Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VIRUS hit on Windows XP machine- HELP!!!


  • This topic is locked This topic is locked
43 replies to this topic

#1 stonemanjr

stonemanjr

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 21 February 2014 - 02:48 PM

We have had no issues whatsoever on this machine, running Avira and Spybot. Just yesterday a screen flashed with that FBI lock out window but we quickly closed the window and it did not reappear. We ran Malwarebytes and it found 3 entries and removed. However, today, openign any program is difficult, it will delay or stutter then all of a sudden 4-5 programs will open. Mozilla firefox will sometimes open, sometimes will not, other times there is a "stuck-delay" HELP!!!

Edited by Queen-Evie, 21 February 2014 - 03:00 PM.
moved from Windows XP to the appropriate forum


BC AdBot (Login to Remove)

 


#2 windummy

windummy

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 PM

Posted 21 February 2014 - 04:24 PM

We have had no issues whatsoever on this machine, running Avira and Spybot. Just yesterday a screen flashed with that FBI lock out window but we quickly closed the window and it did not reappear. We ran Malwarebytes and it found 3 entries and removed. However, today, openign any program is difficult, it will delay or stutter then all of a sudden 4-5 programs will open. Mozilla firefox will sometimes open, sometimes will not, other times there is a "stuck-delay" HELP!!!

 

@ stonemanjr:

 

 

Regarding your fake F.B.I. browser scare.
Here are solutions that work:

 

https://www.google.com/search?q=your+browser+has+been+locked.+All+activities+have+been+recorded%2F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

 

Also:

 

http://www.bleepingcomputer.com/download/adwcleaner/

.

 

I also recommend BC's ComboFix. However, it's best you discuss that prog with one of our qualified moderators first. After that, let them advise you a/o offer the link after their instructions to you about using it correctly on your own.

 

Good luck!

 

Re,

 

/MH~



#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:51 PM

Posted 21 February 2014 - 06:53 PM

Hello stonemanjr, and welcome! :)
 

I also recommend BC's ComboFix. However, it's best you discuss that prog with one of our qualified moderators first. After that, let them advise you a/o offer the link after their instructions to you about using it correctly on your own.

I'd like to point out that Combofix is not "BC's". Although we do host a download mirror here at BC, the tool is a creation of sUBs and we don't recommend using it without the assistance of a trained helper. With that said, if and when the time comes we should implore the use of Combofix, I will provide you with the proper instructions. :wink:

If you have already run Combofix, please stop here and let me know!

==========

Step :step1:
 
First, since you've run Malwarebytes (aka MBAM), please copy and paste the contents of the log in your next reply so we can see what was detected and/or removed.

==========

Step :step2:
 
As windummy suggested above, please run AdwCleaner next with the below instructions:

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
==========

Please copy and paste both requested logs for me in your next reply, and we'll go from there! :)

bloopie

#4 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 21 February 2014 - 09:20 PM

Thanks alot guys! we're on it. Will post results tomorrow AM. :bananas:



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:51 PM

Posted 21 February 2014 - 10:42 PM

No problem, post when you can. :thumbup2:



#6 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 February 2014 - 04:31 PM

# AdwCleaner v3.019 - Report created 22/02/2014 at 16:28:53
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : owner - A-AC6ECF08BE344
# Running from : C:\Documents and Settings\owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Documents and Settings\owner\Application Data\DSite
File Deleted : C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1557 octets] - [22/02/2014 16:27:25]
AdwCleaner[S0].txt - [1498 octets] - [22/02/2014 16:28:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1558 octets] ##########
 



#7 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 February 2014 - 04:33 PM

Im looking for MBAM log. May have to run again to create a log.I also tan a HIjackThis scan early on. I know you all didnt ask for but here it is for whats worth:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:32:03 PM, on 2/22/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DuckLink\DuckCapture\DuckCapture.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R3 - Default URLSearchHook is missing
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DuckCapture] "C:\Program Files\DuckLink\DuckCapture\DuckCapture.exe" /autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1371580026762
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

--
End of file - 6209 bytes
 



#8 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 February 2014 - 04:38 PM

Second Run and Reboot:

 

# AdwCleaner v3.019 - Report created 22/02/2014 at 16:34:53
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : owner - A-AC6ECF08BE344
# Running from : C:\Documents and Settings\owner\My Documents\Utility\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1557 octets] - [22/02/2014 16:27:25]
AdwCleaner[R1].txt - [945 octets] - [22/02/2014 16:34:02]
AdwCleaner[S0].txt - [1638 octets] - [22/02/2014 16:28:53]
AdwCleaner[S1].txt - [867 octets] - [22/02/2014 16:34:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [926 octets] ##########
 



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:51 PM

Posted 22 February 2014 - 04:43 PM

Hello again,

 

I just want to let you know that I have moved this topic to the Malware Removal Logs forum (due to the HJT log) where it will stay. Now that it's moved here, I will be your sole helper on this issue.

 

==========

 

I'm going to look over you log now, but please take care in reading my instructions very carefully! I didn't ask for AdwCleaner to Clean anything, I only asked for the scan log. You ran it twice, which I also did not ask for.

 

So please follow my instructions carefully...we don't want to ruin your machine!

 

Give me some time to look over your log, and I'll be back with the next instructions. In the meantime...please let me know how the machine is running now...any changes since running AdwCleaner?

 

bloopie



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:51 PM

Posted 22 February 2014 - 04:54 PM

Hello again,
 
Okay, your MBAM log can be found by opening the program and clicking the "Logs" tab at the top. Then find the log with the detections corresponding to the date/time the scan was run. You do not need to scan it again. :wink:
 
==========

 

Multiple AV's Warning!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Avira.

==========
 
After doing the above and posting that log, I'd like to get two more logs so we can get a deeper look into the system:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

==========

In your next reply, please include:

  • The MBAM log
  • The FRST.txt
  • The Addition.txt
  • Please let me know how the machine is running now!

bloopie


Edited by bloopie, 22 February 2014 - 05:16 PM.
Added Multiple AV's Warning


#11 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 February 2014 - 07:16 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.20.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
owner :: A-AC6ECF08BE344 [administrator]

2/22/2014 4:37:29 PM
mbam-log-2014-02-22 (16-37-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238582
Time elapsed: 41 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{AB91BA08-B923-481D-B745-F2BD83094A44}\RP330\A0020782.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.

(end)
 



#12 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 February 2014 - 07:18 PM

Ist run MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.20.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
owner :: A-AC6ECF08BE344 [administrator]

2/20/2014 12:47:19 AM
mbam-log-2014-02-20 (00-47-19).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238191
Time elapsed: 39 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\owner\My Documents\Downloads\Setup(1).exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\My Documents\Downloads\Setup.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.

(end)
 



#13 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 February 2014 - 07:20 PM

OK sorry re Adwcleaner. I thought that meant run it and clean then post log. Yes, it is now opening Firefox and files/programs better wihtout the delay. Seems to be doing better- we might be in clear?



#14 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 February 2014 - 07:26 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01
Ran by owner (administrator) on A-AC6ECF08BE344 on 22-02-2014 19:23:35
Running from C:\Documents and Settings\owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(DuckLink Software) C:\Program Files\DuckLink\DuckCapture\DuckCapture.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Free Internet Window Washer\Clearpch.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-12-11] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-17] (Analog Devices, Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Run: [DuckCapture] - C:\Program Files\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\MountPoints2: {0b49ef30-f333-11e2-9e37-0025b3c80b64} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\MountPoints2: {8744c3f9-82a1-11e2-acef-f2c90b3cd073} - E:\sources\sperr32.exe x64
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\MountPoints2: {b673f619-ca19-11e2-9e29-0025b3c80b64} - "E:\WD Drive Unlock.exe" autoplay=true

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x32D972AAFF61CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368732929304
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\Extensions\firefox1@myibay.com.xpi [2013-05-18]
FF Extension: Public Fox - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi [2013-05-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
U0 hsahlsy; C:\WINDOWS\System32\drivers\aymvxrvl.sys [54016 2014-02-22] ()
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-05-16] (Avira GmbH)
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================



#15 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 22 February 2014 - 07:31 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2014 01
Ran by owner at 2014-02-22 19:28:49
Running from C:\Documents and Settings\owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 2.5 - Auslogics Software Pty Ltd)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.2.286 - Avira)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
DuckCapture Standard 2.7 (HKLM\...\DuckCapture_is1) (Version: 2.7 - DuckLink)
Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Free Internet Window Washer (HKLM\...\Free Internet Window Washer) (Version:  - )
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections 15.2.89.2 (HKLM\...\{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}) (Version: 15.2.89.2 - Intel)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Longbow (HKLM\...\InstallShield_{EF08AF39-BE53-4308-A97C-0327C0F5AA23}) (Version: 1.00.0000 - Activision Value)
Longbow (Version: 1.00.0000 - Activision Value) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-GB)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (HKLM\...\Musicnotes Player_is1) (Version: 1.32.2 - Musicnotes Inc.)
MWSnap 3 (HKLM\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5880 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Wise Folder Hider 1.35 (HKLM\...\Wise Folder Hider_is1) (Version: 1.35 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.93 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.93 - WiseCleaner.com, Inc.)
YTD Video Downloader 4.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.3 - GreenTree Applications SRL)

==================== Restore Points  =========================

18-12-2013 03:56:20 Software Distribution Service 3.0
18-12-2013 13:49:09 Software Distribution Service 3.0
18-12-2013 17:13:01 Installed Windows Media Player 11
18-12-2013 17:14:35 Software Distribution Service 3.0
19-12-2013 18:27:27 Software Distribution Service 3.0
19-12-2013 18:37:41 Software Distribution Service 3.0
20-12-2013 17:32:54 Software Distribution Service 3.0
20-12-2013 19:05:27 Software Distribution Service 3.0
23-12-2013 13:43:15 Software Distribution Service 3.0
24-12-2013 15:18:02 Software Distribution Service 3.0
26-12-2013 15:29:03 Software Distribution Service 3.0
29-12-2013 16:27:59 Software Distribution Service 3.0
30-12-2013 18:40:22 Software Distribution Service 3.0
31-12-2013 03:51:49 Revo Uninstaller's restore point - Malwarebytes Anti-Exploit version 0.09.4.2000
31-12-2013 04:00:56 Revo Uninstaller's restore point - Malwarebytes Anti-Exploit version 0.09.4.2000
31-12-2013 19:01:24 Software Distribution Service 3.0
01-01-2014 19:51:11 Software Distribution Service 3.0
02-01-2014 20:01:50 System Checkpoint
02-01-2014 22:53:33 Software Distribution Service 3.0
04-01-2014 04:24:51 Software Distribution Service 3.0
05-01-2014 15:50:03 Software Distribution Service 3.0
06-01-2014 15:55:56 System Checkpoint
06-01-2014 19:03:02 Software Distribution Service 3.0
07-01-2014 19:16:32 Software Distribution Service 3.0
08-01-2014 19:59:20 Software Distribution Service 3.0
09-01-2014 21:52:34 Software Distribution Service 3.0
10-01-2014 22:42:14 System Checkpoint
11-01-2014 15:02:27 Software Distribution Service 3.0
12-01-2014 15:58:52 Software Distribution Service 3.0
13-01-2014 17:20:08 Software Distribution Service 3.0
14-01-2014 17:48:09 Software Distribution Service 3.0
15-01-2014 16:47:40 Software Distribution Service 3.0
15-01-2014 21:55:02 Software Distribution Service 3.0
16-01-2014 15:58:57 Software Distribution Service 3.0
17-01-2014 13:23:34 Software Distribution Service 3.0
18-01-2014 14:20:48 Software Distribution Service 3.0
20-01-2014 00:01:33 Software Distribution Service 3.0
22-01-2014 01:54:36 Software Distribution Service 3.0
23-01-2014 14:40:22 System Checkpoint
23-01-2014 19:28:22 Software Distribution Service 3.0
23-01-2014 21:36:27 Installed Java 7 Update 51
25-01-2014 01:52:41 Software Distribution Service 3.0
27-01-2014 13:49:54 Software Distribution Service 3.0
28-01-2014 13:53:36 Software Distribution Service 3.0
29-01-2014 17:14:29 Software Distribution Service 3.0
30-01-2014 19:57:49 Software Distribution Service 3.0
31-01-2014 20:02:29 System Checkpoint
01-02-2014 14:13:41 Software Distribution Service 3.0
03-02-2014 17:57:04 Software Distribution Service 3.0
04-02-2014 18:36:58 Software Distribution Service 3.0
05-02-2014 23:14:52 Software Distribution Service 3.0
06-02-2014 23:38:05 System Checkpoint
08-02-2014 14:15:57 Software Distribution Service 3.0
09-02-2014 17:01:31 Software Distribution Service 3.0
10-02-2014 17:21:34 System Checkpoint
10-02-2014 20:29:04 Software Distribution Service 3.0
11-02-2014 21:10:45 Software Distribution Service 3.0
12-02-2014 22:14:38 System Checkpoint
12-02-2014 23:02:09 Software Distribution Service 3.0
13-02-2014 15:58:28 Software Distribution Service 3.0
14-02-2014 03:51:13 Revo Uninstaller's restore point - Movavi Screen Capture 4
14-02-2014 16:16:47 Software Distribution Service 3.0
15-02-2014 17:30:49 System Checkpoint
15-02-2014 19:56:35 Software Distribution Service 3.0
16-02-2014 20:20:14 Software Distribution Service 3.0
17-02-2014 20:47:43 Software Distribution Service 3.0
18-02-2014 22:51:52 System Checkpoint
19-02-2014 14:42:33 Software Distribution Service 3.0
20-02-2014 15:50:46 Software Distribution Service 3.0
21-02-2014 18:10:14 System Checkpoint
21-02-2014 18:21:11 Software Distribution Service 3.0
22-02-2014 21:27:23 Installed HiJackThis
22-02-2014 21:49:30 Software Distribution Service 3.0

==================== Hosts content: ==========================

2001-08-23 06:00 - 2013-10-11 08:33 - 00450604 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-05-16 15:20 - 2013-05-16 15:17 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-10-11 07:02 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-11 07:02 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-13 22:40 - 2011-10-30 14:28 - 00029696 _____ () C:\Program Files\DuckLink\DuckCapture\QtSolutions_SingleApplication-head.dll
2014-02-13 22:40 - 2011-10-22 08:05 - 08343040 _____ () C:\Program Files\DuckLink\DuckCapture\QtGui4.dll
2014-02-13 22:40 - 2011-08-28 20:41 - 02305536 _____ () C:\Program Files\DuckLink\DuckCapture\QtCore4.dll
2014-02-13 22:40 - 2011-08-28 20:42 - 00862720 _____ () C:\Program Files\DuckLink\DuckCapture\QtNetwork4.dll
2014-02-13 22:40 - 2011-10-30 14:28 - 00582144 _____ () C:\Program Files\DuckLink\DuckCapture\QtSolutions_PropertyBrowser-head.dll
2014-02-13 22:40 - 2011-08-28 20:57 - 01339904 _____ () C:\Program Files\DuckLink\DuckCapture\QtScript4.dll
2014-02-13 22:40 - 2011-08-28 21:50 - 00581120 _____ () C:\Program Files\DuckLink\DuckCapture\QtScriptTools4.dll
2014-02-13 22:40 - 2011-11-03 21:20 - 00617984 _____ () C:\Program Files\DuckLink\DuckCapture\QxtGui.dll
2014-02-13 22:40 - 2011-11-03 21:21 - 00395264 _____ () C:\Program Files\DuckLink\DuckCapture\QxtCore.dll
2014-02-13 22:40 - 2011-08-28 21:51 - 00026624 _____ () C:\Program Files\DuckLink\DuckCapture\plugins\imageformats\qgif4.dll
2014-02-13 22:40 - 2011-08-28 21:51 - 00029184 _____ () C:\Program Files\DuckLink\DuckCapture\plugins\imageformats\qico4.dll
2014-02-13 22:40 - 2011-08-28 21:51 - 00200704 _____ () C:\Program Files\DuckLink\DuckCapture\plugins\imageformats\qjpeg4.dll
2013-10-11 07:02 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-11 07:02 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-11 07:02 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-05-16 16:17 - 2012-05-31 14:48 - 01556480 _____ () C:\Program Files\Free Internet Window Washer\Clearpch.exe
2013-05-16 16:17 - 2011-01-31 08:45 - 00559244 _____ () C:\Program Files\Free Internet Window Washer\sqlite3.dll
2014-02-13 22:38 - 2014-02-13 22:38 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2014 06:15:23 PM) (Source: Avira Antivirus) (User: NT AUTHORITY)
Description: Unable to load file AvShadow.
Returned error code: 0x3e5

Error: (01/18/2014 00:06:46 PM) (Source: Application Hang) (User: )
Description: Fault bucket -473805052.

Error: (01/18/2014 00:06:41 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2014 05:35:39 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 26.0.0.5087, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2014 05:34:35 PM) (Source: Application Error) (User: )
Description: Faulting application clearpch.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [clearpch.exe!ws!]

Error: (12/17/2013 10:05:07 PM) (Source: Application Error) (User: )
Description: Faulting application acrord32.exe, version 11.0.4.63, faulting module acrord32.dll, version 11.0.5.3, fault address 0x000d1073.
Processing media-specific event for [acrord32.exe!ws!]

Error: (12/17/2013 11:32:00 AM) (Source: Microsoft Office 11) (User: )
Description: winword.exe11.0.8407.0521bd0damso.dll11.0.8405.051ede568000075d3b

Error: (12/16/2013 07:06:42 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/15/2013 03:26:54 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 25.0.1.5064, faulting module mozalloc.dll, version 25.0.1.5064, fault address 0x0000119c.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/15/2013 03:26:52 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 25.0.1.5064, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/22/2014 04:36:42 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (02/22/2014 04:36:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (02/22/2014 04:30:30 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (02/22/2014 04:30:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (02/21/2014 06:18:11 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (02/21/2014 06:18:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (02/21/2014 06:11:46 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (02/21/2014 06:11:46 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (02/21/2014 02:17:38 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (02/21/2014 02:17:38 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.


Microsoft Office Sessions:
=========================
Error: (02/21/2014 06:15:23 PM) (Source: Avira Antivirus)(User: NT AUTHORITY)
Description: AvShadow0x3e5

Error: (01/18/2014 00:06:46 PM) (Source: Application Hang)(User: )
Description: -473805052

Error: (01/18/2014 00:06:41 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe11.0.4.63hungapp0.0.0.000000000

Error: (01/15/2014 05:35:39 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087hungapp0.0.0.000000000

Error: (01/15/2014 05:34:35 PM) (Source: Application Error)(User: )
Description: clearpch.exe0.0.0.00.0.0.000000000

Error: (12/17/2013 10:05:07 PM) (Source: Application Error)(User: )
Description: acrord32.exe11.0.4.63acrord32.dll11.0.5.3000d1073

Error: (12/17/2013 11:32:00 AM) (Source: Microsoft Office 11)(User: )
Description: winword.exe11.0.8407.0521bd0damso.dll11.0.8405.051ede568000075d3b

Error: (12/16/2013 07:06:42 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe11.0.4.63hungapp0.0.0.000000000

Error: (12/15/2013 03:26:54 PM) (Source: Application Error)(User: )
Description: plugin-container.exe25.0.1.5064mozalloc.dll25.0.1.50640000119c

Error: (12/15/2013 03:26:52 PM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.5064hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 3053.23 MB
Available physical RAM: 2025.87 MB
Total Pagefile: 4939.19 MB
Available Pagefile: 3817.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.52 MB

==================== Drives ================================

Drive c: (CORNERSTONE) (Fixed) (Total:232.88 GB) (Free:208.87 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: D1B5CA5A)

Partition: GPT Partition Type.

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users