Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix, found ZeroAccess, logs attached


  • This topic is locked This topic is locked
37 replies to this topic

#1 ValleA

ValleA

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 15 March 2014 - 07:43 PM

Hi, This is my original post:  http://www.bleepingcomputer.com/forums/t/527610/chase-online-wont-recognize-my-computer-after-running-combofix-jrt-and-adwclea/?view=getnewpost

 

Quietman7 told me to run dds and post the logs here and reference this original post, so this is what I'm doing. 

 

Combofix said it found ZeroAccess and attempted to removed it.  It seemed to hang up mid-way for quite some time so I rebooted and ran it again and this time it completed.  Then I ran Symantec's ZeroAccess tool and it didn't find anything.  But quietman7 said the logs should be reviewed by the experts (which I am certainly not).  To be honest I wasn't even really concerned about this, my original post was because after running Junkware Removal Tool, Combofix and Adwcleaner something got erased that allowed Chase online to recognize my computer.  Now every single time I want to check my accounts online I have to call in for a security code.  This is the problem I was trying to fix by joining this forum.  I did not have this problem before running the cleaners (all sequentially) only after.

 

Thank you for your help!!!  I am also attaching the JRT log created when it ran.

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:53 AM

Posted 16 March 2014 - 08:44 AM





Hello ValleA

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ValleA

ValleA
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 16 March 2014 - 12:40 PM

Thank you Gringo!  I think it's awesome that people like you are willing to help so much!

 

I will do as you instruct.  I have a question first though.  All the settings on my computer are so messed up that it's close to intolerable, so would it be possible to go back to a restore point before I ran the various cleaners?  That will put me back to having ZeroAccess but then maybe you can guide me correctly (unlike my botched attempt) in removing it.  But at least all the other workings of my compute would be restored. 

 

What do you think? 

 

Thanks!

Valle



#4 ValleA

ValleA
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 16 March 2014 - 03:15 PM

Gringo - Thanks again!  Here are the two logs from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Valle (administrator) on VALLEDESKTOP on 16-03-2014 13:12:49
Running from C:\Documents and Settings\Valle\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Creative Island Media, LLC) C:\Documents and Settings\All Users\Application Data\Websteroids\WebsteroidsService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Creative Island Media, LLC) C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Bret Taylor) C:\Program Files\Bret Taylor\Stickies\Stickies.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
(Dropbox, Inc.) C:\Documents and Settings\Valle\Application Data\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Python Software Foundation) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
(BitTorrent Inc.) C:\Documents and Settings\Valle\Application Data\BitTorrent\BitTorrent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [KodakShareButtonApp] - C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [108544 2012-10-11] (Eastman Kodak Company)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-12-26] (RealNetworks, Inc.)
Winlogon\Notify\TPSvc: TPSvc.dll [X]
HKU\S-1-5-21-62762057-2627913684-2406651807-1005\...\Run: [Stickies] - C:\Program Files\Bret Taylor\Stickies\Stickies.exe [335872 2007-03-14] (Bret Taylor)
HKU\S-1-5-21-62762057-2627913684-2406651807-1005\...\Run: [Plex Media Server] - C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe [4095624 2013-07-31] (Plex, Inc.)
HKU\S-1-5-21-62762057-2627913684-2406651807-1005\...\Policies\Explorer: [NoThumbnailCache] 1
Startup: C:\Documents and Settings\Valle\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Valle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\8.8\vuzeToolbarIE.dll No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope {6E9E7357-6DF4-48D8-80DD-A0F99B485EC5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6E9E7357-6DF4-48D8-80DD-A0F99B485EC5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\8.8\vuzeToolbarIE.dll No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\8.8\vuzeToolbarIE.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 18 C:\Program Files\VMware\VMware Player\vsocklib.dll [338480] (VMware, Inc.)
Winsock: Catalog9 19 C:\Program Files\VMware\VMware Player\vsocklib.dll [338480] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Valle\Application Data\Mozilla\Firefox\Profiles\jjtlka86.default
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Empty Cache Button - C:\Documents and Settings\Valle\Application Data\Mozilla\Firefox\Profiles\jjtlka86.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2013-11-20]
FF Extension: New Tab Homepage - C:\Documents and Settings\Valle\Application Data\Mozilla\Firefox\Profiles\jjtlka86.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012-06-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-19]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-09-20]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-19]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation)
S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-09-20] (Sun Microsystems, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.)
S4 ufad-ws60; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
S4 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.)
S4 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.)
S4 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
R2 Websteroids; C:\Documents and Settings\All Users\Application Data\Websteroids\Websteroids.exe [150392 2014-02-10] (Creative Island Media, LLC)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R2 BASFND; C:\Program Files\Broadcom\MgmtAgent\BASFND.sys [10520 2011-02-09] (Broadcom Corporation)
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [90624 2010-05-28] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [168616 2010-04-05] (Intel Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 LVPr2Mon; C:\WINDOWS\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2010-04-30] (Sonic Focus, Inc)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [32688 2010-01-22] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
R2 VMparport; C:\WINDOWS\system32\Drivers\VMparport.sys [14896 2010-01-22] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
U3 .avgldx86; \? [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-16 13:12 - 2014-03-16 13:12 - 00000000 ____D () C:\FRST
2014-03-16 11:32 - 2014-03-16 11:32 - 00000848 _____ () C:\Documents and Settings\Valle\Desktop\BitTorrent.lnk
2014-03-16 11:31 - 2014-03-16 13:13 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\BitTorrent
2014-03-16 11:22 - 2014-03-16 11:22 - 00000000 ____D () C:\Documents and Settings\Valle\.swt
2014-03-16 10:13 - 2014-03-16 11:22 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\Azureus
2014-03-16 00:01 - 2014-03-16 00:06 - 00000000 ____D () C:\Documents and Settings\Chad\Local Settings\Application Data\Websteroids
2014-03-15 18:44 - 2014-03-15 18:51 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\InfraRecorder
2014-03-15 18:44 - 2014-03-15 18:44 - 00000742 _____ () C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
2014-03-15 18:44 - 2014-03-15 18:44 - 00000000 ____D () C:\Program Files\InfraRecorder
2014-03-15 18:42 - 2014-03-15 18:43 - 04151536 _____ () C:\Documents and Settings\Valle\Desktop\ir053.exe
2014-03-15 18:37 - 2014-03-16 13:13 - 00000000 ____D () C:\Documents and Settings\Valle\Local Settings\Application Data\Websteroids
2014-03-15 18:36 - 2014-03-15 18:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Websteroids
2014-03-15 18:35 - 2014-03-15 18:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter
2014-03-15 17:30 - 2014-03-15 17:30 - 00012618 _____ () C:\Documents and Settings\Valle\Desktop\dds.txt
2014-03-15 17:30 - 2014-03-15 17:30 - 00012598 _____ () C:\Documents and Settings\Valle\Desktop\attach.txt
2014-03-14 14:23 - 2014-03-14 14:24 - 00000000 ____D () C:\Documents and Settings\Valle\My Documents\Equivalent Dropbox Contents
2014-03-13 13:45 - 2014-03-13 13:45 - 00000000 ____D () C:\WINDOWS\Performance
2014-03-13 13:45 - 2014-03-13 13:45 - 00000000 ____D () C:\Documents and Settings\Valle\Local Settings\Application Data\Microsoft Corporation
2014-03-11 18:56 - 2014-03-15 17:48 - 00000000 ____D () C:\Documents and Settings\Valle\Desktop\From Laptop
2014-03-11 00:18 - 2014-03-11 00:18 - 00000774 _____ () C:\Documents and Settings\Valle\Desktop\ComboFix.lnk
2014-03-11 00:04 - 2014-03-11 00:04 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\FixZeroAccess
2014-03-10 23:52 - 2014-03-11 00:01 - 00000000 ____D () C:\ComboFix
2014-03-10 23:12 - 2014-03-10 23:12 - 00000000 _RSHD () C:\cmdcons
2014-03-10 23:12 - 2012-08-04 12:31 - 00000211 _____ () C:\Boot.bak
2014-03-10 23:12 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-10 23:08 - 2011-06-25 23:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-10 23:08 - 2010-11-07 10:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-10 23:08 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-10 23:08 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-10 23:08 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-10 23:08 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-10 23:08 - 2000-08-30 17:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-10 23:08 - 2000-08-30 17:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-10 23:08 - 2000-08-30 17:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-10 22:47 - 2014-03-11 00:00 - 00000000 ____D () C:\Qoobox
2014-03-10 22:46 - 2014-03-10 22:46 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-10 22:45 - 2014-03-10 22:45 - 00005864 _____ () C:\Documents and Settings\Valle\Desktop\JRT.txt
2014-03-10 22:40 - 2014-03-10 22:40 - 00000000 ____D () C:\WINDOWS\ERUNT

==================== One Month Modified Files and Folders =======

2014-03-16 13:13 - 2014-03-16 11:31 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\BitTorrent
2014-03-16 13:13 - 2014-03-15 18:37 - 00000000 ____D () C:\Documents and Settings\Valle\Local Settings\Application Data\Websteroids
2014-03-16 13:12 - 2014-03-16 13:12 - 00000000 ____D () C:\FRST
2014-03-16 13:10 - 2011-09-08 05:31 - 01844527 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-16 12:46 - 2012-01-02 23:18 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 12:29 - 2012-05-05 08:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-16 12:00 - 2012-06-22 13:30 - 00000942 _____ () C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2014-03-16 11:32 - 2014-03-16 11:32 - 00000848 _____ () C:\Documents and Settings\Valle\Desktop\BitTorrent.lnk
2014-03-16 11:24 - 2013-12-26 11:40 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-62762057-2627913684-2406651807-1005.job
2014-03-16 11:24 - 2013-12-26 11:40 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1005.job
2014-03-16 11:24 - 2013-08-28 11:51 - 00000000 ___RD () C:\Documents and Settings\Valle\My Documents\Dropbox
2014-03-16 11:24 - 2013-08-28 11:49 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\Dropbox
2014-03-16 11:24 - 2013-08-20 23:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\boost_interprocess
2014-03-16 11:24 - 2011-10-15 16:18 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1005.job
2014-03-16 11:24 - 2004-08-04 05:00 - 00012716 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-16 11:23 - 2012-01-02 23:18 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 11:23 - 2011-12-14 00:32 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1006.job
2014-03-16 11:23 - 2011-10-16 18:44 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1003.job
2014-03-16 11:23 - 2011-10-14 23:18 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1007.job
2014-03-16 11:23 - 2011-09-08 05:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-16 11:23 - 2011-09-08 01:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-16 11:23 - 2011-09-08 01:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-16 11:22 - 2014-03-16 11:22 - 00000000 ____D () C:\Documents and Settings\Valle\.swt
2014-03-16 11:22 - 2014-03-16 10:13 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\Azureus
2014-03-16 11:22 - 2013-05-22 17:29 - 00000000 ____D () C:\Program Files\Vuze
2014-03-16 11:22 - 2011-09-17 19:18 - 00000000 ____D () C:\Documents and Settings\Valle
2014-03-16 11:22 - 2011-09-08 05:35 - 00032374 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-16 00:10 - 2011-09-18 17:49 - 00000178 ___SH () C:\Documents and Settings\Chad\ntuser.ini
2014-03-16 00:06 - 2014-03-16 00:01 - 00000000 ____D () C:\Documents and Settings\Chad\Local Settings\Application Data\Websteroids
2014-03-16 00:02 - 2014-02-06 18:31 - 00000000 ____D () C:\Documents and Settings\Chad\Local Settings\Application Data\Spotify
2014-03-16 00:02 - 2014-02-06 18:26 - 00000000 ____D () C:\Documents and Settings\Chad\Application Data\Spotify
2014-03-15 23:58 - 2011-09-17 19:18 - 00000178 ___SH () C:\Documents and Settings\Valle\ntuser.ini
2014-03-15 18:51 - 2014-03-15 18:44 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\InfraRecorder
2014-03-15 18:44 - 2014-03-15 18:44 - 00000742 _____ () C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
2014-03-15 18:44 - 2014-03-15 18:44 - 00000000 ____D () C:\Program Files\InfraRecorder
2014-03-15 18:43 - 2014-03-15 18:42 - 04151536 _____ () C:\Documents and Settings\Valle\Desktop\ir053.exe
2014-03-15 18:41 - 2011-09-19 12:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-15 18:39 - 2014-03-15 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter
2014-03-15 18:36 - 2014-03-15 18:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Websteroids
2014-03-15 17:48 - 2014-03-11 18:56 - 00000000 ____D () C:\Documents and Settings\Valle\Desktop\From Laptop
2014-03-15 17:30 - 2014-03-15 17:30 - 00012618 _____ () C:\Documents and Settings\Valle\Desktop\dds.txt
2014-03-15 17:30 - 2014-03-15 17:30 - 00012598 _____ () C:\Documents and Settings\Valle\Desktop\attach.txt
2014-03-15 10:10 - 2013-08-27 22:52 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\vlc
2014-03-14 23:41 - 2012-03-13 23:41 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-03-14 14:46 - 2012-07-08 15:49 - 00000000 ____D () C:\Documents and Settings\Valle\My Documents\Mark
2014-03-14 14:24 - 2014-03-14 14:23 - 00000000 ____D () C:\Documents and Settings\Valle\My Documents\Equivalent Dropbox Contents
2014-03-14 13:40 - 2011-09-28 08:46 - 00002497 _____ () C:\Documents and Settings\Valle\Desktop\Microsoft Office Word 2003.lnk
2014-03-13 13:45 - 2014-03-13 13:45 - 00000000 ____D () C:\WINDOWS\Performance
2014-03-13 13:45 - 2014-03-13 13:45 - 00000000 ____D () C:\Documents and Settings\Valle\Local Settings\Application Data\Microsoft Corporation
2014-03-13 13:45 - 2013-01-26 20:06 - 00142505 _____ () C:\WINDOWS\setupapi.log
2014-03-13 12:43 - 2012-01-09 18:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater
2014-03-12 14:41 - 2011-10-14 23:18 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-62762057-2627913684-2406651807-1007.job
2014-03-11 19:31 - 2012-01-31 12:05 - 00000000 ____D () C:\Documents and Settings\Valle\My Documents\Kent
2014-03-11 14:49 - 2011-09-25 10:21 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-11 12:29 - 2012-05-05 08:48 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 12:29 - 2011-09-18 21:22 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-11 00:18 - 2014-03-11 00:18 - 00000774 _____ () C:\Documents and Settings\Valle\Desktop\ComboFix.lnk
2014-03-11 00:05 - 2011-09-08 01:22 - 00595096 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-11 00:04 - 2014-03-11 00:04 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\FixZeroAccess
2014-03-11 00:01 - 2014-03-10 23:52 - 00000000 ____D () C:\ComboFix
2014-03-11 00:01 - 2004-08-04 05:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-11 00:00 - 2014-03-10 22:47 - 00000000 ____D () C:\Qoobox
2014-03-10 23:12 - 2014-03-10 23:12 - 00000000 _RSHD () C:\cmdcons
2014-03-10 23:12 - 2011-09-08 01:21 - 00000327 __RSH () C:\boot.ini
2014-03-10 22:46 - 2014-03-10 22:46 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-10 22:45 - 2014-03-10 22:45 - 00005864 _____ () C:\Documents and Settings\Valle\Desktop\JRT.txt
2014-03-10 22:41 - 2013-05-22 17:30 - 00000000 ____D () C:\Program Files\Common Files\Spigot
2014-03-10 22:40 - 2014-03-10 22:40 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-10 12:04 - 2011-09-17 20:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507618$
2014-03-10 02:15 - 2012-05-05 08:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-10 02:15 - 2012-03-14 14:03 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-10 02:15 - 2012-03-14 14:03 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-03 19:19 - 2013-03-03 19:58 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs
2014-03-03 19:19 - 2013-03-03 19:56 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad
2014-03-03 01:03 - 2012-07-15 11:30 - 00000000 ____D () C:\Documents and Settings\Chad\My Documents\Camera
2014-02-28 01:07 - 2012-03-04 15:25 - 00685048 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-21 19:52 - 2013-11-26 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-02-21 19:52 - 2013-09-20 09:53 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-02-21 19:22 - 2012-10-01 19:54 - 00000000 ____D () C:\Documents and Settings\Valle\My Documents\Fern
2014-02-21 19:21 - 2012-01-31 12:05 - 00000000 ____D () C:\Documents and Settings\Valle\My Documents\Grant
2014-02-18 13:01 - 2011-09-28 17:41 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-17 11:50 - 2013-12-20 15:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 11:50 - 2012-05-11 07:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-14 21:28 - 2011-09-23 14:44 - 00000000 ____D () C:\Documents and Settings\Valle\Application Data\Skype

Some content of TEMP:
====================
C:\Documents and Settings\Valle\Local Settings\temp\nsi4B.exe
C:\Documents and Settings\Valle\Local Settings\temp\nsq5E.exe
C:\Documents and Settings\Valle\Local Settings\temp\nsr47.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Valle at 2014-03-16 13:13:17
Running from C:\Documents and Settings\Valle\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5 - Arduino LLC)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.0.30659 - BitTorrent Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4700 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
InstallConverter bundle uninstaller (HKLM\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
InstallIQ Updater (HKLM\...\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}) (Version: 1.4.3.0 - W3i, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5322 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
KODAK Share Button App (HKLM\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MathGV 4.1 (HKLM\...\{D30F78E6-2A82-48E5-94A9-D295D64501BF}) (Version: 4.1.0 - MathGV)
MB Service Manual (HKLM\...\{E7A9267F-88AB-4508-8467-FEF2CCD47A48}_is1) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Plex Media Server (HKLM\...\{d90d42d5-d6d5-480c-bdb7-611f34caf0a9}) (Version: 0.9.804 - Plex, Inc.)
Plex Media Server (Version: 0.9.804 - Plex, Inc.) Hidden
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RegistryFix v8.0 (HKLM\...\Registry Fix_is1) (Version:  - Registry Fix)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.1.10441 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7270 - Analog Devices)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Stickies (HKLM\...\{0A770EE2-905F-4DBD-8963-2E4F0FAFD66F}) (Version: 3.0.7 - Bret Taylor)
Tone Stack Calculator (HKLM\...\Tone Stack Calculator) (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
tools-windows (Version: 8.1.4.11056 - VMware, Inc.) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
USB Scale PC Program Version 1.10 (HKLM\...\USB Scale PC Program_is1) (Version: 1.1.0 - Xiamen Elane Electronics Company Ltd.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VMware Player (HKLM\...\VMware_Player) (Version: 3.0.1.11056 - VMware, Inc)
VMware Player (Version: 3.0.1.11056 - VMware, Inc.) Hidden
Vuze Remote Toolbar v8.8 (HKLM\...\{0A667D95-3D2A-4482-B435-A9EC56DEB408}) (Version: 8.8 - Spigot, Inc.) <==== ATTENTION
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Websteroids (Version: 2.6.63 - Creative Island Media, LLC) Hidden <==== ATTENTION
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

20-12-2013 23:26:27 System Checkpoint
22-12-2013 05:52:31 System Checkpoint
25-12-2013 08:57:23 System Checkpoint
05-01-2014 19:31:32 System Checkpoint
12-01-2014 02:48:35 System Checkpoint
13-01-2014 02:53:29 System Checkpoint
15-01-2014 23:08:15 System Checkpoint
22-01-2014 03:44:16 System Checkpoint
26-01-2014 07:46:46 System Checkpoint
28-01-2014 01:56:14 System Checkpoint
01-02-2014 03:39:10 System Checkpoint
02-02-2014 22:42:39 System Checkpoint
04-02-2014 02:52:52 System Checkpoint
06-02-2014 05:40:18 System Checkpoint
15-02-2014 20:07:31 System Checkpoint
18-02-2014 00:29:56 System Checkpoint
20-02-2014 04:19:21 System Checkpoint
22-02-2014 02:50:31 Installed AVG 2014
28-02-2014 04:10:54 System Checkpoint
03-03-2014 05:19:25 System Checkpoint
07-03-2014 02:56:32 System Checkpoint
09-03-2014 00:43:04 System Checkpoint
10-03-2014 10:04:28 System Checkpoint
11-03-2014 17:11:46 System Checkpoint
12-03-2014 19:19:49 System Checkpoint
13-03-2014 20:45:01 Installed Windows 7 Upgrade Advisor
15-03-2014 14:51:04 System Checkpoint
16-03-2014 18:24:14 Restore Operation
16-03-2014 18:26:17 Removed Windows 7 Upgrade Advisor
16-03-2014 18:26:48 Removed Vuze Remote Toolbar v8.8.
16-03-2014 18:27:01 Removed Vuze Remote Toolbar v8.8.

==================== Hosts content: ==========================

2004-08-04 05:00 - 2014-03-11 00:00 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-62762057-2627913684-2406651807-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-62762057-2627913684-2406651807-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-62762057-2627913684-2406651807-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-62762057-2627913684-2406651807-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-62762057-2627913684-2406651807-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-62762057-2627913684-2406651807-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-09-08 05:42 - 2010-05-21 10:14 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2014-02-10 21:47 - 2014-02-10 21:47 - 01151864 _____ () C:\WINDOWS\system32\Websteroids.B324755F3F87.dll
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2013-07-31 14:42 - 2013-07-31 14:42 - 00073352 _____ () C:\Program Files\Plex\Plex Media Server\zlib.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00195720 _____ () C:\Program Files\Plex\Plex Media Server\libidn.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00840840 _____ () C:\Program Files\Plex\Plex Media Server\libxml2.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00238232 _____ () C:\Program Files\Plex\Plex Media Server\swscale-0.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00137880 _____ () C:\Program Files\Plex\Plex Media Server\avutil-50.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00051848 _____ () C:\Program Files\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00089224 _____ () C:\Program Files\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 05299352 _____ () C:\Program Files\Plex\Plex Media Server\avcodec-52.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00980120 _____ () C:\Program Files\Plex\Plex Media Server\avformat-52.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00507528 _____ () C:\Program Files\Plex\Plex Media Server\tag.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 08495240 _____ () C:\Program Files\Plex\Plex Media Server\WebKit.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00952968 _____ () C:\Program Files\Plex\Plex Media Server\CFLite.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 01291400 _____ () C:\Program Files\Plex\Plex Media Server\JavaScriptCore.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 01038984 _____ () C:\Program Files\Plex\Plex Media Server\cairo.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00073352 _____ () C:\Program Files\Plex\Plex Media Server\zlib1.dll
2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Documents and Settings\Valle\Application Data\Dropbox\bin\libcef.dll
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2013-07-31 14:42 - 2013-07-31 14:42 - 00045192 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00028808 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00019080 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00032392 _____ () C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00836744 _____ () C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00062600 _____ () C:\Program Files\Plex\Plex Media Server\libexslt.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00166024 _____ () C:\Program Files\Plex\Plex Media Server\libxslt.dll
2013-07-31 14:42 - 2013-07-31 14:42 - 00192648 _____ () C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00016520 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00056456 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00018056 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00044680 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00083080 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00111752 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
2013-07-31 14:42 - 2013-07-31 14:42 - 00692360 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
2013-12-20 15:09 - 2014-02-15 12:42 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-11 12:29 - 2014-03-11 12:29 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aim => "C:\Program Files\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KodakShareButtonApp => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files\VMware\VMware Player\hqtray.exe"

==================== Faulty Device Manager Devices =============

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 11:27:01 AM) (Source: MsiInstaller) (User: VALLEDESKTOP)
Description: Product: Vuze Remote Toolbar v8.8 -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\vuzeToolbar.msi(NULL)(NULL)(NULL)(NULL)

Error: (03/16/2014 11:26:48 AM) (Source: MsiInstaller) (User: VALLEDESKTOP)
Description: Product: Vuze Remote Toolbar v8.8 -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\vuzeToolbar.msi(NULL)(NULL)(NULL)(NULL)

Error: (03/16/2014 00:02:06 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/15/2014 07:26:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27861984

Error: (03/15/2014 07:26:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27861984

Error: (03/15/2014 07:26:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/14/2014 02:48:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1954

Error: (03/14/2014 02:48:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1954

Error: (03/14/2014 02:48:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/13/2014 11:15:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10339328


System errors:
=============
Error: (03/16/2014 11:22:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/15/2014 07:30:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/15/2014 07:28:18 PM) (Source: DCOM) (User: VALLEDESKTOP)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/15/2014 10:56:55 AM) (Source: DCOM) (User: VALLEDESKTOP)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/15/2014 10:20:29 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/15/2014 10:18:21 AM) (Source: DCOM) (User: VALLEDESKTOP)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/15/2014 07:31:11 AM) (Source: DCOM) (User: VALLEDESKTOP)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/14/2014 06:43:42 PM) (Source: DCOM) (User: VALLEDESKTOP)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/14/2014 06:13:40 PM) (Source: DCOM) (User: VALLEDESKTOP)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/14/2014 02:48:50 PM) (Source: DCOM) (User: VALLEDESKTOP)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (03/16/2014 11:27:01 AM) (Source: MsiInstaller)(User: VALLEDESKTOP)
Description: Product: Vuze Remote Toolbar v8.8 -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\vuzeToolbar.msi(NULL)(NULL)(NULL)(NULL)

Error: (03/16/2014 11:26:48 AM) (Source: MsiInstaller)(User: VALLEDESKTOP)
Description: Product: Vuze Remote Toolbar v8.8 -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\vuzeToolbar.msi(NULL)(NULL)(NULL)(NULL)

Error: (03/16/2014 00:02:06 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/15/2014 07:26:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27861984

Error: (03/15/2014 07:26:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27861984

Error: (03/15/2014 07:26:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/14/2014 02:48:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1954

Error: (03/14/2014 02:48:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1954

Error: (03/14/2014 02:48:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/13/2014 11:15:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10339328


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 3291.54 MB
Available physical RAM: 2156.76 MB
Total Pagefile: 5175.5 MB
Available Pagefile: 4102.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.01 GB) (Free:9 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 69E069E0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:53 AM

Posted 16 March 2014 - 04:24 PM



Hello ValleA

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ValleA

ValleA
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 16 March 2014 - 07:06 PM

I ran the two programs.  But I would really like to restore my computer to a previous point, but I can't!  The system restore points in attach.txt don't agree with the points shown in the System Restore calendar - they are shifted by a day.  So if I pick one it goes through the process and ultimately says it can't restore to that point.  I wanted to restore back to when it worked properly and then do the cleaning.  For example right now it doesn't recognize my camera and open the window to open the files, like it used to.  And if I do it manually and click on a photo it doesn't open the same software that I used to use to crop and resize the pictures, now it's only a photo viewer and I can't find the other one.  

 

Anyway, the logs are here.  Sorry, but I couldn't paste the adwcleaner text, it wouldn't do anything, so I had to attach it instead.  And while trying to click here and paste it, i got this whole mess on the bottom of my screen:  <!DOCTYPE html>

<html lang="en">

    <head></head>
    <body id="ipboard_body" onpageshow="event.persisted && (function(){var allInstances = CKEDITOR.i… doc.$.designMode = "off"; doc.$.designMode = "on"; }}})();">
        <p id="content_jump" class="hide"></p>
        <div id="ipbwrapper">
            <!--

             ::: TOP BAR: Sign in / register or user drop down…

            -->
            <div id="header_bar" class="clearfix"></div>
            <!--

             ::: BRANDING STRIP: Logo and search box :::

            -->
            <div id="branding"></div>
            <!--

             ::: APPLICATION TABS :::

            -->
            <div id="primary_nav" class="clearfix"></div>
            <!--

             ::: MAIN CONTENT AREA :::

            -->
            <div id="content" class="clearfix">
                <!--

                 ::: NAVIGATION BREADCRUMBS :::

                -->
                <div id="secondary_navigation" class="clearfix"></div>
                <br></br>
                <noscript></noscript>
                <!--

                 ::: CONTENT :::

                -->
                <!--

                 wolf_restrictedReplyFunction 31F01 source

                -->
                <!--

                 wolf_restrictedReplyFunction 31F01 source

                -->
                <h2 class="maintitle"></h2>
                <div class="post_block no_sidebar"></div>
                <br></br>
                <h1 class="ipsType_pagetitle"></h1>
                <br></br>
                <!--

                FORUM RULES

                -->
                <form id="postingform" enctype="multipart/form-data" method="post" action="http://www.bleepingcomputer.com/forums/index.php?">
                    <div class="ipsBox ipsForm_vertical ipsLayout ipsLayout_withright ipsPostForm clearfix">
                        <div class="ipsBox_container ipsLayout_right ipsPostForm_sidebar"></div>
                        <div class="ipsBox_container ipsLayout_content">
                            <ul class="ipsForm ipsForm_vertical ipsPad">
                                <li class="ipsField ipsField_editor">
                                    <script src="http://www.bleepingcomputer.com/forums/public/js/3rd_party/ckeditor/ckeditor.js?nck=fb99e14e49767998a66e3b7a9956074d" type="text/javascript"></script>
                                    <script type="text/javascript"></script>
                                    <input id="isRte_editor_53263b6479d8b" type="hidden" value="1" name="isRte" rel="include"></input>
                                    <input id="noSmilies_editor_53263b6479d8b" type="hidden" value="0" name="noSmilies" rel="include"></input>
                                    <!--

                                     NO JS FALLBACK

                                    -->
                                    <input id="noCKEditor_editor_53263b6479d8b" type="hidden" value="0" name="noCKEditor" rel="include"></input>
                                    <textarea id="editor_53263b6479d8b" class="ipsEditor_textarea input_text" style="display: none; visibility: hidden;" name="Post"></textarea>
                                    <span id="cke_editor_53263b6479d8b" class="cke_skin_ips cke_1 cke_editor_editor_53263b6479d8b" lang="ipb" aria-labelledby="cke_editor_53263b6479d8b_arialbl" role="application" title="" dir="ltr">
                                        <span id="cke_editor_53263b6479d8b_arialbl" class="cke_voice_label"></span>
                                        <span class="cke_browser_gecko" role="presentation">
                                            <span class="cke_wrapper cke_ltr" role="presentation">
                                                <table class="cke_editor" cellspacing="0" cellpadding="0" border="0" role="presentation">
                                                    <tbody>
                                                        <tr role="presentation" style="-moz-user-select: none;"></tr>
                                                        <tr role="presentation">
                                                            <td id="cke_contents_editor_53263b6479d8b" class="cke_contents" role="presentation" style="height: 350px; padding: 0px ! important;">
                                                                <span id="cke_60" class="cke_voice_label"></span>
                                                                <iframe frameborder="0" allowtransparency="true" tabindex="25" src="" title="Rich text editor, editor_53263b6479d8b, press ALT 0 for help." aria-describedby="cke_60" style="width:100%;height:100%">
                                                                    #document
                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
                                                                        <html class="CSS1Compat" lang="ipb" dir="ltr"></html>
                                                                </iframe>
                                                            </td>
                                                        </tr>
                                                        <tr role="presentation" style="-moz-user-select: none;"></tr>
                                                    </tbody>
                                                </table>
                                                <style></style>
                                            </span>
                                        </span>
                                    </span>
                                    <p id="editor_html_message_editor_53263b6479d8b" class="desc ipsPad" style="display: none"></p>
                                    <script type="text/javascript"></script>
                                </li>
                            </ul>
                            <fieldset class="attachments"></fieldset>
                        </div>
                    </div>
                    <fieldset class="submit clear"></fieldset>
                </form>
                <script src="http://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/prettify.js" type="text/javascript"></script>
                <script src="http://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/lang-sql.js" type="text/javascript"></script>
                <!--

                 By default we load generic code, php, css, sql an…

                -->
                <script type="text/javascript"></script>
                <br></br>
                <br></br>
                <h3 class="maintitle"></h3>
                <div class="generic_bar"></div>
                <div id="topic_summary"></div>
                <ol class="breadcrumb bottom ipsList_inline left clearfix clear"></ol>
            </div>
            <!--

             ::: FOOTER (Change skin, language, mark as read, …

            -->
            <div id="footer_utilities" class="main_width clearfix clear"></div>
            <script src="http://www.bleepingcomputer.com/forums/public/js/3rd_party/lightbox.js" type="text/javascript"></script>
            <script type="text/javascript"></script>
        </div>
        <input id="hte_editor_53263b6479d8b" type="text" style="position: absolute; left: -1000px; display: none;" undefined="position:absolute;left:-1000px;display:none;"></input>
        <script type="text/javascript"></script>
        <div id="more_apps_menucontent" class="submenu_container clearfix boxShadow" style="display: none; z-index: 9999; position: absolute;"></div>
        <div id="overlay" style="display: none;"></div>
        <div id="lightbox" style="display: none;"></div>
    </body>

</html>

 

Here is JRT:  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Valle on Sun 03/16/2014 at 16:48:43.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/16/2014 at 16:52:56.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:53 AM

Posted 16 March 2014 - 07:57 PM


Hello ValleA

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ValleA

ValleA
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 17 March 2014 - 01:45 AM

I'm not getting a real response to my comments so I'm thinking this is a robo-instructor.  I've already run all these things, but now I've done them again.  Here is the ComboFix log: I'm still not able to copy and paste some of these logs, is that a problem?  I attached it instead.  You asked how the computer is doing.  It seems pretty good EXCEPT it takes several minutes for the "turn off, stand by or restart" window to even show up after clicking the "start" in the bottom left of Windows XP.  It used to be instantaneous.  If I don't wait then the computer goes off into never never black screen mode and doesn't wake up - I have to do a hard reboot with the power button.  I would like to fix this problem!  Thank you.

Attached Files



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:53 AM

Posted 17 March 2014 - 07:51 AM

Hello


The comments you have given me are telling me things do not work the way they did before and system restore is broken

The problem about not being able to copy and paste is the forum software

in the reply window toggle the little square box in the upper left corner - see screen shot

Attached File  Capture.PNG   26.25KB   0 downloads


The problems you have mentioned probably is not going to be malware but something wronge with the computer and will take time to find it


Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • Internet access
    Windows Update
    Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ValleA

ValleA
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 17 March 2014 - 12:07 PM

Thank you, sorry for doubting haha!

 

Ran both programs.  MRB only found 1 thing the first time and nothing the second.  RogueKiller brings up this whole other screen asking you to download PUP Removal, so that was confusing.

 

There is no report [2] they both are [0]  ??  So I attached the second one that was produced.  I still can't copy and paste so I attached instead.

 

Computer seems good but still having the problem with the "standby, restart, turn-off" window popping up late.  I just timed it and it was 1 minute 50 seconds to pop up.

Attached Files


Edited by ValleA, 17 March 2014 - 12:13 PM.


#11 ValleA

ValleA
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 17 March 2014 - 12:16 PM

oops, I forgot to toggle the little square box. Now I can copy and paste the two reports:

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Valle [Admin rights]
Mode : Remove -- Date : 03/17/2014 10:02:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] jjtlka86.default : AVG SafeGuard toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA7704184)
[Address] SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA77042D0)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160318AS +++++
--- User ---
[MBR] b2100dff6085195c37790faf5868824f
[BSP] b8351d96236ec9b4dd2a2c71e2763f98 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03172014_100243.txt >>
RKreport[0]_S_03172014_100058.txt


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.593000 GHz
Memory total: 3451428864, free: 2275450880

Downloaded database version: v2014.03.17.05
Downloaded database version: v2014.02.20.01
Initializing...
======================
------------ Kernel report ------------
03/17/2014 09:11:35
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Combo-Fix.sys
sfaudio.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1k5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\??\C:\WINDOWS\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\drivers\hcmon.sys
\??\C:\WINDOWS\system32\Drivers\vmci.sys
\??\C:\WINDOWS\system32\Drivers\VMparport.sys
\??\C:\WINDOWS\system32\Drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
\??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
\??\C:\DOCUME~1\Valle\LOCALS~1\Temp\catchme.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae89ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-16\
Lower Device Object: 0xffffffff8ae64d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae89ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae95b68, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae89ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae64d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-16\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69E069E0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312496317
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Done!
Infected: C:\WINDOWS\system32\Websteroids.B324755F3F87.dll --> [Adware.SaMon]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.593000 GHz
Memory total: 3451428864, free: 2683768832

=======================================
------------ Kernel report ------------
03/17/2014 09:39:56
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sfaudio.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1k5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\??\C:\WINDOWS\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\drivers\hcmon.sys
\??\C:\WINDOWS\system32\Drivers\vmci.sys
\??\C:\WINDOWS\system32\Drivers\VMparport.sys
\??\C:\WINDOWS\system32\Drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
\??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
\SystemRoot\system32\Drivers\LVPr2Mon.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aedaab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-16\
Lower Device Object: 0xffffffff8ae57d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aedaab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8aeb1758, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aedaab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae57d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-16\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69E069E0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312496317
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:53 AM

Posted 17 March 2014 - 12:33 PM



I want you to run things in selective startup, this will help pinpoint the type of problem it is



1. push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
2. In the Open box, type msconfig and then click OK. The System Configuration Utility appears.
3. Click the "services" tab.
4. Put a checkmark in "hide all Microsofts services".
5. Uncheck anything that is left.
6. click on the "startup" tab
7. uncheck all under this tab
8. click on the apply button


Restat the computer and see how things are doing, If things are doing better then repeat the process but this time start with the services and start by adding the first half back and apply the changes

If things go bad again then you know the problem is in the services that you restarted and you can keep searching untill you find the one it is

if you restart all the services and things are still ok then go back and do the same thing for the startup programs
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ValleA

ValleA
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 17 March 2014 - 05:31 PM

Okay, I did all that, wow, alot of work, I had to figure out what all those things were in startup and services. The problem seems to be gone! I don't really know what I did but maybe just ending and restarting some of those programs was enough because first I disabled all, restarted, and then enabled all, restarted, and the problem was gone, so it wasn't a matter of one particular program being a problem. Good though! Thank you so much!!!

#14 ValleA

ValleA
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 17 March 2014 - 08:58 PM

Jumped the gun on saying it was gone, it's back. I guess disabling and enabling things cleared it temporarily but after a little time it came back. Which makes it very hard to troubleshoot, if I have to wait an hour after enabling each .exe!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:53 AM

Posted 19 March 2014 - 07:46 AM

Hello ValleA

The way I would do it is by half - disable half the things first and check things over - eliminating half each time till you find it


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users