Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is slow and freezes on nearly every page


  • This topic is locked This topic is locked
21 replies to this topic

#1 makayla55

makayla55

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 23 May 2014 - 10:32 AM

My desktop has been slow for years. The last few days it's been freezing on nearly every page and taking longer to load pages. I scanned with avg, malwarebytes and using tune-up utilities, and a lot of errors were fixed, and malware removed, but it's still barely functioning.

 

 DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702
Run by user1 at 11:01:15 on 2014-05-23
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = localhost:8080
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{63799F2C-8E0D-44C6-9090-FFFEEAF2B449} : DHCPNameServer = 65.32.5.111 65.32.5.112
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-05-23 12:52:23 -------- d-----w- c:\program files\Cobian Backup 11
2014-05-23 09:27:51 -------- d-sh--w- c:\documents and settings\all users\application data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-22 10:07:10 36664 ----a-w- c:\windows\system32\TURegOpt.exe
2014-05-22 10:06:20 -------- d-----w- c:\documents and settings\user1\local settings\application data\TuneUp Software
2014-05-22 10:03:04 -------- d-----w- c:\program files\TuneUp Utilities 2014
2014-05-22 10:00:54 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software
2014-05-21 12:48:36 -------- d-----w- c:\documents and settings\user1\local settings\application data\AVG
2014-05-21 01:15:02 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-21 01:13:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-05-20 11:03:46 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2014-05-20 11:03:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-05-19 16:53:40 -------- d-----w- c:\program files\CCleaner
2014-04-25 17:28:34 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-04-25 17:28:34 13312 ------w- c:\windows\system32\xp_eos.exe
.
==================== Find3M  ====================
.
2014-04-18 19:02:04 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-03-31 20:11:58 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-28 02:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-28 02:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-28 02:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-28 02:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-28 02:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-28 02:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 11:02:10.62 ===============
 

Attached Files


Edited by makayla55, 23 May 2014 - 10:34 AM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 PM

Posted 23 May 2014 - 11:53 AM

Hello and Welcome on board makayla55 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 PM

Posted 26 May 2014 - 07:53 AM

Still with me?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 makayla55

makayla55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 26 May 2014 - 09:34 AM

sorry I replied to the wrong email 3 days ago, that's why you didn't get mt reply then.
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by user1 at 2014-05-23 14:07:56
Running from C:\Documents and Settings\user1\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\Microsoft Silverlight) (Version: 1.0.30401.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 1.0.30401.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\MSXML 4.0 SP2 (KB941833)) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\Windows Rights Management Client Backwards) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70 - Microsoft) Hidden
Windows Rights Management Client with Service Pack 2 (HKLM\...\Windows Rights Management Client) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.70 - Microsoft) Hidden
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
2008-04-14 08:00 - 2014-05-20 08:52 - 00450664 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123fporn.info
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job => C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003UA.job => C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1035525444-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1035525444-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-19 12:17 - 2014-05-07 19:29 - 00065352 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-04-25 15:51 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-25 15:51 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-05-19 12:17 - 2014-05-07 19:29 - 04081480 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-19 12:17 - 2014-05-07 19:29 - 00390472 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-19 12:17 - 2014-05-07 19:29 - 01647432 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DWQueuedReporting => "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: LogitechCommunicationsManager => "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
MSCONFIG\startupreg: MSConfig => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/20/2014 09:44:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application sdscan.exe, version 2.3.39.181, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [sdscan.exe!ws!]
 
Error: (05/20/2014 08:33:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 34.0.1847.137, faulting module chrome.dll, version 34.0.1847.137, fault address 0x0043462e.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (05/20/2014 06:36:27 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 245396887.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (05/20/2014 06:35:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 34.0.1847.137, faulting module chrome.dll, version 34.0.1847.137, fault address 0x0043462e.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (05/19/2014 11:30:26 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft Silverlight{BDD0BC65-C9EC-46BB-B128-D41E0A25F248}1636C:\WINDOWS\TEMP\SilverlightMSI.log(NULL)
 
Error: (05/03/2014 09:36:04 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft Silverlight{BDD0BC65-C9EC-46BB-B128-D41E0A25F248}1636C:\WINDOWS\TEMP\SilverlightMSI.log(NULL)
 
Error: (04/25/2014 01:27:58 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG 2014 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)
 
Error: (04/24/2014 08:50:11 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft Silverlight{7A86EDA7-3EDB-494A-8134-C0EC376112D1}1636C:\WINDOWS\TEMP\SilverlightMSI.log(NULL)
 
Error: (02/27/2014 08:05:45 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft Silverlight{7A86EDA7-3EDB-494A-8134-C0EC376112D1}1636C:\WINDOWS\TEMP\SilverlightMSI.log(NULL)
 
Error: (02/25/2014 06:27:23 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft Silverlight{7A86EDA7-3EDB-494A-8134-C0EC376112D1}1636C:\WINDOWS\TEMP\SilverlightMSI.log(NULL)
 
 
System errors:
=============
Error: (05/23/2014 02:08:10 PM) (Source: DCOM) (EventID: 10005) (User: USER2011-229AAC)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 02:07:58 PM) (Source: DCOM) (EventID: 10005) (User: USER2011-229AAC)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 02:07:57 PM) (Source: DCOM) (EventID: 10005) (User: USER2011-229AAC)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 02:07:57 PM) (Source: DCOM) (EventID: 10005) (User: USER2011-229AAC)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 02:07:57 PM) (Source: DCOM) (EventID: 10005) (User: USER2011-229AAC)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 01:15:00 PM) (Source: DCOM) (EventID: 10005) (User: USER2011-229AAC)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 00:42:35 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 00:15:08 PM) (Source: DCOM) (EventID: 10005) (User: USER2011-229AAC)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 11:23:19 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (05/23/2014 11:23:19 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 90%
Total physical RAM: 247.48 MB
Available physical RAM: 23.74 MB
Total Pagefile: 955.04 MB
Available Pagefile: 374.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:37.26 GB) (Free:26.9 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Psalms 2012) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 24A59ED2)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by user1 (administrator) on USER2011-229AAC on 23-05-2014 14:06:44
Running from C:\Documents and Settings\user1\My Documents\Downloads
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: BucksBee Loyalty Plugin - OpenInstall - C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi [2012-02-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (8 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof [2011-12-09]
CHR Extension: (9 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmncmephfckdpcmohbdpcnkmchejma [2011-12-25]
CHR Extension: (Toss it) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl [2011-12-09]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2011-11-03]
CHR Extension: (3D Bowling ) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2011-10-29]
CHR Extension: (Bubble Shooter) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln [2011-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-03]
CHR Extension: (Drivers Parking) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhbejhnopmdbkkodiffaopllalmialfe [2011-12-11]
CHR Extension: (MeeGenius! Children's Books) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhfhmaajajcjoijfaceafiembkmhcddc [2011-10-29]
CHR Extension: (Typing Test - KeyHero) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2011-10-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Drag Toilet Paper) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppgpcdgnfladncmdahjkgoonelcpkfml [2011-12-09]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-03]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
U1 WS2IFSL; 
S3 WudfPf; C:\WINDOWS\system32\WudfPf.sys [X]
S3 WudfRd; C:\WINDOWS\system32\wudfrd.sys [X]
U3 mbr; \??\C:\DOCUME~1\user1\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-23 14:06 - 2014-05-23 14:06 - 00000000 ____D () C:\FRST
2014-05-23 12:09 - 2014-05-23 12:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-23 12:09 - 2014-05-23 12:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:02 - 2014-05-23 11:04 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:02 - 2014-05-23 11:04 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 08:52 - 2014-05-23 10:39 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-05-23 05:27 - 2014-05-23 05:28 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-04-15 15:59 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-05-22 06:06 - 2014-05-23 05:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:03 - 2014-05-23 05:28 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-22 06:00 - 2014-05-22 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 21:15 - 2014-05-21 07:07 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 21:13 - 2014-05-20 21:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-20 12:45 - 2014-05-20 11:21 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 09:21 - 2014-05-20 18:14 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 08:52 - 2011-08-20 04:33 - 00000780 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20140520-085227.backup
2014-05-20 07:04 - 2014-05-20 10:46 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:03 - 2014-05-20 21:37 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-20 07:03 - 2014-05-20 18:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-19 15:24 - 2014-05-19 15:33 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:53 - 2014-05-19 12:54 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:53 - 2014-05-19 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 12:07 - 2014-05-19 12:07 - 00001616 _____ () C:\Documents and Settings\user1\Desktop\System Restore (2).lnk
2014-05-19 11:32 - 2014-05-23 06:10 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-19 11:32 - 2014-05-23 06:10 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-25 13:28 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-04-25 13:28 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
 
==================== One Month Modified Files and Folders =======
 
2014-05-23 14:06 - 2014-05-23 14:06 - 00000000 ____D () C:\FRST
2014-05-23 12:09 - 2014-05-23 12:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-23 12:09 - 2014-05-23 12:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:04 - 2014-05-23 11:02 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:04 - 2014-05-23 11:02 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 10:39 - 2014-05-23 08:52 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-05-23 09:30 - 2012-02-24 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-23 06:10 - 2014-05-19 11:32 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-23 06:10 - 2014-05-19 11:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-23 06:10 - 2011-08-20 23:28 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003UA.job
2014-05-23 06:10 - 2011-08-20 04:00 - 01250421 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-23 06:10 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-23 06:05 - 2013-12-08 17:44 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-05-23 06:05 - 2011-08-20 04:11 - 00000178 ___SH () C:\Documents and Settings\user1\ntuser.ini
2014-05-23 05:28 - 2014-05-23 05:27 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-23 05:28 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-23 05:28 - 2014-05-22 06:03 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-23 05:28 - 2011-08-20 04:11 - 00000000 ____D () C:\Documents and Settings\user1
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-23 05:27 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-23 05:26 - 2011-08-20 04:33 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\Wallpaper
2014-05-23 05:18 - 2011-08-20 03:56 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-23 05:15 - 2014-01-29 06:38 - 00000000 ____D () C:\Documents and Settings\user1\My Documents\New Folder
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:28 - 2011-08-19 23:11 - 00513428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-22 06:07 - 2014-05-22 06:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:06 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\TuneUp Software
2014-05-21 19:20 - 2013-12-08 16:46 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-21 09:15 - 2013-12-08 17:22 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-21 07:07 - 2014-05-20 21:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 21:37 - 2014-05-20 07:03 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-20 21:36 - 2011-08-19 22:59 - 00000000 ____D () C:\WINDOWS\Cursors
2014-05-20 21:13 - 2014-05-20 21:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-20 18:14 - 2014-05-20 09:21 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 18:14 - 2014-05-20 07:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-20 11:21 - 2014-05-20 12:45 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 10:46 - 2014-05-20 07:04 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:19 - 2011-08-20 04:07 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-19 15:33 - 2014-05-19 15:24 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 13:28 - 2014-01-28 20:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:54 - 2014-05-19 12:53 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:54 - 2014-05-19 12:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 12:17 - 2011-08-20 23:37 - 00002284 _____ () C:\Documents and Settings\user1\Desktop\Google Chrome.lnk
2014-05-19 12:07 - 2014-05-19 12:07 - 00001616 _____ () C:\Documents and Settings\user1\Desktop\System Restore (2).lnk
2014-05-19 11:35 - 2011-09-14 02:02 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-05-03 21:49 - 2014-01-19 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-25 18:20 - 2011-08-19 22:59 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe
[2008-04-24 09:33] - [2008-04-24 09:33] - 0507904 ____A (Microsoft Corporation) d1bac55bc35a0ca735aea19f609f2b22 
 
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

Edited by makayla55, 26 May 2014 - 09:34 AM.


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 PM

Posted 26 May 2014 - 11:44 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 makayla55

makayla55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 27 May 2014 - 10:31 AM

1.
# AdwCleaner v3.211 - Report created 26/05/2014 at 16:28:29
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user1 - USER2011-229AAC
# Running from : C:\Documents and Settings\user1\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6341 octets] - [26/05/2014 16:07:46]
AdwCleaner[R1].txt - [1081 octets] - [26/05/2014 16:26:33]
AdwCleaner[S0].txt - [6510 octets] - [26/05/2014 16:09:32]
AdwCleaner[S1].txt - [1003 octets] - [26/05/2014 16:28:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1063 octets] ##########
 
 
2.
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/26/2014
Scan Time: 9:19:55 PM
Logfile: malwarebytes log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.27.02
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: user1
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261614
Time Elapsed: 39 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
3.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by user1 on Tue 05/27/2014 at 10:25:41.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/27/2014 at 10:31:38.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
4.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by user1 (administrator) on USER2011-229AAC on 27-05-2014 11:18:55
Running from C:\Documents and Settings\user1\My Documents\Downloads
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: BucksBee Loyalty Plugin - OpenInstall - C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi [2012-02-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (8 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof [2011-12-09]
CHR Extension: (9 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmncmephfckdpcmohbdpcnkmchejma [2011-12-25]
CHR Extension: (Toss it) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl [2011-12-09]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2011-11-03]
CHR Extension: (3D Bowling ) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2011-10-29]
CHR Extension: (Bubble Shooter) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln [2011-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-03]
CHR Extension: (Drivers Parking) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhbejhnopmdbkkodiffaopllalmialfe [2011-12-11]
CHR Extension: (MeeGenius! Children's Books) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhfhmaajajcjoijfaceafiembkmhcddc [2011-10-29]
CHR Extension: (Typing Test - KeyHero) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2011-10-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Drag Toilet Paper) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppgpcdgnfladncmdahjkgoonelcpkfml [2011-12-09]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-03]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
U1 WS2IFSL; 
S3 WudfPf; C:\WINDOWS\system32\WudfPf.sys [X]
S3 WudfRd; C:\WINDOWS\system32\wudfrd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-27 10:31 - 2014-05-27 10:31 - 00000905 _____ () C:\Documents and Settings\user1\Desktop\JRT.txt
2014-05-27 10:25 - 2014-05-27 10:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-26 18:34 - 2014-05-26 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-05-26 18:33 - 2014-05-26 19:16 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 18:33 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-05-26 18:33 - 2011-10-09 15:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-05-26 18:33 - 2011-08-23 01:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-05-26 18:33 - 2011-08-20 04:02 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-05-26 18:33 - 2011-08-20 04:02 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-05-26 18:33 - 2011-08-20 04:01 - 00000788 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-05-26 16:58 - 2014-05-27 07:29 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 16:56 - 2014-05-26 16:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-26 16:56 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-26 16:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-26 16:52 - 2014-05-26 16:53 - 00016593 _____ () C:\Documents and Settings\user1\Desktop\malwarebytes.htm
2014-05-26 16:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-26 16:07 - 2014-05-26 16:28 - 00000000 ____D () C:\AdwCleaner
2014-05-26 09:40 - 2014-05-26 09:40 - 00041863 _____ () C:\WINDOWS\iis6.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00015028 _____ () C:\WINDOWS\ocgen.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00011018 _____ () C:\WINDOWS\FaxSetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00009190 _____ () C:\WINDOWS\msmqinst.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00008140 _____ () C:\WINDOWS\tsoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004127 _____ () C:\WINDOWS\comsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00003524 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00002161 _____ () C:\WINDOWS\netfxocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00001207 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000841 _____ () C:\WINDOWS\ocmsn.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000780 _____ () C:\WINDOWS\msgsocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-26 09:25 - 2014-05-26 09:25 - 00066440 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-23 14:06 - 2014-05-27 11:18 - 00000000 ____D () C:\FRST
2014-05-23 12:09 - 2014-05-26 16:53 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-23 12:09 - 2014-05-26 16:53 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:02 - 2014-05-23 11:04 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:02 - 2014-05-23 11:04 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 05:27 - 2014-05-23 05:28 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-04-15 15:59 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-05-22 06:06 - 2014-05-23 05:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:03 - 2014-05-23 05:28 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-22 06:00 - 2014-05-22 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 12:45 - 2014-05-20 11:21 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 09:21 - 2014-05-20 18:14 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 08:52 - 2011-08-20 04:33 - 00000780 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20140520-085227.backup
2014-05-20 07:04 - 2014-05-20 10:46 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:03 - 2014-05-20 18:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-19 15:24 - 2014-05-19 15:33 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:53 - 2014-05-19 12:54 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:53 - 2014-05-19 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 11:32 - 2014-05-25 07:29 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-19 11:32 - 2014-05-25 07:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
 
==================== One Month Modified Files and Folders =======
 
2014-05-27 11:18 - 2014-05-23 14:06 - 00000000 ____D () C:\FRST
2014-05-27 10:31 - 2014-05-27 10:31 - 00000905 _____ () C:\Documents and Settings\user1\Desktop\JRT.txt
2014-05-27 10:25 - 2014-05-27 10:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-27 07:29 - 2014-05-26 16:58 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 19:23 - 2011-08-20 04:00 - 01410206 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-26 19:16 - 2014-05-26 18:33 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-26 19:16 - 2013-12-08 17:44 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-05-26 18:34 - 2014-05-26 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 18:06 - 2012-02-24 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-26 16:56 - 2014-05-26 16:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-26 16:53 - 2014-05-26 16:52 - 00016593 _____ () C:\Documents and Settings\user1\Desktop\malwarebytes.htm
2014-05-26 16:53 - 2014-05-23 12:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-26 16:53 - 2014-05-23 12:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-26 16:30 - 2011-08-20 04:11 - 00000178 ___SH () C:\Documents and Settings\user1\ntuser.ini
2014-05-26 16:28 - 2014-05-26 16:07 - 00000000 ____D () C:\AdwCleaner
2014-05-26 09:40 - 2014-05-26 09:40 - 00041863 _____ () C:\WINDOWS\iis6.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00015028 _____ () C:\WINDOWS\ocgen.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00011018 _____ () C:\WINDOWS\FaxSetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00009190 _____ () C:\WINDOWS\msmqinst.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00008140 _____ () C:\WINDOWS\tsoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004127 _____ () C:\WINDOWS\comsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00003524 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00002161 _____ () C:\WINDOWS\netfxocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00001207 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000841 _____ () C:\WINDOWS\ocmsn.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000780 _____ () C:\WINDOWS\msgsocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-26 09:40 - 2011-08-19 23:11 - 00513428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-26 09:25 - 2014-05-26 09:25 - 00066440 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-26 08:36 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-25 07:29 - 2014-05-19 11:32 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-25 07:29 - 2014-05-19 11:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-25 07:29 - 2011-08-20 23:28 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003UA.job
2014-05-25 07:23 - 2014-01-19 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-25 07:13 - 2008-06-25 03:15 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:04 - 2014-05-23 11:02 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:04 - 2014-05-23 11:02 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 05:28 - 2014-05-23 05:27 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-23 05:28 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-23 05:28 - 2014-05-22 06:03 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-23 05:28 - 2011-08-20 04:11 - 00000000 ____D () C:\Documents and Settings\user1
2014-05-23 05:27 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-23 05:27 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-23 05:26 - 2011-08-20 04:33 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\Wallpaper
2014-05-23 05:18 - 2011-08-20 03:56 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-23 05:15 - 2014-01-29 06:38 - 00000000 ____D () C:\Documents and Settings\user1\My Documents\New Folder
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-05-22 06:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:06 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\TuneUp Software
2014-05-21 19:20 - 2013-12-08 16:46 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-21 09:15 - 2013-12-08 17:22 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 21:36 - 2011-08-19 22:59 - 00000000 ____D () C:\WINDOWS\Cursors
2014-05-20 18:14 - 2014-05-20 09:21 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 18:14 - 2014-05-20 07:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-20 11:21 - 2014-05-20 12:45 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 10:46 - 2014-05-20 07:04 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:19 - 2011-08-20 04:07 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-19 15:33 - 2014-05-19 15:24 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 13:28 - 2014-01-28 20:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:54 - 2014-05-19 12:53 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:54 - 2014-05-19 12:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 12:17 - 2011-08-20 23:37 - 00002284 _____ () C:\Documents and Settings\user1\Desktop\Google Chrome.lnk
2014-05-19 11:35 - 2011-09-14 02:02 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-12 07:26 - 2014-05-26 16:56 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 16:56 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
 
Some content of TEMP:
====================
C:\Documents and Settings\user1\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe
[2008-04-24 09:33] - [2008-04-24 09:33] - 0507904 ____A (Microsoft Corporation) d1bac55bc35a0ca735aea19f609f2b22 
 
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 PM

Posted 27 May 2014 - 11:31 AM

Hey,

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • How to do this?
    • Visit this website here
    • You will see a screen like this:


e922iil8.png

  • Click Run ESET Online Scanner

    4e3svhbd.png
  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

    p35jbmyy.png
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

    p3b9meru.png
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 makayla55

makayla55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 27 May 2014 - 09:44 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by user1 at 2014-05-27 21:10:50 Run:1
Running from C:\Documents and Settings\user1\My Documents\Downloads\FRST-OlderVersion
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
2014-05-23 05:27 - 2014-05-23 05:28 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-21 09:15 - 2013-12-08 17:22 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
C:\Documents and Settings\user1\Local Settings\Temp\Quarantine.exe
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} => Moved successfully.
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => Moved successfully.
C:\Documents and Settings\user1\Local Settings\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by user1 (administrator) on USER2011-229AAC on 27-05-2014 21:25:07
Running from C:\Documents and Settings\user1\My Documents\Downloads\FRST-OlderVersion
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: BucksBee Loyalty Plugin - OpenInstall - C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi [2012-02-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (8 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof [2011-12-09]
CHR Extension: (9 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmncmephfckdpcmohbdpcnkmchejma [2011-12-25]
CHR Extension: (Toss it) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl [2011-12-09]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2011-11-03]
CHR Extension: (3D Bowling ) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2011-10-29]
CHR Extension: (Bubble Shooter) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln [2011-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-03]
CHR Extension: (Drivers Parking) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhbejhnopmdbkkodiffaopllalmialfe [2011-12-11]
CHR Extension: (MeeGenius! Children's Books) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhfhmaajajcjoijfaceafiembkmhcddc [2011-10-29]
CHR Extension: (Typing Test - KeyHero) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2011-10-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Drag Toilet Paper) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppgpcdgnfladncmdahjkgoonelcpkfml [2011-12-09]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-03]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
U1 WS2IFSL; 
S3 WudfPf; C:\WINDOWS\system32\WudfPf.sys [X]
S3 WudfRd; C:\WINDOWS\system32\wudfrd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-27 10:31 - 2014-05-27 10:31 - 00000905 _____ () C:\Documents and Settings\user1\Desktop\JRT.txt
2014-05-27 10:25 - 2014-05-27 10:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-26 18:34 - 2014-05-26 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-05-26 18:33 - 2014-05-26 19:16 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 18:33 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-05-26 18:33 - 2011-10-09 15:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-05-26 18:33 - 2011-08-23 01:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-05-26 18:33 - 2011-08-20 04:02 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-05-26 18:33 - 2011-08-20 04:02 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-05-26 18:33 - 2011-08-20 04:01 - 00000788 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-05-26 16:58 - 2014-05-27 07:29 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 16:56 - 2014-05-26 16:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-26 16:56 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-26 16:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-26 16:52 - 2014-05-26 16:53 - 00016593 _____ () C:\Documents and Settings\user1\Desktop\malwarebytes.htm
2014-05-26 16:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-26 16:07 - 2014-05-26 16:28 - 00000000 ____D () C:\AdwCleaner
2014-05-26 09:40 - 2014-05-26 09:40 - 00041863 _____ () C:\WINDOWS\iis6.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00015028 _____ () C:\WINDOWS\ocgen.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00011018 _____ () C:\WINDOWS\FaxSetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00009190 _____ () C:\WINDOWS\msmqinst.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00008140 _____ () C:\WINDOWS\tsoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004127 _____ () C:\WINDOWS\comsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00003524 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00002161 _____ () C:\WINDOWS\netfxocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00001207 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000841 _____ () C:\WINDOWS\ocmsn.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000780 _____ () C:\WINDOWS\msgsocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-26 09:25 - 2014-05-26 09:25 - 00066440 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-23 14:06 - 2014-05-27 21:25 - 00000000 ____D () C:\FRST
2014-05-23 12:09 - 2014-05-27 21:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-23 12:09 - 2014-05-27 21:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:02 - 2014-05-23 11:04 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:02 - 2014-05-23 11:04 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-04-15 15:59 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-05-22 06:06 - 2014-05-23 05:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:03 - 2014-05-23 05:28 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-22 06:00 - 2014-05-22 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 12:45 - 2014-05-20 11:21 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 09:21 - 2014-05-20 18:14 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 08:52 - 2011-08-20 04:33 - 00000780 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20140520-085227.backup
2014-05-20 07:04 - 2014-05-20 10:46 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:03 - 2014-05-20 18:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-19 15:24 - 2014-05-19 15:33 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:53 - 2014-05-19 12:54 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:53 - 2014-05-19 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 11:32 - 2014-05-25 07:29 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-19 11:32 - 2014-05-25 07:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
 
==================== One Month Modified Files and Folders =======
 
2014-05-27 21:25 - 2014-05-23 14:06 - 00000000 ____D () C:\FRST
2014-05-27 21:07 - 2014-05-23 12:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-27 21:07 - 2014-05-23 12:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-27 11:33 - 2011-08-20 04:00 - 01427555 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-27 10:31 - 2014-05-27 10:31 - 00000905 _____ () C:\Documents and Settings\user1\Desktop\JRT.txt
2014-05-27 10:25 - 2014-05-27 10:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-27 07:29 - 2014-05-26 16:58 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 19:16 - 2014-05-26 18:33 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-26 19:16 - 2013-12-08 17:44 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-05-26 18:34 - 2014-05-26 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 18:06 - 2012-02-24 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-26 16:56 - 2014-05-26 16:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-26 16:53 - 2014-05-26 16:52 - 00016593 _____ () C:\Documents and Settings\user1\Desktop\malwarebytes.htm
2014-05-26 16:30 - 2011-08-20 04:11 - 00000178 ___SH () C:\Documents and Settings\user1\ntuser.ini
2014-05-26 16:28 - 2014-05-26 16:07 - 00000000 ____D () C:\AdwCleaner
2014-05-26 09:40 - 2014-05-26 09:40 - 00041863 _____ () C:\WINDOWS\iis6.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00015028 _____ () C:\WINDOWS\ocgen.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00011018 _____ () C:\WINDOWS\FaxSetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00009190 _____ () C:\WINDOWS\msmqinst.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00008140 _____ () C:\WINDOWS\tsoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004127 _____ () C:\WINDOWS\comsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00003524 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00002161 _____ () C:\WINDOWS\netfxocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00001207 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000841 _____ () C:\WINDOWS\ocmsn.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000780 _____ () C:\WINDOWS\msgsocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-26 09:40 - 2011-08-19 23:11 - 00513428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-26 09:25 - 2014-05-26 09:25 - 00066440 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-26 08:36 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-25 07:29 - 2014-05-19 11:32 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-25 07:29 - 2014-05-19 11:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-25 07:29 - 2011-08-20 23:28 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003UA.job
2014-05-25 07:23 - 2014-01-19 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-25 07:13 - 2008-06-25 03:15 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:04 - 2014-05-23 11:02 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:04 - 2014-05-23 11:02 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 05:28 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-23 05:28 - 2014-05-22 06:03 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-23 05:28 - 2011-08-20 04:11 - 00000000 ____D () C:\Documents and Settings\user1
2014-05-23 05:27 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-23 05:27 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-23 05:26 - 2011-08-20 04:33 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\Wallpaper
2014-05-23 05:18 - 2011-08-20 03:56 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-23 05:15 - 2014-01-29 06:38 - 00000000 ____D () C:\Documents and Settings\user1\My Documents\New Folder
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-05-22 06:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:06 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\TuneUp Software
2014-05-21 19:20 - 2013-12-08 16:46 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 21:36 - 2011-08-19 22:59 - 00000000 ____D () C:\WINDOWS\Cursors
2014-05-20 18:14 - 2014-05-20 09:21 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 18:14 - 2014-05-20 07:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-20 11:21 - 2014-05-20 12:45 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 10:46 - 2014-05-20 07:04 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:19 - 2011-08-20 04:07 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-19 15:33 - 2014-05-19 15:24 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 13:28 - 2014-01-28 20:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:54 - 2014-05-19 12:53 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:54 - 2014-05-19 12:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 12:17 - 2011-08-20 23:37 - 00002284 _____ () C:\Documents and Settings\user1\Desktop\Google Chrome.lnk
2014-05-19 11:35 - 2011-09-14 02:02 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-12 07:26 - 2014-05-26 16:56 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 16:56 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe
[2008-04-24 09:33] - [2008-04-24 09:33] - 0507904 ____A (Microsoft Corporation) d1bac55bc35a0ca735aea19f609f2b22 
 
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

 

 

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9cd1cee16d898a49b538cbb3cdc1eeab
# engine=18438
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-28 02:15:32
# local_time=2014-05-27 10:15:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=26331
# found=3
# cleaned=0
# scan_time=1283
sh=5FB6822B24CE1EDC510AD20BBAEA3DFDA97F87B8 ft=1 fh=86f5f05c7551e90b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Documents and Settings\user1\My Documents\Downloads\ccsetup311.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\user1\My Documents\Downloads\ccsetup413.exe"
sh=FDE7122FC5FEF715805012B8362C62A39FFF2FAA ft=1 fh=d3dbd663599073df vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\RECYCLER\S-1-5-21-854245398-1035525444-1417001333-1003\Dc3.exe"

 

My computer is running about the same as before. Right after opening chrome just now, it displayed a "not responding" dialog like usual. Internet explorer froze when trying to close it and any browser I use is just slow and easily stop responding with just one tab open and no other programs running.


Edited by makayla55, 27 May 2014 - 09:49 PM.


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 PM

Posted 28 May 2014 - 07:07 AM

Please repost your reply that I'm able to read it.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 makayla55

makayla55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 28 May 2014 - 10:56 AM

1.Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by user1 at 2014-05-27 21:10:50 Run:1
Running from C:\Documents and Settings\user1\My Documents\Downloads\FRST-OlderVersion
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
2014-05-23 05:27 - 2014-05-23 05:28 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-21 09:15 - 2013-12-08 17:22 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
C:\Documents and Settings\user1\Local Settings\Temp\Quarantine.exe
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} => Moved successfully.
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => Moved successfully.
C:\Documents and Settings\user1\Local Settings\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====
 
 
2. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by user1 (administrator) on USER2011-229AAC on 27-05-2014 21:25:07
Running from C:\Documents and Settings\user1\My Documents\Downloads\FRST-OlderVersion
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: BucksBee Loyalty Plugin - OpenInstall - C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi [2012-02-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (8 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof [2011-12-09]
CHR Extension: (9 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmncmephfckdpcmohbdpcnkmchejma [2011-12-25]
CHR Extension: (Toss it) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl [2011-12-09]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2011-11-03]
CHR Extension: (3D Bowling ) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2011-10-29]
CHR Extension: (Bubble Shooter) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln [2011-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-03]
CHR Extension: (Drivers Parking) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhbejhnopmdbkkodiffaopllalmialfe [2011-12-11]
CHR Extension: (MeeGenius! Children's Books) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhfhmaajajcjoijfaceafiembkmhcddc [2011-10-29]
CHR Extension: (Typing Test - KeyHero) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2011-10-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Drag Toilet Paper) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppgpcdgnfladncmdahjkgoonelcpkfml [2011-12-09]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-03]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
U1 WS2IFSL; 
S3 WudfPf; C:\WINDOWS\system32\WudfPf.sys [X]
S3 WudfRd; C:\WINDOWS\system32\wudfrd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-27 10:31 - 2014-05-27 10:31 - 00000905 _____ () C:\Documents and Settings\user1\Desktop\JRT.txt
2014-05-27 10:25 - 2014-05-27 10:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-26 18:34 - 2014-05-26 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-05-26 18:33 - 2014-05-26 19:16 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 18:33 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-05-26 18:33 - 2011-10-09 15:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-05-26 18:33 - 2011-08-23 01:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-05-26 18:33 - 2011-08-20 04:02 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-05-26 18:33 - 2011-08-20 04:02 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-05-26 18:33 - 2011-08-20 04:01 - 00000788 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-05-26 16:58 - 2014-05-27 07:29 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 16:56 - 2014-05-26 16:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-26 16:56 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-26 16:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-26 16:52 - 2014-05-26 16:53 - 00016593 _____ () C:\Documents and Settings\user1\Desktop\malwarebytes.htm
2014-05-26 16:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-26 16:07 - 2014-05-26 16:28 - 00000000 ____D () C:\AdwCleaner
2014-05-26 09:40 - 2014-05-26 09:40 - 00041863 _____ () C:\WINDOWS\iis6.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00015028 _____ () C:\WINDOWS\ocgen.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00011018 _____ () C:\WINDOWS\FaxSetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00009190 _____ () C:\WINDOWS\msmqinst.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00008140 _____ () C:\WINDOWS\tsoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004127 _____ () C:\WINDOWS\comsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00003524 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00002161 _____ () C:\WINDOWS\netfxocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00001207 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000841 _____ () C:\WINDOWS\ocmsn.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000780 _____ () C:\WINDOWS\msgsocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-26 09:25 - 2014-05-26 09:25 - 00066440 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-23 14:06 - 2014-05-27 21:25 - 00000000 ____D () C:\FRST
2014-05-23 12:09 - 2014-05-27 21:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-23 12:09 - 2014-05-27 21:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:02 - 2014-05-23 11:04 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:02 - 2014-05-23 11:04 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-04-15 15:59 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-05-22 06:06 - 2014-05-23 05:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:03 - 2014-05-23 05:28 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-22 06:00 - 2014-05-22 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 12:45 - 2014-05-20 11:21 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 09:21 - 2014-05-20 18:14 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 08:52 - 2011-08-20 04:33 - 00000780 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20140520-085227.backup
2014-05-20 07:04 - 2014-05-20 10:46 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:03 - 2014-05-20 18:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-19 15:24 - 2014-05-19 15:33 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:53 - 2014-05-19 12:54 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:53 - 2014-05-19 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 11:32 - 2014-05-25 07:29 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-19 11:32 - 2014-05-25 07:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
 
==================== One Month Modified Files and Folders =======
 
2014-05-27 21:25 - 2014-05-23 14:06 - 00000000 ____D () C:\FRST
2014-05-27 21:07 - 2014-05-23 12:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-27 21:07 - 2014-05-23 12:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-27 11:33 - 2011-08-20 04:00 - 01427555 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-27 10:31 - 2014-05-27 10:31 - 00000905 _____ () C:\Documents and Settings\user1\Desktop\JRT.txt
2014-05-27 10:25 - 2014-05-27 10:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-27 07:29 - 2014-05-26 16:58 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 19:16 - 2014-05-26 18:33 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-26 19:16 - 2013-12-08 17:44 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-05-26 18:34 - 2014-05-26 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 18:06 - 2012-02-24 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-26 16:56 - 2014-05-26 16:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-26 16:53 - 2014-05-26 16:52 - 00016593 _____ () C:\Documents and Settings\user1\Desktop\malwarebytes.htm
2014-05-26 16:30 - 2011-08-20 04:11 - 00000178 ___SH () C:\Documents and Settings\user1\ntuser.ini
2014-05-26 16:28 - 2014-05-26 16:07 - 00000000 ____D () C:\AdwCleaner
2014-05-26 09:40 - 2014-05-26 09:40 - 00041863 _____ () C:\WINDOWS\iis6.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00015028 _____ () C:\WINDOWS\ocgen.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00011018 _____ () C:\WINDOWS\FaxSetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00009190 _____ () C:\WINDOWS\msmqinst.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00008140 _____ () C:\WINDOWS\tsoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004127 _____ () C:\WINDOWS\comsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00003524 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00002161 _____ () C:\WINDOWS\netfxocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00001207 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000841 _____ () C:\WINDOWS\ocmsn.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000780 _____ () C:\WINDOWS\msgsocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-26 09:40 - 2011-08-19 23:11 - 00513428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-26 09:25 - 2014-05-26 09:25 - 00066440 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-26 08:36 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-25 07:29 - 2014-05-19 11:32 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-25 07:29 - 2014-05-19 11:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-25 07:29 - 2011-08-20 23:28 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003UA.job
2014-05-25 07:23 - 2014-01-19 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-25 07:13 - 2008-06-25 03:15 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:04 - 2014-05-23 11:02 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:04 - 2014-05-23 11:02 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 05:28 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-23 05:28 - 2014-05-22 06:03 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-23 05:28 - 2011-08-20 04:11 - 00000000 ____D () C:\Documents and Settings\user1
2014-05-23 05:27 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-23 05:27 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-23 05:26 - 2011-08-20 04:33 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\Wallpaper
2014-05-23 05:18 - 2011-08-20 03:56 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-23 05:15 - 2014-01-29 06:38 - 00000000 ____D () C:\Documents and Settings\user1\My Documents\New Folder
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-05-22 06:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:06 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\TuneUp Software
2014-05-21 19:20 - 2013-12-08 16:46 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 21:36 - 2011-08-19 22:59 - 00000000 ____D () C:\WINDOWS\Cursors
2014-05-20 18:14 - 2014-05-20 09:21 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 18:14 - 2014-05-20 07:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-20 11:21 - 2014-05-20 12:45 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 10:46 - 2014-05-20 07:04 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:19 - 2011-08-20 04:07 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-19 15:33 - 2014-05-19 15:24 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 13:28 - 2014-01-28 20:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:54 - 2014-05-19 12:53 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:54 - 2014-05-19 12:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 12:17 - 2011-08-20 23:37 - 00002284 _____ () C:\Documents and Settings\user1\Desktop\Google Chrome.lnk
2014-05-19 11:35 - 2011-09-14 02:02 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-12 07:26 - 2014-05-26 16:56 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 16:56 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe
[2008-04-24 09:33] - [2008-04-24 09:33] - 0507904 ____A (Microsoft Corporation) d1bac55bc35a0ca735aea19f609f2b22 
 
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

3ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9cd1cee16d898a49b538cbb3cdc1eeab
# engine=18438
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-28 02:15:32
# local_time=2014-05-27 10:15:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=26331
# found=3
# cleaned=0
# scan_time=1283
sh=5FB6822B24CE1EDC510AD20BBAEA3DFDA97F87B8 ft=1 fh=86f5f05c7551e90b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Documents and Settings\user1\My Documents\Downloads\ccsetup311.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\user1\My Documents\Downloads\ccsetup413.exe"
sh=FDE7122FC5FEF715805012B8362C62A39FFF2FAA ft=1 fh=d3dbd663599073df vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\RECYCLER\S-1-5-21-854245398-1035525444-1417001333-1003\Dc3.exe"

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

My computer is running about the same as before. Right after opening chrome just now, it displayed a "not responding" dialog like usual. Internet explorer froze when trying to close it and any browser I use is just slow and easily stop responding with just one tab open and no other programs running.



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 PM

Posted 28 May 2014 - 01:49 PM

Again the same problem. I'm not able to read this. Simply copy and paste the log into the thread.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 makayla55

makayla55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 28 May 2014 - 02:42 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by user1 at 2014-05-27 21:10:50 Run:1
Running from C:\Documents and Settings\user1\My Documents\Downloads\FRST-OlderVersion
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
2014-05-23 05:27 - 2014-05-23 05:28 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-21 09:15 - 2013-12-08 17:22 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
C:\Documents and Settings\user1\Local Settings\Temp\Quarantine.exe
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} => Moved successfully.
C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => Moved successfully.
C:\Documents and Settings\user1\Local Settings\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by user1 (administrator) on USER2011-229AAC on 27-05-2014 21:25:07
Running from C:\Documents and Settings\user1\My Documents\Downloads\FRST-OlderVersion
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: BucksBee Loyalty Plugin - OpenInstall - C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\yiwpyjh9.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi [2012-02-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (8 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof [2011-12-09]
CHR Extension: (9 Ball Pool) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmncmephfckdpcmohbdpcnkmchejma [2011-12-25]
CHR Extension: (Toss it) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl [2011-12-09]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2011-11-03]
CHR Extension: (3D Bowling ) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2011-10-29]
CHR Extension: (Bubble Shooter) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln [2011-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-03]
CHR Extension: (Drivers Parking) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhbejhnopmdbkkodiffaopllalmialfe [2011-12-11]
CHR Extension: (MeeGenius! Children's Books) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhfhmaajajcjoijfaceafiembkmhcddc [2011-10-29]
CHR Extension: (Typing Test - KeyHero) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2011-10-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Drag Toilet Paper) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppgpcdgnfladncmdahjkgoonelcpkfml [2011-12-09]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-03]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
U1 WS2IFSL; 
S3 WudfPf; C:\WINDOWS\system32\WudfPf.sys [X]
S3 WudfRd; C:\WINDOWS\system32\wudfrd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-27 10:31 - 2014-05-27 10:31 - 00000905 _____ () C:\Documents and Settings\user1\Desktop\JRT.txt
2014-05-27 10:25 - 2014-05-27 10:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-26 18:34 - 2014-05-26 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-05-26 18:33 - 2014-05-26 19:16 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 18:33 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-05-26 18:33 - 2011-10-09 15:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-05-26 18:33 - 2011-08-23 01:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-05-26 18:33 - 2011-08-20 04:02 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-05-26 18:33 - 2011-08-20 04:02 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-05-26 18:33 - 2011-08-20 04:01 - 00000788 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-05-26 16:58 - 2014-05-27 07:29 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 16:56 - 2014-05-26 16:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-26 16:56 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-26 16:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-26 16:52 - 2014-05-26 16:53 - 00016593 _____ () C:\Documents and Settings\user1\Desktop\malwarebytes.htm
2014-05-26 16:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-26 16:07 - 2014-05-26 16:28 - 00000000 ____D () C:\AdwCleaner
2014-05-26 09:40 - 2014-05-26 09:40 - 00041863 _____ () C:\WINDOWS\iis6.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00015028 _____ () C:\WINDOWS\ocgen.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00011018 _____ () C:\WINDOWS\FaxSetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00009190 _____ () C:\WINDOWS\msmqinst.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00008140 _____ () C:\WINDOWS\tsoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004127 _____ () C:\WINDOWS\comsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00003524 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00002161 _____ () C:\WINDOWS\netfxocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00001207 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000841 _____ () C:\WINDOWS\ocmsn.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000780 _____ () C:\WINDOWS\msgsocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-26 09:25 - 2014-05-26 09:25 - 00066440 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-23 14:06 - 2014-05-27 21:25 - 00000000 ____D () C:\FRST
2014-05-23 12:09 - 2014-05-27 21:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-23 12:09 - 2014-05-27 21:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:02 - 2014-05-23 11:04 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:02 - 2014-05-23 11:04 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-04-15 15:59 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-05-22 06:06 - 2014-05-23 05:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:03 - 2014-05-23 05:28 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-22 06:00 - 2014-05-22 06:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 12:45 - 2014-05-20 11:21 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 09:21 - 2014-05-20 18:14 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 08:52 - 2011-08-20 04:33 - 00000780 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20140520-085227.backup
2014-05-20 07:04 - 2014-05-20 10:46 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:03 - 2014-05-20 18:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-19 15:24 - 2014-05-19 15:33 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:53 - 2014-05-19 12:54 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:53 - 2014-05-19 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 11:32 - 2014-05-25 07:29 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-19 11:32 - 2014-05-25 07:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
 
==================== One Month Modified Files and Folders =======
 
2014-05-27 21:25 - 2014-05-23 14:06 - 00000000 ____D () C:\FRST
2014-05-27 21:07 - 2014-05-23 12:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-27 21:07 - 2014-05-23 12:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-27 11:33 - 2011-08-20 04:00 - 01427555 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-27 10:31 - 2014-05-27 10:31 - 00000905 _____ () C:\Documents and Settings\user1\Desktop\JRT.txt
2014-05-27 10:25 - 2014-05-27 10:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-27 07:29 - 2014-05-26 16:58 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 19:16 - 2014-05-26 18:33 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-26 19:16 - 2013-12-08 17:44 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-05-26 18:34 - 2014-05-26 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 18:06 - 2012-02-24 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-26 16:56 - 2014-05-26 16:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 16:56 - 2014-05-26 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-26 16:53 - 2014-05-26 16:52 - 00016593 _____ () C:\Documents and Settings\user1\Desktop\malwarebytes.htm
2014-05-26 16:30 - 2011-08-20 04:11 - 00000178 ___SH () C:\Documents and Settings\user1\ntuser.ini
2014-05-26 16:28 - 2014-05-26 16:07 - 00000000 ____D () C:\AdwCleaner
2014-05-26 09:40 - 2014-05-26 09:40 - 00041863 _____ () C:\WINDOWS\iis6.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00015028 _____ () C:\WINDOWS\ocgen.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00011018 _____ () C:\WINDOWS\FaxSetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00009190 _____ () C:\WINDOWS\msmqinst.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00008140 _____ () C:\WINDOWS\tsoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00004127 _____ () C:\WINDOWS\comsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00003524 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00002161 _____ () C:\WINDOWS\netfxocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00001207 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000841 _____ () C:\WINDOWS\ocmsn.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000780 _____ () C:\WINDOWS\msgsocm.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-26 09:40 - 2014-05-26 09:40 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-26 09:40 - 2011-08-19 23:11 - 00513428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-26 09:25 - 2014-05-26 09:25 - 00066440 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-26 08:36 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-25 07:29 - 2014-05-19 11:32 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003Core1cf73778f0e89c4.job
2014-05-25 07:29 - 2014-05-19 11:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf737794645a65.job
2014-05-25 07:29 - 2011-08-20 23:28 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1035525444-1417001333-1003UA.job
2014-05-25 07:23 - 2014-01-19 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-25 07:13 - 2008-06-25 03:15 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-23 12:09 - 2014-05-23 12:09 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-05-23 11:04 - 2014-05-23 11:02 - 00010136 _____ () C:\Documents and Settings\user1\Desktop\attach.txt
2014-05-23 11:04 - 2014-05-23 11:02 - 00004657 _____ () C:\Documents and Settings\user1\Desktop\dds.txt
2014-05-23 05:28 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2014-05-23 05:28 - 2014-05-22 06:03 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-05-23 05:28 - 2011-08-20 04:11 - 00000000 ____D () C:\Documents and Settings\user1
2014-05-23 05:27 - 2014-05-26 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-05-23 05:27 - 2014-05-23 05:27 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-05-23 05:27 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-23 05:26 - 2011-08-20 04:33 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\Wallpaper
2014-05-23 05:18 - 2011-08-20 03:56 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-23 05:15 - 2014-01-29 06:38 - 00000000 ____D () C:\Documents and Settings\user1\My Documents\New Folder
2014-05-22 07:17 - 2014-05-22 07:17 - 00262232 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-22 06:07 - 2014-05-22 06:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2014-05-22 06:06 - 2014-05-22 06:06 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\TuneUp Software
2014-05-22 06:06 - 2013-12-08 16:46 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\TuneUp Software
2014-05-21 19:20 - 2013-12-08 16:46 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-21 08:48 - 2014-05-21 08:48 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\AVG
2014-05-20 21:36 - 2011-08-19 22:59 - 00000000 ____D () C:\WINDOWS\Cursors
2014-05-20 18:14 - 2014-05-20 09:21 - 00000723 _____ () C:\WINDOWS\wininit.ini
2014-05-20 18:14 - 2014-05-20 07:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-20 11:21 - 2014-05-20 12:45 - 00001007 _____ () C:\Documents and Settings\user1\My Documents\Refer me to more Internet Service Providers.lnk
2014-05-20 10:46 - 2014-05-20 07:04 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-05-20 07:19 - 2011-08-20 04:07 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-19 15:33 - 2014-05-19 15:24 - 00001863 _____ () C:\Documents and Settings\user1\Desktop\missing.reg
2014-05-19 13:28 - 2014-01-28 20:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-05-19 12:54 - 2014-05-19 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-05-19 12:54 - 2014-05-19 12:53 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-19 12:54 - 2014-05-19 12:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 12:17 - 2011-08-20 23:37 - 00002284 _____ () C:\Documents and Settings\user1\Desktop\Google Chrome.lnk
2014-05-19 11:35 - 2011-09-14 02:02 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-12 07:26 - 2014-05-26 16:56 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-26 16:56 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-03 22:10 - 2014-05-03 22:10 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-05-03 21:51 - 2014-05-03 21:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2008-04-22 23:35 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe
[2008-04-24 09:33] - [2008-04-24 09:33] - 0507904 ____A (Microsoft Corporation) d1bac55bc35a0ca735aea19f609f2b22 
 
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9cd1cee16d898a49b538cbb3cdc1eeab
# engine=18438
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-28 02:15:32
# local_time=2014-05-27 10:15:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=26331
# found=3
# cleaned=0
# scan_time=1283
sh=5FB6822B24CE1EDC510AD20BBAEA3DFDA97F87B8 ft=1 fh=86f5f05c7551e90b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Documents and Settings\user1\My Documents\Downloads\ccsetup311.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\user1\My Documents\Downloads\ccsetup413.exe"
sh=FDE7122FC5FEF715805012B8362C62A39FFF2FAA ft=1 fh=d3dbd663599073df vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\RECYCLER\S-1-5-21-854245398-1035525444-1417001333-1003\Dc3.exe"
 

==================================================================================

 

Computer is still generally freezing, but worst on facebook and other heavy loaded websites. It's not freezing on every page like before, but still generally slow at loading pages and having more than one tab opening. It says a lot that windows are low on virtual memory, or not responding.



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 PM

Posted 28 May 2014 - 02:52 PM

Hey,
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
  • Download Windows Repair (All in One) from this site
  • Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
  • Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
  • If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk. In that case make sure you restart computer.
p22004342.gif
  • Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:
p22004343.gif
  • Go to Step 4 and under "System Restore" click on Create button:
p22004346.gif
  • Go to Start Repairs tab and click Start button. Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design. Click on Start button.
 
p22004347.gif
  • Post Windows Repair log which is located in the following folder:
    • 64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • 32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 makayla55

makayla55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 29 May 2014 - 10:32 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by user1 at 2014-05-29 08:31:29 Run:2
Running from C:\Documents and Settings\user1\My Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\Documents and Settings\user1\My Documents\Downloads\ccsetup311.exe
C:\Documents and Settings\user1\My Documents\Downloads\ccsetup413.exe
C:\RECYCLER\S-1-5-21-854245398-1035525444-1417001333-1003\Dc3.exe
*****************
 
C:\Documents and Settings\user1\My Documents\Downloads\ccsetup311.exe => Moved successfully.
C:\Documents and Settings\user1\My Documents\Downloads\ccsetup413.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-854245398-1035525444-1417001333-1003\Dc3.exe => Moved successfully.
 

 

==== End of Fixlog ====

 

 

I've been running Windows Repair (All in One) but it stopped repairing at repair option 16/36. It won't go any further. I did turn off my antivirus avg,



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:05 PM

Posted 29 May 2014 - 10:51 AM

SFC Scan
  • Click on the Start Start%20Orb.jpg button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
  • This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users