____C C:\WINDOWS\msgsocm.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00002436 _____ C:\WINDOWS\imsins.log
2014-01-18 10:41 - 2012-11-30 14:37 - 00000296 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-17 01:02 - 2009-11-28 12:11 - 00000664 _____ C:\WINDOWS\SysWOW64\d3d9caps.dat
2014-01-15 10:22 - 2013-07-30 16:15 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-15 03:04 - 2014-01-15 03:04 - 00004578 _____ C:\WINDOWS\KB2914368.log
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-15 03:04 - 2010-09-15 17:44 - 00000970 _____ C:\WINDOWS\imsins.BAK
2014-01-15 03:03 - 2013-08-15 02:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 03:00 - 2009-07-05 09:11 - 86054176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-06 01:39 - 2014-01-06 01:39 - 00000000 ____D C:\WINDOWS\SysWOW64\cache
2014-01-06 01:38 - 2013-12-15 13:03 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-03 09:04 - 2010-08-17 11:08 - 00000000 ____C C:\WINDOWS\SysWOW64\config.nt
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0944128 ____A (Microsoft Corporation) 901C7E44D11C00CA9D48BA1A866FDC4B
 
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 1364480 ____A (Microsoft Corporation) AE7A08C05F72A9242734C03230A5CD7F
 
C:\Windows\SysWOW64\explorer.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344
 
C:\Windows\System32\svchost.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9
 
C:\Windows\SysWOW64\svchost.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0014848 ___AC (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682
 
C:\Windows\System32\services.exe
[2007-02-18 00:00] - [2009-03-19 18:51] - 0227840 ____A (Microsoft Corporation) 1E07EE3F50DFF2FE9B0A9D196E82698F
 
C:\Windows\System32\User32.dll
[2007-03-02 00:54] - [2007-03-02 00:54] - 1086464 ____A (Microsoft Corporation) C34683231AA9162B2106CA149B729D38
 
C:\Windows\SysWOW64\User32.dll
[2007-03-02 00:54] - [2007-03-02 00:54] - 0602624 ____A (Microsoft Corporation) 8BE4E29DA25073BF7894E2A61C9525DE
 
C:\Windows\System32\userinit.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9
 
C:\Windows\SysWOW64\userinit.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5
 
C:\Windows\System32\rpcss.dll
[2009-03-19 18:51] - [2009-03-19 18:51] - 0845312 ____A (Microsoft Corporation) A6130365606F3D6332B014FC3DA931AA
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2007-02-18 00:00] - [2012-08-23 00:44] - 0288768 ____A (Microsoft Corporation) 941D45C8A14B2B1E8A57D0EEF6A98AEB
 
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
 
==================== End Of Log ============================
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2014 02
Ran by Administrator at 2014-01-24 15:15:23
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
6500_E709 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Connect Add-in (HKCU Version:  - )
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon Kindle (x32 Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
APC PowerChute Personal Edition (x32 Version: 2.0 - American Power Conversion Corporation)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (x32 Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU Version: 1.2.2.23821 - Ask.com) <==== ATTENTION
avast! Free Antivirus (x32 Version: 8.0.1504.0 - AVAST Software)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG SafeGuard toolbar (x32 Version: 17.3.0.49 - AVG Technologies)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Management Programs (Version: 10.55.08 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Magazines Crosswords (x32 Version:  - )
Fast Search (x32 Version: 3.3.8 - Surf Canyon)
File Opener Pro (x32 Version:  - FileOpenerPro) <==== ATTENTION
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (x32 Version: 9.3.4053 - Microsoft Corporation)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Backup and Recovery Manager (x32 Version: 2.5C - Hewlett-Packard Company)
HP Officejet 6500 E709 Series (Version: 12.0 - HP)
HP Performance Tuning Framework (x32 Version: 2.28.3117 - Hewlett-Packard)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (x32 Version: 7.0.0 - )
LG USB Modem Drivers (x32 Version: 4.9.7 - LG Electronics)
magicJack (HKCU Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 1.1 (x32 Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (x32 Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32 Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft ActiveSync (x32 Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows x64 (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (x32 Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (x32 Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (x32 Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB2758696) (Version: 6.20.2016.0 - Microsoft Corporation)
Network64 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (x32 Version:  - )
NVIDIA Drivers (Version:  - )
PDF Complete (x32 Version: 3.5.85 - PDF Complete, Inc.)
QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 5.10.0.5776 - Realtek Semiconductor Corp.)
RegInOut System Utilities (x32 Version: 4.0 - SORCIM Technologies Pvt Ltd)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Simple Sudoku 4.2 (x32 Version:  - )
StreetSmart Pro (x32 Version: 4.22 - )
thinkorswim (x32 Version: desktop - thinkorswim, Inc)
thinkorswim from TD AMERITRADE (x32 Version:  - TD AMERITRADE, Inc.)
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TRENDnet USB MFP Server Control Center (x32 Version: 2.33 - TRENDnet)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2661254) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2748349) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (Version: 5 - Microsoft Corporation)
Update for Windows XP (KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB977165) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebEx (x32 Version:  - Cisco WebEx LLC)
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140744 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
22-01-2014 16:35:19 Installed AVG 2014
22-01-2014 18:23:21 System Checkpoint
23-01-2014 18:41:57 System Checkpoint
 
==================== Hosts content: ==========================
 
2007-02-18 00:00 - 2011-04-27 15:17 - 00325647 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Ad-Aware Scan (bob).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2866814949-2479978904-1420319158-500.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2866814949-2479978904-1420319158-500.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RegInOut on user logon - Administrator.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files (x86)\Ask.com\UpdateTask.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-23 16:46 - 2014-01-23 13:55 - 02258432 _____ () C:\Program Files\AVAST Software\Avast\defs\14012301\algo.dll
2014-01-06 01:38 - 2014-01-06 01:38 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2007-02-18 00:00 - 2007-02-18 00:00 - 00061440 _____ () C:\WINDOWS\SysWOW64\devenum.dll
2007-02-18 00:00 - 2007-02-18 00:00 - 00023040 ____C () C:\WINDOWS\system32\msdmo.dll
2014-01-16 14:57 - 2014-01-11 05:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-16 14:57 - 2014-01-11 05:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-16 14:57 - 2014-01-11 05:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2014 03:14:03 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 00:23:16 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:54:12 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:51:15 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:38:20 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:36:28 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:04:31 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:02:18 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:01:14 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 10:51:15 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
 
System errors:
=============
Error: (01/23/2014 07:52:00 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (01/23/2014 07:52:00 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (01/23/2014 07:52:00 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (01/23/2014 05:03:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE
 
Error: (01/23/2014 05:03:23 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (01/23/2014 05:03:23 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
 
Error: (01/23/2014 05:03:23 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
 
Error: (01/23/2014 05:03:23 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (01/23/2014 05:01:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/23/2014 05:01:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 24%
Total physical RAM: 8175.03 MB
Available physical RAM: 6191.98 MB
Total Pagefile: 9781.06 MB
Available Pagefile: 7857.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:62.51 GB) (Free:6.64 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12 GB) (Free:8.93 GB) NTFS
Drive g: () (Removable) (Total:1.88 GB) (Free:1.32 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: BF9BBF9B)
Partition 1: (Active) - (Size=63 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0B)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:21 PM

Posted 24 January 2014 - 06:48 PM

Please do not continue to post duplicate logs.

I have sent you a Private Message, explaining why I have deleted the multiple duplicates, which you have not read yet. Please do so.

Please be patient you will get a reply to your original log here: http://www.bleepingcomputer.com/forums/t/521982/all-internet-programs-browsers-are-infected/

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users