Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Agent/Gen-Infector and Disabled.SecurityCenterOption


  • This topic is locked This topic is locked
19 replies to this topic

#1 Hoose-mon

Hoose-mon

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 13 April 2014 - 07:39 PM

Hi,

 

My 88 year old father's computer was invaded by some guy who called and talked him into allowing access, so he could "remove the infections" he supposedly had.  

 

My day isn't real clear on what was done, but the guy installed TightVNC, and I found the terminal application was shown on the list of recently used applications.

 

I ran Malware Bytes and Super AntiSpyware.  They found Disabled.SecurityCenterOption, and Trojan.Agent/Gen-Infector.

 

Even after removing those, the computer is at a standstill when the Ethernet cable is plugged in.  

 

If I unplug the network connection, it will actually run applications at a normal speed.

 

 

Here's the DDS,txt log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Hoose at 20:26:46 on 2014-04-13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1983.1384 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2013 *Enabled* 
FW: avast! Antivirus *Enabled* 
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.bing.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{1502E787-1D51-497D-A083-77A66BECD1E5} : DHCPNameServer = 192.168.0.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hoose\application data\mozilla\firefox\profiles\2w9cqwmr.default-1354118466343\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-12-16 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [2013-12-16 247192]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-3 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-3 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-12-16 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-3 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-3 410528]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-29 33624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-3 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-3 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-12-16 116776]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-4 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-15 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-13 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-13 857912]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-12-14 86016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-13 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-13 107736]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-14 1684736]
S3 ENDETECT;ENDETECT;\??\c:\progra~1\fronti~1\fronti~1\app\endetect.sys --> c:\progra~1\fronti~1\fronti~1\app\ENDETECT.SYS [?]
S3 L2XPSR;L2XPSR;\??\c:\progra~1\fronti~1\fronti~1\app\l2xpsr.sys --> c:\progra~1\fronti~1\fronti~1\app\L2XPSR.SYS [?]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 NTSTPL1;NTSTPL1;\??\c:\progra~1\fronti~1\fronti~1\app\ntstpl1.sys --> c:\progra~1\fronti~1\fronti~1\app\NTSTPL1.SYS [?]
S3 NTSTPL2;NTSTPL2;c:\progra~1\fronti~1\fronti~1\app\NTSTPL2.SYS [2010-4-4 16736]
S3 TAPBIND;TAPBIND;\??\c:\progra~1\fronti~1\fronti~1\app\tapbind1.sys --> c:\progra~1\fronti~1\fronti~1\app\TAPBIND1.SYS [?]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 tvnserver;TightVNC Server;c:\program files\showmypcservice\tvnserver.exe [2010-7-8 815704]
S4 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.0.0\ToolbarUpdater.exe [2013-3-28 990896]
.
=============== Created Last 30 ================
.
2014-04-13 22:01:37 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-13 22:01:27 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-13 22:01:27 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-13 22:01:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-13 21:18:16 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-04-13 21:18:10 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
==================== Find3M  ====================
.
2014-04-11 12:21:19 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-04-11 12:21:19 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-04-11 12:21:18 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-11 12:21:18 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-01-28 17:26:23 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-01-28 17:26:22 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
============= FINISH: 20:27:14.09 ===============
 
 
 
 
Thanks in advance for your help with this problem.
 
Hoosemon
 
 
 
 
 
 
 
 

Attached Files


Hoosemon

 

 

In comic strips, the person on the left always speaks first...George Carlin


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 PM

Posted 18 April 2014 - 07:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530963 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Hoose-mon

Hoose-mon
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 19 April 2014 - 11:57 AM

Hi - I'm posting a reply at the direction of the HelpBot message above.

 

After posing the original message, I turned off the infected computer and did nothing with it.

 

Prior to creating the DDS log, I ran scans with SuperAntiSpyware and MalWareBytes, and the malware mentioned in the original subject line were found and removed by them.

 

I'm re-running DDS and will attach the attach.txt file.

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Hoose at 12:44:58 on 2014-04-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1983.1393 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2013 *Enabled* 
FW: avast! Antivirus *Enabled* 
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.bing.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{1502E787-1D51-497D-A083-77A66BECD1E5} : DHCPNameServer = 192.168.0.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hoose\application data\mozilla\firefox\profiles\2w9cqwmr.default-1354118466343\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-12-16 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [2013-12-16 247192]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-3 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-3 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-12-16 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-3 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-3 410528]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-29 33624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-3 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-3 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-12-16 116776]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-4 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-15 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-13 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-13 857912]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-12-14 86016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-13 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-13 107736]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-14 1684736]
S3 ENDETECT;ENDETECT;\??\c:\progra~1\fronti~1\fronti~1\app\endetect.sys --> c:\progra~1\fronti~1\fronti~1\app\ENDETECT.SYS [?]
S3 L2XPSR;L2XPSR;\??\c:\progra~1\fronti~1\fronti~1\app\l2xpsr.sys --> c:\progra~1\fronti~1\fronti~1\app\L2XPSR.SYS [?]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 NTSTPL1;NTSTPL1;\??\c:\progra~1\fronti~1\fronti~1\app\ntstpl1.sys --> c:\progra~1\fronti~1\fronti~1\app\NTSTPL1.SYS [?]
S3 NTSTPL2;NTSTPL2;c:\progra~1\fronti~1\fronti~1\app\NTSTPL2.SYS [2010-4-4 16736]
S3 TAPBIND;TAPBIND;\??\c:\progra~1\fronti~1\fronti~1\app\tapbind1.sys --> c:\progra~1\fronti~1\fronti~1\app\TAPBIND1.SYS [?]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 tvnserver;TightVNC Server;c:\program files\showmypcservice\tvnserver.exe [2010-7-8 815704]
S4 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.0.0\ToolbarUpdater.exe [2013-3-28 990896]
.
=============== Created Last 30 ================
.
2014-04-14 13:17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-04-13 22:01:37 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-13 22:01:27 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-13 22:01:27 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-13 22:01:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-13 21:18:16 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-04-13 21:18:10 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
==================== Find3M  ====================
.
2014-04-11 12:21:19 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-04-11 12:21:19 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-04-11 12:21:18 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-11 12:21:18 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-01-28 17:26:23 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-01-28 17:26:22 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
============= FINISH: 12:45:26.92 ===============
 

Hoosemon

 

 

In comic strips, the person on the left always speaks first...George Carlin


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 19 April 2014 - 09:46 PM

Greetings Hoose-mon and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Result log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Hoose-mon

Hoose-mon
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 20 April 2014 - 08:42 AM

Greetings Oh My,

 

Thanks for taking my case.  I've been helped before by the folks who volunteer their time and talent to this wonderful site, and I respect and appreciate what you all do.  I promise to be good and follow instructions.  This is my father's computer we're working on, so I have no problem leaving it alone between steps.  I have a couple more computers here to keep me occupied.  I'm also doing everything with this computer offline, since plugging in the Ethernet cable makes it slow to a crawl, and even opening an application takes about 5 minutes.  I'm using a thumb drive to move the log files back and forth between my Linux computer and the sick one.

 

Here are the results from FRST:

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2014
Ran by Hoose (administrator) on MSI-7309V13-XPP on 20-04-2014 09:24:30
Running from C:\Documents and Settings\Hoose\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(PC Pitstop LLC) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-06] (AVAST Software)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKU\S-1-5-21-2088549495-3139552178-2459043315-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16D8E0FA8223CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={B7CAAE4A-234B-474E-BF34-1D771E476C9D}&mid=b3e47038e4a1a99d6ad28953d99119fa-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=fr&d=2012-10-01 11:34:19&v=12.2.5.34&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={B7CAAE4A-234B-474E-BF34-1D771E476C9D}&mid=b3e47038e4a1a99d6ad28953d99119fa-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=fr&d=2012-10-01 11:34:19&v=12.2.5.34&sap=dsp&q={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343
FF user.js: detected! => C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\user.js
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: ShopAtHome.com Toolbar - C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\Extensions\toolbar@shopathome.com [2013-11-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files\AVG\AVG2012\Thunderbird\
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-03]
CHR Extension: (YouTube) - C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-03]
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-08-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-03]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [2012-11-08]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [116776 2013-12-16] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC)
S4 tvnserver; C:\Program Files\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
S4 vToolbarUpdater15.0.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-03-28] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-08-22] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2008-04-13] (ADMtek Incorporated.)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2013-12-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-06] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2013-09-25] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [247192 2013-12-16] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-12-16] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-06] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-06] ()
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33624 2013-03-28] (AVG Technologies)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-20] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NTSTPL2; C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL2.SYS [16736 2003-08-05] (Network TeleSystems, Inc.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-07-31] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-07-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 ENDETECT; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [X]
S4 IntelIde; No ImagePath
S3 L2XPSR; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [X]
S4 LMIRfsClientNP; No ImagePath
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NTSTPL1; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [X]
S3 TAPBIND; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [X]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-20 09:24 - 2014-04-20 09:24 - 00016644 _____ () C:\Documents and Settings\Hoose\Desktop\FRST.txt
2014-04-20 09:24 - 2014-04-20 09:24 - 00000000 ____D () C:\FRST
2014-04-20 09:23 - 2014-04-20 09:20 - 01043968 _____ (Farbar) C:\Documents and Settings\Hoose\Desktop\FRST.exe
2014-04-20 09:23 - 2014-04-20 09:19 - 00982016 _____ (Farbar) C:\Documents and Settings\Hoose\Desktop\MiniToolBox.exe
2014-04-19 12:45 - 2014-04-19 12:45 - 00014765 _____ () C:\Documents and Settings\Hoose\Desktop\attach.txt
2014-04-19 12:45 - 2014-04-19 12:45 - 00009378 _____ () C:\Documents and Settings\Hoose\Desktop\dds.txt
2014-04-14 09:17 - 2014-04-14 09:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-13 20:21 - 2014-04-13 20:18 - 00688992 ____R (Swearware) C:\Documents and Settings\Hoose\Desktop\dds.com
2014-04-13 18:01 - 2014-04-20 09:22 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 18:01 - 2014-04-13 18:01 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 18:01 - 2014-04-13 18:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-13 18:01 - 2014-04-13 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-13 18:01 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-13 18:01 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-13 17:18 - 2014-04-19 12:35 - 00001866 _____ () C:\WINDOWS\setupact.log
2014-04-13 17:18 - 2014-04-13 17:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-13 17:18 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-04-13 17:18 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-04-13 17:17 - 2014-04-19 12:35 - 00031701 _____ () C:\WINDOWS\setupapi.log
2014-03-29 14:45 - 2014-03-29 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
2014-04-20 09:24 - 2014-04-20 09:24 - 00016644 _____ () C:\Documents and Settings\Hoose\Desktop\FRST.txt
2014-04-20 09:24 - 2014-04-20 09:24 - 00000000 ____D () C:\FRST
2014-04-20 09:23 - 2013-05-03 18:15 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-20 09:22 - 2014-04-13 18:01 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 09:22 - 2013-05-03 18:15 - 00000880 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 09:20 - 2014-04-20 09:23 - 01043968 _____ (Farbar) C:\Documents and Settings\Hoose\Desktop\FRST.exe
2014-04-20 09:19 - 2014-04-20 09:23 - 00982016 _____ (Farbar) C:\Documents and Settings\Hoose\Desktop\MiniToolBox.exe
2014-04-20 09:19 - 2009-09-25 11:29 - 01092105 ____C () C:\WINDOWS\WindowsUpdate.log
2014-04-20 09:18 - 2010-01-16 19:34 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-04-20 09:18 - 2010-01-15 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-04-20 09:17 - 2012-12-14 23:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCPitstop
2014-04-20 09:17 - 2010-01-16 19:34 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-04-20 09:17 - 2009-09-25 11:36 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-04-19 12:58 - 2010-01-13 14:46 - 00000178 __SHC () C:\Documents and Settings\Hoose\ntuser.ini
2014-04-19 12:58 - 2009-09-25 11:36 - 00032508 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-19 12:45 - 2014-04-19 12:45 - 00014765 _____ () C:\Documents and Settings\Hoose\Desktop\attach.txt
2014-04-19 12:45 - 2014-04-19 12:45 - 00009378 _____ () C:\Documents and Settings\Hoose\Desktop\dds.txt
2014-04-19 12:35 - 2014-04-13 17:18 - 00001866 _____ () C:\WINDOWS\setupact.log
2014-04-19 12:35 - 2014-04-13 17:17 - 00031701 _____ () C:\WINDOWS\setupapi.log
2014-04-19 12:35 - 2008-04-14 08:00 - 00012598 ____C () C:\WINDOWS\system32\wpa.dbl
2014-04-14 09:27 - 2013-05-03 18:20 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-14 09:17 - 2014-04-14 09:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-14 09:01 - 2013-05-03 18:15 - 00000884 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 20:53 - 2013-05-26 16:11 - 00008427 _____ () C:\Documents and Settings\Hoose\Desktop\Gameshow.odt
2014-04-13 20:40 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At2.job
2014-04-13 20:18 - 2014-04-13 20:21 - 00688992 ____R (Swearware) C:\Documents and Settings\Hoose\Desktop\dds.com
2014-04-13 19:25 - 2009-09-25 07:14 - 00000000 ____D () C:\WINDOWS\addins
2014-04-13 18:01 - 2014-04-13 18:01 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 18:01 - 2014-04-13 18:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-13 18:01 - 2014-04-13 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-13 18:01 - 2010-01-13 14:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-13 17:27 - 2014-01-21 11:29 - 00000223 __RSH () C:\boot.ini
2014-04-13 17:27 - 2010-05-10 21:41 - 00000000 ____D () C:\WINDOWS\pss
2014-04-13 17:27 - 2008-04-14 08:00 - 00000642 ____C () C:\WINDOWS\win.ini
2014-04-13 17:27 - 2008-04-14 08:00 - 00000227 ____C () C:\WINDOWS\system.ini
2014-04-13 17:24 - 2012-12-28 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-04-13 17:23 - 2010-01-15 22:29 - 00000000 ____D () C:\Program Files\Juice
2014-04-13 17:23 - 2010-01-15 22:29 - 00000000 ____D () C:\Documents and Settings\Hoose\Start Menu\Programs\Juice
2014-04-13 17:18 - 2014-04-13 17:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-13 12:59 - 2010-01-13 14:46 - 00000000 ____D () C:\Documents and Settings\Hoose
2014-04-12 15:37 - 2014-01-28 13:26 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-04-11 14:56 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At3.job
2014-04-11 14:00 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At4.job
2014-04-11 10:10 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At1.job
2014-04-11 08:21 - 2014-01-28 13:26 - 00000719 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-04-11 08:21 - 2010-01-15 22:15 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-04-11 08:21 - 2010-01-15 22:15 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-04-11 08:21 - 2010-01-15 22:15 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-04-11 08:21 - 2010-01-15 22:14 - 00000000 ____D () C:\Program Files\LogMeIn
2014-04-10 18:04 - 2013-05-03 18:16 - 00001813 ____C () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-05 22:33 - 2009-09-25 12:21 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-05 09:35 - 2009-09-25 07:22 - 00513656 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-05 09:33 - 2012-04-28 11:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-03 14:42 - 2010-11-10 08:16 - 00000000 ____D () C:\Documents and Settings\Hoose\My Documents\Saved Email Attachments
2014-04-03 09:51 - 2014-04-13 18:01 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-13 18:01 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-29 14:45 - 2014-03-29 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-25 17:00 - 2011-11-28 12:00 - 00011686 ____C () C:\Documents and Settings\Hoose\Desktop\Prescriptions.odt
2014-03-23 17:14 - 2014-02-01 14:50 - 00002015 _____ () C:\WINDOWS\wmsetup.log
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Hoose\Local Settings\Temp\APNSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
 
Addition.txt
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2014
Ran by Hoose at 2014-04-20 09:25:04
Running from C:\Documents and Settings\Hoose\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Internet Security 2013 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2013 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
6400_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2011 - Avast Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.16 - Belarc Inc.)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet J6400 Series (HKLM\...\{15262012-213A-4f65-9019-C8A409EC0156}) (Version: 1.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
J6400 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
LogMeIn (HKLM\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Micromega Software System EasyScan (HKLM\...\Micromega Software EasyScan) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
Mp3 Tag Tools v1.2 (HKLM\...\mtt12) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{a960ac91-7bea-4ffe-94f4-b54afc20310a}) (Version:  - Nero AG)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.4.10.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 125.19 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
PC Pitstop Optimize3 3.0 (HKLM\...\PC Pitstop Optimize3_is1) (Version: 3.0.0.42 - PC Pitstop)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5809 - Realtek Semiconductor Corp.)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
 
==================== Restore Points  =========================
 
14-01-2014 23:29:21 System Checkpoint
16-01-2014 00:29:21 System Checkpoint
17-01-2014 01:29:21 System Checkpoint
18-01-2014 02:29:21 System Checkpoint
19-01-2014 03:29:21 System Checkpoint
20-01-2014 04:29:21 System Checkpoint
21-01-2014 05:29:21 System Checkpoint
22-01-2014 05:40:21 System Checkpoint
22-01-2014 16:49:57 Installed Java 7 Update 51
23-01-2014 17:40:21 System Checkpoint
24-01-2014 18:45:59 System Checkpoint
25-01-2014 19:41:26 System Checkpoint
26-01-2014 21:33:39 System Checkpoint
27-01-2014 21:44:12 System Checkpoint
28-01-2014 17:26:53 Printer Driver LogMeIn Printer Driver Installed
29-01-2014 17:40:03 System Checkpoint
30-01-2014 18:21:25 System Checkpoint
31-01-2014 19:21:25 System Checkpoint
01-02-2014 19:27:44 System Checkpoint
02-02-2014 20:21:25 System Checkpoint
03-02-2014 20:21:35 System Checkpoint
04-02-2014 21:21:10 System Checkpoint
05-02-2014 22:21:10 System Checkpoint
06-02-2014 22:22:15 System Checkpoint
07-02-2014 22:54:25 System Checkpoint
08-02-2014 23:22:15 System Checkpoint
10-02-2014 00:21:10 System Checkpoint
11-02-2014 01:21:10 System Checkpoint
12-02-2014 20:25:30 System Checkpoint
13-02-2014 22:28:04 System Checkpoint
14-02-2014 23:20:54 System Checkpoint
16-02-2014 00:20:54 System Checkpoint
17-02-2014 01:20:54 System Checkpoint
18-02-2014 02:20:55 System Checkpoint
19-02-2014 03:20:54 System Checkpoint
20-02-2014 04:20:54 System Checkpoint
21-02-2014 05:20:54 System Checkpoint
22-02-2014 06:20:55 System Checkpoint
23-02-2014 07:20:54 System Checkpoint
24-02-2014 08:20:54 System Checkpoint
25-02-2014 09:20:30 System Checkpoint
26-02-2014 10:20:30 System Checkpoint
27-02-2014 11:20:30 System Checkpoint
28-02-2014 12:20:30 System Checkpoint
01-03-2014 13:20:30 System Checkpoint
02-03-2014 14:20:30 System Checkpoint
02-03-2014 22:34:10 Removed Google Drive
02-03-2014 22:34:25 Removed Ask Toolbar
02-03-2014 22:35:14 Removed Photo Transport.
03-03-2014 23:20:30 System Checkpoint
04-03-2014 23:21:36 System Checkpoint
06-03-2014 00:20:31 System Checkpoint
07-03-2014 01:20:30 System Checkpoint
08-03-2014 02:20:30 System Checkpoint
09-03-2014 03:20:30 System Checkpoint
10-03-2014 04:20:30 System Checkpoint
11-03-2014 05:20:30 System Checkpoint
12-03-2014 06:20:12 System Checkpoint
13-03-2014 07:20:12 System Checkpoint
14-03-2014 08:20:12 System Checkpoint
15-03-2014 09:20:12 System Checkpoint
16-03-2014 10:20:12 System Checkpoint
17-03-2014 11:20:12 System Checkpoint
18-03-2014 12:20:12 System Checkpoint
19-03-2014 13:20:12 System Checkpoint
20-03-2014 14:20:12 System Checkpoint
21-03-2014 15:20:12 System Checkpoint
22-03-2014 17:53:36 System Checkpoint
23-03-2014 18:20:12 System Checkpoint
24-03-2014 18:34:47 System Checkpoint
25-03-2014 19:19:46 System Checkpoint
26-03-2014 20:19:46 System Checkpoint
27-03-2014 21:19:46 System Checkpoint
28-03-2014 22:19:46 System Checkpoint
29-03-2014 23:19:46 System Checkpoint
31-03-2014 00:19:46 System Checkpoint
01-04-2014 01:19:46 System Checkpoint
02-04-2014 02:19:46 System Checkpoint
03-04-2014 03:19:46 System Checkpoint
04-04-2014 04:19:46 System Checkpoint
05-04-2014 05:19:46 System Checkpoint
06-04-2014 05:37:59 System Checkpoint
07-04-2014 06:24:33 System Checkpoint
08-04-2014 07:24:33 System Checkpoint
09-04-2014 08:24:29 System Checkpoint
10-04-2014 09:24:29 System Checkpoint
11-04-2014 10:24:29 System Checkpoint
11-04-2014 12:21:43 Printer Driver LogMeIn Printer Driver Installed
12-04-2014 20:40:57 System Checkpoint
13-04-2014 21:24:26 Removed HP Update.
 
==================== Hosts content: ==========================
 
2008-04-14 08:00 - 2008-04-14 08:00 - 00000734 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-12 15:39 - 2014-04-12 12:20 - 02210304 _____ () C:\Program Files\AVAST Software\Avast\defs\14041201\algo.dll
2013-12-16 13:21 - 2013-12-16 13:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Hoose^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600.lnk => C:\WINDOWS\pss\Monitor Ink Alerts - HP Officejet Pro 8600.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: ROC_ROC_NT => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\ShowMyPCService\tvnserver.exe" -controlservice -slave
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2014 07:35:16 PM) (Source: Application Hang) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 5.7.0.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/13/2014 07:34:53 PM) (Source: Application Hang) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 5.7.0.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/02/2014 06:33:43 PM) (Source: Application Error) (User: )
Description: Faulting application defraggler.exe, version 2.15.0.741, faulting module unknown, version 0.0.0.0, fault address 0x59a8b9b0.
Processing media-specific event for [defraggler.exe!ws!]
 
Error: (01/28/2014 01:26:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/28/2014 01:26:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/28/2014 01:26:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
System errors:
=============
Error: (04/20/2014 09:22:38 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (04/19/2014 00:50:49 PM) (Source: DCOM) (User: MSI-7309V13-XPP)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (04/19/2014 00:40:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (04/13/2014 08:20:01 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (04/13/2014 07:26:20 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (04/13/2014 07:25:37 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (04/13/2014 05:18:24 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.
 
Error: (04/08/2014 04:30:28 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 002421DF822D has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (04/01/2014 04:30:35 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 002421DF822D has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (03/25/2014 04:30:51 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 002421DF822D has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 1983.29 MB
Available physical RAM: 1353.88 MB
Total Pagefile: 3876.12 MB
Available Pagefile: 3302.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.09 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:435.08 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (HOSERFLASH) (Removable) (Total:7.25 GB) (Free:7.23 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 9308708D)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 000BF0B8)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
 
==================== End Of Log ============================
 
 
 
 
Result.txt
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Hoose (administrator) on 20-04-2014 at 09:27:10
Running from "C:\Documents and Settings\Hoose\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
NVIDIA nForce 10/100 Mbps Ethernet  = Local Area Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : msi-7309v13-xpp
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Broadcast
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet 
 
        Physical Address. . . . . . . . . : 00-24-21-DF-82-2D
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 21 df 82 2d ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
  255.255.255.255  255.255.255.255  255.255.255.255               2  1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/13/2014 07:35:16 PM) (Source: Application Hang) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 5.7.0.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/13/2014 07:34:53 PM) (Source: Application Hang) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 5.7.0.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/02/2014 06:33:43 PM) (Source: Application Error) (User: )
Description: Faulting application defraggler.exe, version 2.15.0.741, faulting module unknown, version 0.0.0.0, fault address 0x59a8b9b0.
Processing media-specific event for [defraggler.exe!ws!]
 
Error: (01/28/2014 01:26:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/28/2014 01:26:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/28/2014 01:26:54 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
System errors:
=============
Error: (04/20/2014 09:22:38 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (04/19/2014 00:50:49 PM) (Source: DCOM) (User: MSI-7309V13-XPP)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (04/19/2014 00:40:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (04/13/2014 08:20:01 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (04/13/2014 07:26:20 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (04/13/2014 07:25:37 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (04/13/2014 05:18:24 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.
 
Error: (04/08/2014 04:30:28 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 002421DF822D has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (04/01/2014 04:30:35 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 002421DF822D has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (03/25/2014 04:30:51 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 002421DF822D has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
 
Microsoft Office Sessions:
=========================
 
========================= Devices: ================================
 
 
**** End of log ****
 
 
I've also attached the zipped Summary file as instructed.
 
I await further instructions.
 
Thanks,
 
 
Hoosemon
 
 
 
 
 
 
 

Attached Files


Edited by Hoose-mon, 20 April 2014 - 08:46 AM.

Hoosemon

 

 

In comic strips, the person on the left always speaks first...George Carlin


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 20 April 2014 - 11:56 AM

Greetings,

Nice to be working together and thanks for the kind comments about BleepingComputer.

Please cosider and do this for me. Once the steps are done please check your Ethernet issue.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

AVG Internet Security 2013
avast! Antivirus


===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 ENDETECT; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [X]
S4 IntelIde; No ImagePath
S3 L2XPSR; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [X]
S4 LMIRfsClientNP; No ImagePath
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NTSTPL1; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [X]
S3 TAPBIND; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [X]
2014-04-13 20:40 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At2.job
2014-04-11 14:56 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At3.job
2014-04-11 14:00 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At4.job
2014-04-11 10:10 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At1.job
C:\Documents and Settings\Hoose\Local Settings\Temp\APNSetup.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to remove an antivirus program?
  • AdwCleaner log
  • Junkware log
  • Security Check log
  • FSS log
  • Fixlog
  • How is your computer running

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Hoose-mon

Hoose-mon
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 20 April 2014 - 12:15 PM

Oh My - One quick question: the AVG internet security program is the one I'd like to remove - it doesn't show up in "Add / Remove Programs" or on the start menu.  

 

What's the best way to remove it?

 

I didn't install it and think it may have been put there by this "remote support" guy that was scamming my dad.


Hoosemon

 

 

In comic strips, the person on the left always speaks first...George Carlin


#8 Hoose-mon

Hoose-mon
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 20 April 2014 - 12:18 PM

AVG Removal tool?  http://www.avg.com/us-en/utilities


Hoosemon

 

 

In comic strips, the person on the left always speaks first...George Carlin


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 20 April 2014 - 12:24 PM

Yes, the AVG removal tool is perfect. Nice work!
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Hoose-mon

Hoose-mon
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 20 April 2014 - 02:49 PM

Okeedokee.

 

Here we go...

 

The AVG removal tool worked fine.  It rebooted about three times, but no problems.

 

 

 

AdWare Cleaner - I wasn't sure which items should be unchecked, but none looked like anything that would cripple the computer if removed, so I left all suggested items checked.

 

The program actually created two different text files, one before reboot (RO) and one after (SO).

 

 

AdwCleaner[RO].txt 

 

 

# AdwCleaner v3.100 - Report created 20/04/2014 at 14:40:43
# Updated 20/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Hoose - MSI-7309V13-XPP
# Running from : C:\Documents and Settings\Hoose\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\searchplugins\ask-search.xml
File Found : C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\user.js
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\DOCUME~1\Hoose\LOCALS~1\Temp\apn
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\Hoose\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\Hoose\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\54qu04sv.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\prefs.js ]
 
Line Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\10.0.0.7");
Line Found : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6508 octets] - [20/04/2014 14:40:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6568 octets] ##########
 
 
 
AdwCleaner[SO].txt
 

# AdwCleaner v3.100 - Report created 20/04/2014 at 14:49:58
# Updated 20/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Hoose - MSI-7309V13-XPP
# Running from : C:\Documents and Settings\Hoose\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Hoose\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\DOCUME~1\Hoose\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\Hoose\Application Data\AVG Secure Search
[!] Folder Deleted : C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\searchplugins\ask-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\54qu04sv.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\Hoose\Application Data\Mozilla\Firefox\Profiles\2w9cqwmr.default-1354118466343\prefs.js ]
 
Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\10.0.0.7");
Line Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Documents and Settings\Hoose\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6648 octets] - [20/04/2014 14:40:43]
AdwCleaner[S0].txt - [6699 octets] - [20/04/2014 14:49:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6759 octets] ##########
 
 
 
 
 
 
JRT.txt
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Hoose on Sun 04/20/2014 at 14:55:30.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{46486ADA-FB59-4E26-90E2-C5F5B76B946F}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ammyy"
Successfully deleted: [Folder] "C:\Program Files\radiorage_4jei"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Documents and Settings\Hoose\Application Data\mozilla\firefox\profiles\2w9cqwmr.default-1354118466343\prefs.js
 
user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\"?><MerchantSettings><v n=\"419\" /><GlobalSuppresses><s u=\".cab\" g=\"13\" i=\"1342\" /><s u=\".eot\" g
Emptied folder: C:\Documents and Settings\Hoose\Application Data\mozilla\firefox\profiles\2w9cqwmr.default-1354118466343\minidumps [6 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/20/2014 at 15:00:17.98
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
Security Check would not run in normal mode, so I attempted to boot into safe mode.  For some reason, that system will not enter safe mode using the F8 key.  I found an alternate method, using MSCONFIG, and checking safeboot on the boot.ini tab.  That worked, and I was able to run security check in safe mode.
 
Here's the file it created:
 
 
============================================================================
 

 Results of screen317's Security Check version 0.99.82  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Java™ 6 Update 22  
 Java™ 6 Update 37  
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 11.7.700.169 Flash Player out of Date!  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
 Mozilla Thunderbird (24.4.0) 
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
====================================================================================
 
 
FSS.txt:
 

Farbar Service Scanner Version: 25-02-2014
Ran by Hoose (administrator) on 20-04-2014 at 15:19:31
Running from "C:\Documents and Settings\Hoose\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0A00000005000000010000000200000003000000040000000A00000009000000080000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****
 
 
 
FRST fix ran really quickly.  
 
 
Here's the fixlog.txt file:
 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2014
Ran by Hoose at 2014-04-20 15:24:00 Run:1
Running from C:\Documents and Settings\Hoose\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 ENDETECT; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [X]
S4 IntelIde; No ImagePath
S3 L2XPSR; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [X]
S4 LMIRfsClientNP; No ImagePath
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NTSTPL1; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [X]
S3 TAPBIND; \??\C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [X]
2014-04-13 20:40 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At2.job
2014-04-11 14:56 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At3.job
2014-04-11 14:00 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At4.job
2014-04-11 10:10 - 2013-02-06 15:56 - 00000452 ____C () C:\WINDOWS\Tasks\At1.job
C:\Documents and Settings\Hoose\Local Settings\Temp\APNSetup.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7
 
 
*****************
 
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
AFGMp50 => Service deleted successfully.
ENDETECT => Service deleted successfully.
IntelIde => Service deleted successfully.
L2XPSR => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTSTPL1 => Service deleted successfully.
TAPBIND => Service deleted successfully.
C:\WINDOWS\Tasks\At2.job => Moved successfully.
C:\WINDOWS\Tasks\At3.job => Moved successfully.
C:\WINDOWS\Tasks\At4.job => Moved successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\Documents and Settings\Hoose\Local Settings\Temp\APNSetup.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":8C35AEA7" ADS removed successfully.
 
==== End of Fixlog ====
 
 
 
I plugged the Ethernet cable back in and the system seems to work fine.  I opened Chrome, ran a couple youtube videos and the speed seems as fast as it should be.  
 
I updated Malwarebytes and superantispyware data files, but didn't run scans - downloads seemed fine.
 
 
Any further instructions?
 
 
 
 
Hoosemon
 
 
 
 
 
 
 
 
 
 
 

Hoosemon

 

 

In comic strips, the person on the left always speaks first...George Carlin


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 20 April 2014 - 03:06 PM

Very good.

There is a service that is not running and we need to change the startup type. Please do this.

===================================================

Modifying Service StartState

-------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • Type sc config Bits start= auto and press Enter
  • You should receive confirmation the command was successful
  • Reboot your computer, rerun Farbar Service Scanner and post the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Hoose-mon

Hoose-mon
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 20 April 2014 - 03:23 PM

Ok - I followed the command line instructions.

 

Here's a fresh FSS log:

 

 

Farbar Service Scanner Version: 25-02-2014
Ran by Hoose (administrator) on 20-04-2014 at 16:20:29
Running from "C:\Documents and Settings\Hoose\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0A00000005000000010000000200000003000000040000000A00000009000000080000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****
 
 
 

Hoosemon

 

 

In comic strips, the person on the left always speaks first...George Carlin


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 20 April 2014 - 03:26 PM

That looks better. Go ahead and run Malwarebytes and I would also like you to run the following please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Malwarebytes log
  • ESET log
  • How is your computer running, any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Hoose-mon

Hoose-mon
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 20 April 2014 - 08:16 PM

Oh My,

 

Here's my MalWareBytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/20/2014
Scan Time: 8:30:33 PM
Logfile: MBAM-Log.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.20.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Hoose
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317228
Time Elapsed: 6 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
And here's what ESET found:
 
 
C:\FRST\Quarantine\C\Documents and Settings\Hoose\Local Settings\Temp\APNSetup.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
 
 
That's it.
 
System seems to be running fine.
 
Any further instructions?
 
 
Hoosemon
 
 
 
 
 

Hoosemon

 

 

In comic strips, the person on the left always speaks first...George Carlin


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 20 April 2014 - 09:13 PM

Those reports look excellent. We need to update some programs to close those security vulnerabilities. Please do these things.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck Install the Ask Toolbar and make Ask my default search provider
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:
  • Click Start, Control Panel, Java, then Advanced
  • Scroll down to Miscellaneous then uncheck the box for Java Quick Starter.
  • Click OK and reboot your computer.
===================================================

Update Adobe Flash Player

--------------------

Please update your Adobe Flash Player to the latest version
  • Download Adobe Flash Player here and save it to your desktop. Uncheck "Yes, install McAfee Security Scan Plus - optional"
  • Close any open browsers
  • Double click on the adobeflashplayer.jpg icon to launch the installation
  • If you are presented with a warning popup select "Run"
  • Once the installation is complete click "Finish"
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java install properly?
  • Did Flash Player install properly?
  • Everything still running well?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users