Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Slow Loading


  • This topic is locked This topic is locked
16 replies to this topic

#1 whitez

whitez

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 26 May 2014 - 06:46 AM

Hi,
My Windows XP SP3 just recently loading really slow after booting up, maybe takes about 5 minutes.
Can someone help me please?
Thanks a lot in advance
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Franzo at 21:41:56 on 2014-05-26
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2031.1039 [GMT 10:00]
.
AV: AVG AntiVirus 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Jetico\BestCrypt\BCWipeSvc.exe
C:\Program Files\Jetico\BestCrypt\BCWipeTM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Airytec\Switch Off\swoff.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.7.7.77
TCP: Interfaces\{0823B3EE-A441-4C8F-A953-3E16241BECC1} : DHCPNameServer = 10.7.7.77
TCP: Interfaces\{7FE9A0EC-E427-42A0-ADEA-D398DF9ADF2B} : DHCPNameServer = 10.7.7.77
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= hplun.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\franzo\application data\mozilla\firefox\profiles\qjnl915d.default\
FF - plugin: c:\documents and settings\franzo\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\franzo\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\franzo\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\franzo\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-9-30 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-9 27416]
R0 bcfnt;bcfnt;c:\windows\system32\drivers\bcfnt.sys [2010-3-18 191168]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-16 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 210200]
R1 BC_3DES;BC_3DES;c:\windows\system32\drivers\bc_3des.sys [2010-3-18 29376]
R1 BC_BF128;BC_BF128;c:\windows\system32\drivers\bc_bf128.sys [2010-3-18 23744]
R1 BC_BF448;BC_BF448;c:\windows\system32\drivers\bc_bf448.sys [2010-3-18 23744]
R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\bc_bfish.sys [2010-3-18 23744]
R1 BC_CAST;BC_CAST;c:\windows\system32\drivers\bc_cast.sys [2010-3-18 32064]
R1 BC_DES;BC_DES;c:\windows\system32\drivers\bc_des.sys [2010-3-18 29120]
R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\bc_gost.sys [2010-3-18 19264]
R1 BC_IDEA;BC_IDEA;c:\windows\system32\drivers\bc_idea.sys [2010-3-18 19392]
R1 BC_RC6;BC_RC6;c:\windows\system32\drivers\bc_rc6.sys [2010-3-18 24384]
R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [2010-3-18 44480]
R1 BC_SERP;BC_SERP;c:\windows\system32\drivers\bc_serp.sys [2010-3-18 29632]
R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\bc_tfish.sys [2010-3-18 30528]
R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [2010-3-18 49984]
R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2010-3-18 39360]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-5-13 292424]
R2 BCWipeSvc;BCWipe service;c:\program files\jetico\bestcrypt\BCWipeSvc.exe [2010-3-18 95544]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-2-26 5024576]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2010-3-18 16232]
R3 moh;moh;c:\windows\system32\drivers\moh.sys [2010-3-18 10600]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-5-13 3644432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-20 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-20 857912]
S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-3-18 80184]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-3 23256]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-3-18 181432]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-12-1 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-1-16 31888]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2014-05-21 01:04:25 -------- d-----w- c:\windows\ERUNT
2014-05-21 00:57:16 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-21 00:56:47 -------- d-----w- C:\AdwCleaner
2014-05-20 07:16:35 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-20 07:01:10 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-20 07:01:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-20 05:36:44 26084 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2014-05-20 05:22:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2014-05-20 04:57:25 50520 ----a-w- c:\windows\system32\SP32395.SYS
2014-05-20 04:33:02 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2014-05-20 04:33:01 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2014-05-20 04:33:01 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2014-05-20 04:33:01 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2014-05-20 04:33:01 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2014-05-20 04:33:00 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2014-05-20 04:33:00 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
.
==================== Find3M  ====================
.
2014-05-15 04:46:23 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 04:46:23 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-13 04:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 04:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 04:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 04:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 04:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 04:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 04:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 04:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-04-02 23:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-26 05:16:02 2080472 ----a-w- c:\windows\RtlExUpd.dll
.
============= FINISH: 21:42:24.90 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 31 May 2014 - 06:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/535558 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 whitez

whitez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 03 June 2014 - 05:23 AM

Hi,
 
1. My Windows XP SP3 just recently loading really slow after booting up, maybe takes about 5 
 
minutes. So far I have followed all the steps as per this post  
 
http://www.bleepingcomputer.com/forums/t/534914/windows-xp-slow-loading/
 
2. DDS log attached.
 
3. Sorry but I dont think I have Windows XP CD anymore
 
Thank you so much in advance!
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Franzo at 20:15:44 on 2014-06-03
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2031.1486 [GMT 10:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Jetico\BestCrypt\BCWipeSvc.exe
C:\Program Files\Jetico\BestCrypt\BCWipeTM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Airytec\Switch Off\swoff.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program 
 
files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program 
 
files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program 
 
files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program 
 
files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program 
 
files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program 
 
files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - 
 
c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - 
 
c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - 
 
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.7.7.77
TCP: Interfaces\{0823B3EE-A441-4C8F-A953-3E16241BECC1} : DHCPNameServer = 10.7.7.77
TCP: Interfaces\{7FE9A0EC-E427-42A0-ADEA-D398DF9ADF2B} : DHCPNameServer = 10.7.7.77
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common 
 
files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= hplun.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - 
 
c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program 
 
files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\franzo\application 
 
data\mozilla\firefox\profiles\qjnl915d.default\
FF - plugin: c:\documents and settings\franzo\application 
 
data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\franzo\application 
 
data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\franzo\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\franzo\local settings\application 
 
data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus 
 
Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-9-30 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-9 27416]
R0 bcfnt;bcfnt;c:\windows\system32\drivers\bcfnt.sys [2010-3-18 191168]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-16 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 210200]
R1 BC_3DES;BC_3DES;c:\windows\system32\drivers\bc_3des.sys [2010-3-18 29376]
R1 BC_BF128;BC_BF128;c:\windows\system32\drivers\bc_bf128.sys [2010-3-18 23744]
R1 BC_BF448;BC_BF448;c:\windows\system32\drivers\bc_bf448.sys [2010-3-18 23744]
R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\bc_bfish.sys [2010-3-18 23744]
R1 BC_CAST;BC_CAST;c:\windows\system32\drivers\bc_cast.sys [2010-3-18 32064]
R1 BC_DES;BC_DES;c:\windows\system32\drivers\bc_des.sys [2010-3-18 29120]
R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\bc_gost.sys [2010-3-18 19264]
R1 BC_IDEA;BC_IDEA;c:\windows\system32\drivers\bc_idea.sys [2010-3-18 19392]
R1 BC_RC6;BC_RC6;c:\windows\system32\drivers\bc_rc6.sys [2010-3-18 24384]
R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [2010-3-18 44480]
R1 BC_SERP;BC_SERP;c:\windows\system32\drivers\bc_serp.sys [2010-3-18 29632]
R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\bc_tfish.sys [2010-3-18 30528]
R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [2010-3-18 49984]
R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2010-3-18 39360]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-5-13 292424]
R2 BCWipeSvc;BCWipe service;c:\program files\jetico\bestcrypt\BCWipeSvc.exe [2010-3-18 95544]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\airytec\switch 
 
off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe 
 
[2014-2-26 5024576]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-3 23256]
R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2010-3-18 16232]
R3 moh;moh;c:\windows\system32\drivers\moh.sys [2010-3-18 10600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN 
 
v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe 
 
[2014-5-20 857912]
S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\airytec\switch off\swoff.exe 
 
-service --> c:\program files\airytec\switch off\swoff.exe -service [?]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> 
 
c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU 
 
Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-3-18 80184]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> 
 
c:\windows\system32\drivers\ANDROIDUSB.sys [?]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys 
 
[2004-1-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys 
 
[2004-1-23 28800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU 
 
Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-3-18 181432]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe 
 
[2010-2-19 517096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys 
 
[2010-12-1 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> 
 
c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-1-16 31888]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 
 
4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 
 
753504]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe 
 
[2014-5-20 1809720]
.
=============== Created Last 30 ================
.
2014-05-21 01:04:25 -------- d-----w- c:\windows\ERUNT
2014-05-21 00:57:16 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-21 00:56:47 -------- d-----w- C:\AdwCleaner
2014-05-20 07:16:35 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-20 07:01:10 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-20 07:01:09 -------- d-----w- c:\program files\Malwarebytes 
 
Anti-Malware
2014-05-20 05:36:44 26084 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2014-05-20 05:22:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2014-05-20 04:57:25 50520 ----a-w- c:\windows\system32\SP32395.SYS
2014-05-20 04:33:02 155648 ----a-w- c:\program files\common 
 
files\installshield\professional\runtime\0701\intel32\iuser.dll
2014-05-20 04:33:01 696320 ----a-w- c:\program files\common 
 
files\installshield\professional\runtime\0701\intel32\iKernel.dll
2014-05-20 04:33:01 57344 ----a-w- c:\program files\common 
 
files\installshield\professional\runtime\0701\intel32\ctor.dll
2014-05-20 04:33:01 5632 ----a-w- c:\program files\common 
 
files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2014-05-20 04:33:01 237568 ----a-w- c:\program files\common 
 
files\installshield\professional\runtime\0701\intel32\iscript.dll
2014-05-20 04:33:00 282756 ----a-w- c:\program files\common 
 
files\installshield\professional\runtime\0701\intel32\setup.dll
2014-05-20 04:33:00 163972 ----a-w- c:\program files\common 
 
files\installshield\professional\runtime\0701\intel32\iGdi.dll
.
==================== Find3M  ====================
.
2014-05-15 04:46:23 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 04:46:23 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-13 04:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 04:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 04:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 04:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 04:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 04:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 04:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 04:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-04-02 23:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:16:14.76 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2011 6:18:30 PM
System Uptime: 6/3/2014 8:10:06 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 0A54h
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | XU1 PROCESSOR | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 785.191 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0014&SUBSYS_10DE0101&REV_1001\5&13C3CF57&0&0101
Manufacturer:
Name:
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0014&SUBSYS_10DE0101&REV_1001\5&13C3CF57&0&0101
Service:
.
Class GUID:
Description:
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0014&SUBSYS_10DE0101&REV_1001\5&13C3CF57&0&0301
Manufacturer:
Name:
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0014&SUBSYS_10DE0101&REV_1001\5&13C3CF57&0&0301
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® 82566DM Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_104A&SUBSYS_2800103C&REV_02\3&B1BFB68&0&C8
Manufacturer: Intel
Name: Intel® 82566DM Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_104A&SUBSYS_2800103C&REV_02\3&B1BFB68&0&C8
Service: e1express
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&696F438&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&696F438&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&696F438&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&696F438&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP724: 3/3/2014 12:58:06 PM - Removed AVG 2014
RP725: 3/3/2014 1:00:21 PM - Removed AVG 2014
RP726: 3/3/2014 4:50:10 PM - Installed AVG 2014
RP727: 3/3/2014 4:50:31 PM - Installed AVG 2014
RP728: 3/7/2014 12:26:30 PM - System Checkpoint
RP729: 3/10/2014 11:16:10 AM - System Checkpoint
RP730: 3/14/2014 2:53:45 PM - System Checkpoint
RP731: 3/25/2014 4:30:05 PM - System Checkpoint
RP732: 3/26/2014 5:19:16 PM - System Checkpoint
RP733: 3/27/2014 9:00:06 PM - System Checkpoint
RP734: 3/31/2014 9:53:54 AM - System Checkpoint
RP735: 4/2/2014 9:01:31 AM - System Checkpoint
RP736: 4/11/2014 3:34:25 PM - System Checkpoint
RP737: 4/14/2014 2:20:58 PM - System Checkpoint
RP738: 4/15/2014 2:38:40 PM - System Checkpoint
RP739: 4/16/2014 4:57:35 PM - System Checkpoint
RP740: 4/17/2014 9:52:24 PM - System Checkpoint
RP741: 4/22/2014 8:28:37 AM - System Checkpoint
RP742: 4/23/2014 11:23:44 AM - System Checkpoint
RP743: 4/24/2014 11:33:32 AM - System Checkpoint
RP744: 4/28/2014 10:20:40 AM - System Checkpoint
RP745: 4/29/2014 9:38:27 PM - System Checkpoint
RP746: 4/30/2014 10:33:08 PM - System Checkpoint
RP747: 5/3/2014 12:30:04 PM - System Checkpoint
RP748: 5/5/2014 8:00:56 PM - System Checkpoint
RP749: 5/9/2014 1:07:55 PM - System Checkpoint
RP750: 5/12/2014 3:23:23 PM - System Checkpoint
RP751: 5/13/2014 4:12:39 PM - System Checkpoint
RP752: 5/14/2014 4:31:17 PM - System Checkpoint
RP753: 5/16/2014 12:30:20 PM - System Checkpoint
RP754: 5/17/2014 8:01:58 PM - System Checkpoint
RP755: 5/19/2014 12:14:15 PM - System Checkpoint
RP756: 5/20/2014 2:55:30 PM - Installed Realtek High Definition Audio Driver
RP757: 5/20/2014 3:36:40 PM - Installed Realtek High Definition Audio Driver
RP758: 5/26/2014 12:32:54 PM - System Checkpoint
RP759: 5/27/2014 3:30:41 PM - System Checkpoint
RP760: 5/29/2014 9:44:00 AM - System Checkpoint
RP761: 6/3/2014 3:14:35 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Photoshop CS5
Adobe Photoshop Lightroom 2
Adobe Reader 7.0
Airytec Switch Off
Apple Mobile Device Support
AVG 2014
BestCrypt 8.0
Brother P-touch Editor 5.1
Brother P-touch Editor Label Collection - Package Shipping [ENG]
Brother P-touch Editor Label Collection - Package Shipping [ENU]
Brother P-touch Update Software
CCleaner
Embedded Security for HP ProtectTools Driver
Google Chrome
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections Drivers
Ipswitch WS_FTP Professional 2007
IrfanView (remove only)
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WinUsb 1.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
NVIDIA Control Panel 263.14
NVIDIA Graphics Driver 263.14
NVIDIA HD Audio Driver 1.1.12.1
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
QuickTime
Realtek High Definition Audio Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
TeamViewer 9
Uninstall Startup Inspector
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.1
WBFS Manager 3.0
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yawcam 0.4.1
.
==== Event Viewer Messages From Past Week ========
.
6/3/2014 8:12:55 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054b71c, parameter3 b3361a80, parameter4 00000000.
6/3/2014 8:06:19 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054bd6f, parameter3 b27f1558, parameter4 00000000.
5/30/2014 2:56:38 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/29/2014 1:02:11 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 10.7.7.78 with the system having network hardware address BC:52:B7:2D:41:45. Network operations on this system may be disrupted as a result.
5/27/2014 9:16:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
5/27/2014 9:16:46 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
5/27/2014 9:16:25 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
5/27/2014 9:16:25 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe. Reference error message: The operation completed successfully. .
5/27/2014 9:16:25 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 07 June 2014 - 11:03 AM.
Posted Attach log


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 PM

Posted 07 June 2014 - 08:00 AM

Greetings whitez and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 whitez

whitez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 10 June 2014 - 12:47 AM

Hi,

Please see below for results.

Cheers

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-06-2014 03
Ran by Franzo at 2014-06-10 15:45:52
Running from C:\Utils\Bleeping Computer\10 June
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 2 (HKLM\...\{531BC138-F1F7-496B-879C-F039ECEF438D}) (Version: 2 - Adobe)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.4.1 - Airytec)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
BestCrypt 8.0 (HKLM\...\BestCrypt) (Version:  - )
Brother P-touch Editor 5.1 (HKLM\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0060 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Package Shipping [ENG] (HKLM\...\{31F6AC89-9DA1-47A2-A5D7-9BFEFEC6D02D}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Package Shipping [ENU] (HKLM\...\{9C7AEE33-3558-4F35-A7C8-6C19F2D3D665}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM\...\{34A9C5A8-9BB6-4C57-A0D9-1DAAE175009E}) (Version: 1.0.0070 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Ipswitch WS_FTP Professional 2007 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 11.1.0000 - Ipswitch)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 19.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 19.0.2 (x86 en-US)) (Version: 19.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA Control Panel 263.14 (Version: 263.14 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 263.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 263.14 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.12.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.12.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.36.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.36 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13065 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.103.0 - SAMSUNG Electronics Co., Ltd.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Uninstall Startup Inspector (HKLM\...\{DE114695-AE58-4B66-8E0F-2505188602FB}_is1) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WBFS Manager 3.0 (HKLM\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yawcam 0.4.1 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version:  - )
 
==================== Restore Points  =========================
 
14-03-2014 03:53:45 System Checkpoint
25-03-2014 05:30:05 System Checkpoint
26-03-2014 06:19:16 System Checkpoint
27-03-2014 10:00:06 System Checkpoint
30-03-2014 23:53:54 System Checkpoint
01-04-2014 23:01:31 System Checkpoint
11-04-2014 05:34:25 System Checkpoint
14-04-2014 04:20:58 System Checkpoint
15-04-2014 04:38:40 System Checkpoint
16-04-2014 06:57:35 System Checkpoint
17-04-2014 11:52:24 System Checkpoint
21-04-2014 22:28:37 System Checkpoint
23-04-2014 01:23:44 System Checkpoint
24-04-2014 01:33:32 System Checkpoint
28-04-2014 00:20:40 System Checkpoint
29-04-2014 11:38:27 System Checkpoint
30-04-2014 12:33:08 System Checkpoint
03-05-2014 02:30:04 System Checkpoint
05-05-2014 10:00:56 System Checkpoint
09-05-2014 03:07:55 System Checkpoint
12-05-2014 05:23:23 System Checkpoint
13-05-2014 06:12:39 System Checkpoint
14-05-2014 06:31:17 System Checkpoint
16-05-2014 02:30:20 System Checkpoint
17-05-2014 10:01:58 System Checkpoint
19-05-2014 02:14:15 System Checkpoint
20-05-2014 04:55:30 Installed Realtek High Definition Audio Driver
20-05-2014 05:36:40 Installed Realtek High Definition Audio Driver
26-05-2014 02:32:54 System Checkpoint
27-05-2014 05:30:41 System Checkpoint
28-05-2014 23:44:00 System Checkpoint
03-06-2014 05:14:35 System Checkpoint
05-06-2014 05:55:40 System Checkpoint
08-06-2014 06:51:21 System Checkpoint
10-06-2014 02:01:18 System Checkpoint
 
==================== Hosts content: ==========================
 
2008-04-14 22:00 - 2012-12-06 19:25 - 00001735 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-1177238915-1003Core.job => C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-1177238915-1003UA.job => C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\TeamViewer 6.job => C:\PROGRA~1\TEAMVI~1\Version6\TEAMVI~1.EXE
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-12-03 18:35 - 2010-08-25 23:12 - 00555624 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2008-04-14 22:00 - 2008-04-14 22:00 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 22:00 - 2008-04-14 22:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 22:00 - 2008-04-14 22:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-06-05 09:49 - 2014-05-14 09:40 - 04217672 _____ () C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-06-05 09:49 - 2014-05-14 09:40 - 00414536 _____ () C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-06-05 09:49 - 2014-05-14 09:40 - 01732424 _____ () C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Intel® 82566DM Gigabit Network Connection
Description: Intel® 82566DM Gigabit Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: e1express
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/03/2014 11:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000001.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (03/18/2014 09:41:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (03/18/2014 09:37:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18702, fault address 0x0013e9c6.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (03/18/2014 09:37:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18702, fault address 0x0013e9c6.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (03/18/2014 09:34:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18702, fault address 0x0013e9c6.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (02/28/2014 09:50:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application machineidcreator.exe, version 14.0.0.6, faulting module avguidx.dll, version 2012.0.0.1, fault address 0x00028eb0.
Processing media-specific event for [machineidcreator.exe!ws!]
 
Error: (02/28/2014 09:49:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application MachineIdCreator.exe, version 14.0.0.6, faulting module avguidx.dll, version 2012.0.0.1, fault address 0x00028eb0.
Processing media-specific event for [MachineIdCreator.exe!ws!]
 
Error: (02/28/2014 09:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application MachineIdCreator.exe, version 14.0.0.6, faulting module avguidx.dll, version 2012.0.0.1, fault address 0x00028eb0.
Processing media-specific event for [MachineIdCreator.exe!ws!]
 
Error: (02/28/2014 08:52:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application machineidcreator.exe, version 14.0.0.6, faulting module avguidx.dll, version 2012.0.0.1, fault address 0x00028eb0.
Processing media-specific event for [machineidcreator.exe!ws!]
 
Error: (02/28/2014 08:30:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application machineidcreator.exe, version 14.0.0.6, faulting module avguidx.dll, version 2012.0.0.1, fault address 0x00028eb0.
Processing media-specific event for [machineidcreator.exe!ws!]
 
 
System errors:
=============
Error: (06/10/2014 03:43:08 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.7.7.81 for the Network Card with network address 00271913F3D1 has been
denied by the DHCP server 10.7.7.77 (The DHCP Server sent a DHCPNACK message).
 
Error: (06/10/2014 03:14:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (06/10/2014 03:14:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%14001
 
Error: (06/10/2014 03:14:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.
Reference error message: The operation completed successfully.
.
 
Error: (06/10/2014 03:14:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (06/10/2014 03:14:18 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (06/10/2014 09:25:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (06/10/2014 09:25:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%14001
 
Error: (06/10/2014 09:25:36 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.
Reference error message: The operation completed successfully.
.
 
Error: (06/10/2014 09:25:36 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.
 
 
Microsoft Office Sessions:
=========================
Error: (06/03/2014 11:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000000001
 
Error: (03/18/2014 09:41:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000000000
 
Error: (03/18/2014 09:37:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.187020013e9c6
 
Error: (03/18/2014 09:37:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.187020013e9c6
 
Error: (03/18/2014 09:34:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.187020013e9c6
 
Error: (02/28/2014 09:50:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: machineidcreator.exe14.0.0.6avguidx.dll2012.0.0.100028eb0
 
Error: (02/28/2014 09:49:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MachineIdCreator.exe14.0.0.6avguidx.dll2012.0.0.100028eb0
 
Error: (02/28/2014 09:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MachineIdCreator.exe14.0.0.6avguidx.dll2012.0.0.100028eb0
 
Error: (02/28/2014 08:52:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: machineidcreator.exe14.0.0.6avguidx.dll2012.0.0.100028eb0
 
Error: (02/28/2014 08:30:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: machineidcreator.exe14.0.0.6avguidx.dll2012.0.0.100028eb0
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 2031.23 MB
Available physical RAM: 1353.78 MB
Total Pagefile: 3923.68 MB
Available Pagefile: 3279.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:785.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: D58AD58A)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 03
Ran by Franzo (administrator) on BLESS1 on 10-06-2014 15:45:12
Running from C:\Utils\Bleeping Computer\10 June
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Jetico, Inc.) C:\Program Files\Jetico\BestCrypt\BCWipeSvc.exe
(Jetico, Inc.) C:\Program Files\Jetico\BestCrypt\BCWipeTM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Airytec) C:\Program Files\Airytec\Switch Off\swoff.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Google Inc.) C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [110696 2010-12-12] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13851752 2010-12-12] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-25] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKU\S-1-5-21-343818398-308236825-1177238915-1003\...\Run: [Google Update] => C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-07-07] (Google Inc.)
HKU\S-1-5-21-343818398-308236825-1177238915-1003\...\MountPoints2: {3452b59e-211d-11e0-8afd-00271913f3d1} - F:\WDSetup.exe
AppInit_DLLs: hplun.dll => C:\WINDOWS\system32\hplun.dll [54000 2009-06-05] (Jetico, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.7.7.77
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Franzo\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Franzo\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Franzo\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Franzo\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: SeoQuake - C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-11-16]
FF Extension: Password Exporter - C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2011-01-15]
FF Extension: ImgLikeOpera - C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\Extensions\imglikeopera@imfo.ru.xpi [2011-12-29]
FF Extension: RankChecker - C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\Extensions\rankchecker@seobook.com.xpi [2011-12-29]
FF Extension: NoScript - C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-29]
FF Extension: ReloadEvery - C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2011-12-29]
FF Extension: No Color - C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\Extensions\{ae443e4d-02db-4eef-bcc2-0f1b17edb941}.xpi [2013-03-26]
FF Extension: Adblock Plus - C:\Documents and Settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Franzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 BCWipeSvc; C:\Program Files\Jetico\BestCrypt\BCWipeSvc.exe [95544 2009-12-25] (Jetico, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-01-20] (Macrovision Europe Ltd.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [135168 2011-05-29] (Airytec) [File not signed]
S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [135168 2011-05-29] (Airytec) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
S3 AF15BDA; C:\WINDOWS\System32\DRIVERS\AF15BDA.sys [483200 2011-01-28] (ITETech                  )
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1570240 2009-09-22] (Atheros Communications, Inc.) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 bcbus; C:\WINDOWS\System32\DRIVERS\bcbus.sys [49984 2010-01-14] (Jetico, Inc.)
R0 bcfnt; C:\WINDOWS\system32\Drivers\bcfnt.sys [191168 2010-01-29] (Jetico, Inc.)
R1 BC_3DES; C:\WINDOWS\system32\Drivers\BC_3DES.sys [29376 2009-12-22] (Jetico, Inc.)
R1 BC_BF128; C:\WINDOWS\system32\Drivers\BC_BF128.sys [23744 2009-12-22] (Jetico, Inc.)
R1 BC_BF448; C:\WINDOWS\system32\Drivers\BC_BF448.sys [23744 2009-12-22] (Jetico, Inc.)
R1 BC_BFish; C:\WINDOWS\system32\Drivers\BC_BFish.sys [23744 2009-12-22] (Jetico, Inc.)
R1 BC_CAST; C:\WINDOWS\system32\Drivers\BC_CAST.sys [32064 2009-12-22] (Jetico, Inc.)
R1 BC_DES; C:\WINDOWS\system32\Drivers\BC_DES.sys [29120 2009-12-22] (Jetico, Inc.)
R1 BC_Gost; C:\WINDOWS\system32\Drivers\BC_Gost.sys [19264 2009-12-22] (Jetico, Inc.)
R1 BC_IDEA; C:\WINDOWS\system32\Drivers\BC_IDEA.sys [19392 2009-12-22] (Iarsn)
R1 BC_RC6; C:\WINDOWS\system32\Drivers\BC_RC6.sys [24384 2009-12-22] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\WINDOWS\system32\Drivers\BC_RIJN.sys [44480 2009-12-22] (Jetico, Inc.)
R1 BC_SERP; C:\WINDOWS\system32\Drivers\BC_SERP.sys [29632 2009-12-22] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\WINDOWS\system32\Drivers\BC_TFISH.sys [30528 2009-12-22] (Jetico, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 fsh; C:\WINDOWS\system32\Drivers\fsh.sys [39360 2010-01-26] (Jetico, Inc.)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 mhk; C:\WINDOWS\system32\Drivers\mhk.sys [16232 2008-08-18] (Jetico, Inc.)
R3 moh; C:\WINDOWS\system32\Drivers\moh.sys [10600 2008-07-17] (Jetico, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [100456 2010-11-09] (NVIDIA Corporation)
S3 PPJoyBus; C:\WINDOWS\System32\drivers\PPJoyBus.sys [13952 2004-10-24] (Deon van der Westhuysen) [File not signed]
S3 PPortJoystick; C:\WINDOWS\System32\drivers\PPortJoy.sys [28800 2004-10-24] (Deon van der Westhuysen) [File not signed]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S4 IntelIde; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-10 15:45 - 2014-06-10 15:45 - 00000000 ____D () C:\FRST
2014-06-05 09:43 - 2014-06-10 11:48 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-1177238915-1003UA.job
2014-06-05 09:43 - 2014-06-10 09:48 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-1177238915-1003Core.job
2014-06-03 20:10 - 2014-06-03 20:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini060314-02.dmp
2014-06-03 20:03 - 2014-06-03 20:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini060314-01.dmp
2014-05-22 09:14 - 2014-05-22 09:15 - 00007231 _____ () C:\WINDOWS\setupapi.log
2014-05-21 11:04 - 2014-05-21 11:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-21 10:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-21 10:56 - 2014-05-21 10:59 - 00000000 ____D () C:\AdwCleaner
2014-05-20 17:16 - 2014-05-27 11:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 17:01 - 2014-05-20 17:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-20 17:01 - 2014-05-20 17:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 17:01 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-20 15:36 - 2013-10-25 11:38 - 00026084 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-05-20 15:22 - 2014-05-20 15:22 - 00000000 ____D () C:\Program Files\Intel
2014-05-20 15:22 - 2007-08-10 15:12 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\system32\CSVer.dll
2014-05-20 14:57 - 2003-04-16 08:00 - 00050520 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\SP32395.SYS
 
==================== One Month Modified Files and Folders =======
 
2014-06-10 15:45 - 2014-06-10 15:45 - 00000000 ____D () C:\FRST
2014-06-10 15:45 - 2011-01-15 17:22 - 00000000 ____D () C:\Documents and Settings\Franzo\Local Settings\Temp
2014-06-10 15:20 - 2011-01-15 17:16 - 00371977 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-10 15:18 - 2011-01-16 04:09 - 00592924 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-10 15:17 - 2014-02-26 22:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-06-10 15:14 - 2011-01-16 04:11 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-10 15:14 - 2011-01-16 04:11 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-10 15:13 - 2011-01-15 17:21 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-10 12:46 - 2014-03-18 09:51 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-10 12:46 - 2011-01-15 17:21 - 00032396 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-10 11:48 - 2014-06-05 09:43 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-1177238915-1003UA.job
2014-06-10 09:49 - 2011-01-15 18:25 - 00000000 ____D () C:\Documents and Settings\Franzo\Application Data\Mozilla
2014-06-10 09:48 - 2014-06-05 09:43 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-1177238915-1003Core.job
2014-06-10 09:25 - 2008-04-14 22:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-05 12:09 - 2011-01-15 17:22 - 00000178 ___SH () C:\Documents and Settings\Franzo\ntuser.ini
2014-06-05 11:25 - 2012-10-27 13:30 - 00000000 ____D () C:\LIA
2014-06-05 09:49 - 2012-07-07 08:41 - 00002327 _____ () C:\Documents and Settings\Franzo\Desktop\Google Chrome.lnk
2014-06-03 20:10 - 2014-06-03 20:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini060314-02.dmp
2014-06-03 20:10 - 2011-01-17 11:30 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-03 20:03 - 2014-06-03 20:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini060314-01.dmp
2014-06-02 22:33 - 2014-03-10 13:21 - 00000000 ____D () C:\Documents and Settings\Franzo\My Documents\My Labels
2014-06-02 10:01 - 2011-01-15 21:59 - 00000000 ____D () C:\Download
2014-05-30 08:30 - 2011-05-26 23:06 - 00000302 _____ () C:\WINDOWS\Tasks\TeamViewer 6.job
2014-05-28 15:38 - 2011-01-15 21:58 - 00000000 ____D () C:\Documents and Settings\Franzo\Application Data\uTorrent
2014-05-27 11:15 - 2014-05-20 17:16 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 09:15 - 2014-05-22 09:14 - 00007231 _____ () C:\WINDOWS\setupapi.log
2014-05-22 09:15 - 2014-04-01 09:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-22 09:15 - 2014-03-03 15:52 - 00000736 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-21 14:38 - 2012-11-20 14:38 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-05-21 13:28 - 2011-01-15 17:50 - 00000000 ____D () C:\Utils
2014-05-21 11:18 - 2011-02-22 08:07 - 00000000 ____D () C:\Program Files\ESET
2014-05-21 11:04 - 2014-05-21 11:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-21 10:59 - 2014-05-21 10:56 - 00000000 ____D () C:\AdwCleaner
2014-05-21 10:58 - 2011-01-15 17:21 - 00000000 ____D () C:\Documents and Settings\Franzo
2014-05-20 17:01 - 2014-05-20 17:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-20 17:01 - 2014-05-20 17:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 17:01 - 2014-02-26 21:07 - 00000000 ____D () C:\Documents and Settings\Franzo\Application Data\Malwarebytes
2014-05-20 17:01 - 2014-02-26 21:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-20 16:38 - 2011-03-01 20:34 - 00000000 ____D () C:\Documents and Settings\Franzo\Application Data\DAEMON Tools Lite
2014-05-20 16:37 - 2011-05-28 16:13 - 00000000 __SHD () C:\Documents and Settings\Franzo\UserData
2014-05-20 15:42 - 2011-01-16 04:02 - 00000000 ____D () C:\WINDOWS\security
2014-05-20 15:37 - 2011-01-16 20:30 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-05-20 15:37 - 2011-01-15 19:13 - 00000000 ____D () C:\WINDOWS\system32\RTCOM
2014-05-20 15:22 - 2014-05-20 15:22 - 00000000 ____D () C:\Program Files\Intel
2014-05-20 14:55 - 2011-01-16 04:08 - 01160555 _____ () C:\WINDOWS\setupapi.log.0.old
2014-05-20 14:33 - 2011-01-20 08:54 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-05-20 14:33 - 2011-01-15 18:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-20 14:18 - 2014-02-26 23:29 - 00000716 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-20 14:18 - 2014-02-26 23:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 14:46 - 2013-04-01 17:54 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-15 14:46 - 2011-12-24 12:11 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:19 - 2013-10-31 22:00 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2013-11-05 20:50 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2013-10-31 21:30 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2013-10-24 21:28 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2013-09-30 23:49 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2014-05-13 14:17 - 2013-08-01 15:08 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-13 14:09 - 2013-11-04 20:57 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2013-09-16 23:57 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2014-05-13 14:04 - 2013-09-09 23:43 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx86.sys
 
Some content of TEMP:
====================
C:\Documents and Settings\Franzo\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Franzo\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 PM

Posted 10 June 2014 - 08:46 AM

Greetings,

Prior to completing the below you will need to copy and paste FRST.exe to your Desktop.

----------

Can you tell me if you are experiencing issues with any of these:

Internet
Keyboard and/or mouse
Audio


----------

Please consider and complete the below.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S4 IntelIde; No ImagePath
C:\Documents and Settings\Franzo\Local Settings\Temp\Quarantine.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • If the Program will not run properly run it in Safe Mode
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to question
  • Fixlog
  • Did TFC run properly?
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 whitez

whitez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 10 June 2014 - 06:37 PM

  • Reply to question

I have uninstalled utorrent.

No issue with  Internet, Keyboard and/or mouse and Audio. They are all working well.

 

  • Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-06-2014
Ran by Franzo at 2014-06-11 09:24:43 Run:1
Running from C:\Documents and Settings\Franzo\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S4 IntelIde; No ImagePath
C:\Documents and Settings\Franzo\Local Settings\Temp\Quarantine.exe
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
IntelIde => Service deleted successfully.
C:\Documents and Settings\Franzo\Local Settings\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====
 

 

  • Did TFC run properly?

Yes

  • How is your computer running?

Still the same, slow loading.

 

 

Thanks again.

 

 

 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 PM

Posted 10 June 2014 - 07:18 PM

Thank you,

Please run this.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 whitez

whitez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 11 June 2014 - 06:28 PM

I think Combofix fixed it. It now loads instantly  :thumbup2:  :thumbup2:

So what seems to be the issue?

Please see below for log.

Thanks 

 

 

 

 

ComboFix 14-06-10.01 - Franzo 12/06/2014   9:17.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2031.1458 [GMT 10:00]
Running from: c:\documents and settings\Franzo\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\Franzo\WINDOWS
C:\Thumbs.db
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\aosmtp.dll
c:\windows\system32\win.ini
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-11 to 2014-06-11  )))))))))))))))))))))))))))))))
.
.
2014-06-10 05:45 . 2014-06-10 23:24 -------- d-----w- C:\FRST
2014-05-21 01:04 . 2014-05-21 01:04 -------- d-----w- c:\windows\ERUNT
2014-05-21 00:57 . 2010-08-29 22:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-21 00:56 . 2014-05-21 00:59 -------- d-----w- C:\AdwCleaner
2014-05-20 07:16 . 2014-05-27 01:15 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-20 07:01 . 2014-04-02 23:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-20 07:01 . 2014-05-20 07:01 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-20 05:36 . 2013-10-25 01:38 26084 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2014-05-20 05:22 . 2014-05-20 05:22 -------- d-----w- c:\program files\Intel
2014-05-20 05:22 . 2007-08-10 05:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2014-05-20 04:57 . 2003-04-15 22:00 50520 ----a-w- c:\windows\system32\SP32395.SYS
2014-05-20 04:33 . 2002-12-05 04:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2014-05-20 04:33 . 2003-02-27 06:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2014-05-20 04:33 . 2002-12-02 05:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2014-05-20 04:33 . 2002-12-02 03:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2014-05-20 04:33 . 2002-12-02 03:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2014-05-20 04:33 . 2014-05-20 04:33 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2014-05-20 04:33 . 2014-05-20 04:33 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 04:46 . 2013-04-01 07:54 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-15 04:46 . 2011-12-24 02:11 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 04:19 . 2013-10-31 12:00 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 04:17 . 2013-10-31 11:30 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 04:17 . 2013-11-05 10:50 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 04:17 . 2013-08-01 05:08 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 04:17 . 2013-10-24 11:28 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 04:17 . 2013-09-30 13:49 107288 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-05-13 04:09 . 2013-11-04 10:57 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 04:04 . 2013-09-09 13:43 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 04:04 . 2013-09-16 13:57 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-04-02 23:50 . 2014-03-03 05:44 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 04:10 . 2011-12-29 00:54 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-11 143360]
"NvMediaCenter"="NvMCTray.dll" [2010-12-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-12 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-04-30 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\hplun.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 11:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-11 15:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 07:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 18:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 06:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-06 22:40 116648 ----atw- c:\documents and settings\Franzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-03-06 13:36 943504 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-03-18 09:15 21416 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-03-06 13:36 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-04-30 16:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 03:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1544\\Agent.exe"=
"c:\\Documents and Settings\\Franzo\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/24/2013 9:28 PM 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [10/31/2013 9:30 PM 237848]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/9/2013 11:43 PM 27416]
R0 bcfnt;bcfnt;c:\windows\system32\drivers\bcfnt.sys [3/18/2010 7:50 PM 191168]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11/5/2013 8:50 PM 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [11/4/2013 8:57 PM 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/16/2013 11:57 PM 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/31/2013 10:00 PM 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 3:08 PM 210200]
R1 BC_3DES;BC_3DES;c:\windows\system32\drivers\bc_3des.sys [3/18/2010 7:50 PM 29376]
R1 BC_BF128;BC_BF128;c:\windows\system32\drivers\bc_bf128.sys [3/18/2010 7:50 PM 23744]
R1 BC_BF448;BC_BF448;c:\windows\system32\drivers\bc_bf448.sys [3/18/2010 7:50 PM 23744]
R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\bc_bfish.sys [3/18/2010 7:50 PM 23744]
R1 BC_CAST;BC_CAST;c:\windows\system32\drivers\bc_cast.sys [3/18/2010 7:50 PM 32064]
R1 BC_DES;BC_DES;c:\windows\system32\drivers\bc_des.sys [3/18/2010 7:50 PM 29120]
R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\bc_gost.sys [3/18/2010 7:50 PM 19264]
R1 BC_IDEA;BC_IDEA;c:\windows\system32\drivers\bc_idea.sys [3/18/2010 7:50 PM 19392]
R1 BC_RC6;BC_RC6;c:\windows\system32\drivers\bc_rc6.sys [3/18/2010 7:50 PM 24384]
R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [3/18/2010 7:50 PM 44480]
R1 BC_SERP;BC_SERP;c:\windows\system32\drivers\bc_serp.sys [3/18/2010 7:50 PM 29632]
R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\bc_tfish.sys [3/18/2010 7:50 PM 30528]
R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [3/18/2010 7:50 PM 49984]
R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [3/18/2010 7:50 PM 39360]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [5/13/2014 2:15 PM 292424]
R2 BCWipeSvc;BCWipe service;c:\program files\Jetico\BestCrypt\BCWipeSvc.exe [3/18/2010 7:50 PM 95544]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe -service --> c:\program files\Airytec\Switch Off\swoff.exe -service [?]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2/26/2014 10:32 PM 5024576]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/23/2008 10:31 AM 44800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/3/2014 3:44 PM 23256]
R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [3/18/2010 7:50 PM 16232]
R3 moh;moh;c:\windows\system32\drivers\moh.sys [3/18/2010 7:50 PM 10600]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [5/13/2014 2:23 PM 3644432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/20/2014 5:01 PM 857912]
S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe -service --> c:\program files\Airytec\Switch Off\swoff.exe -service [?]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [3/18/2012 7:14 PM 80184]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [1/23/2004 3:33 PM 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [1/23/2004 3:32 PM 28800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [3/18/2012 7:14 PM 181432]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 12:44 PM 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1/16/2011 6:08 PM 31888]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/20/2014 5:01 PM 1809720]
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-01 04:46]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-1177238915-1003Core.job
- c:\documents and settings\Franzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 22:40]
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-1177238915-1003UA.job
- c:\documents and settings\Franzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 22:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.7.7.77
FF - ProfilePath - c:\documents and settings\Franzo\Application Data\Mozilla\Firefox\Profiles\qjnl915d.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-12 09:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-308236825-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\hplun.dll
.
- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\hplun.dll
.
Completion time: 2014-06-12  09:23:01
ComboFix-quarantined-files.txt  2014-06-11 23:22
.
Pre-Run: 844,224,081,920 bytes free
Post-Run: 844,199,047,168 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AF26D2BF843CA0DB9BD0FB5B8DC6BDEC
8F558EB6672622401DA993E1E865C861

Edited by whitez, 11 June 2014 - 06:29 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 PM

Posted 11 June 2014 - 08:48 PM

Very nice. :)

I see you have run ESET but I would like to run it again. Please do these 2 things for me.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 whitez

whitez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 12 June 2014 - 03:02 AM

  • ESET log

 

C:\System Volume Information\_restore{37F61C97-A22D-4E93-BD38-170C6B930219}\RP757\A1344112.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\System Volume Information\_restore{37F61C97-A22D-4E93-BD38-170C6B930219}\RP757\A1346129.exe Win32/InstallMonetizer.AH potentially unwanted application deleted - quarantined
C:\System Volume Information\_restore{37F61C97-A22D-4E93-BD38-170C6B930219}\RP757\A1346130.exe Win32/InstallMonetizer.AH potentially unwanted application deleted - quarantined
 

 

  • Security Check log

 Results of screen317's Security Check version 0.99.84  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus 2014   
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 7 Adobe Reader out of Date! 
 Mozilla Firefox 19.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 0% 
````````````````````End of Log`````````````````````` 
 

 

  • How is your computer running?

Awesome, Windows now loading straight away

 

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 PM

Posted 12 June 2014 - 08:19 AM

Greetings,

That ESET log looks good. Those quarantined entries are annoyances and nothing to worry about. We do need to update the programs listed in red in the Security Check log. Those outdated programs are big holes in your computer security and malware writers use outdated programs to deliver their wares. What they do is find a security vulnerability and exploit it. The updating of programs is designed, in part, to close those holes. This is a never ending process so therefore keeping you software and programs updated is vitally important in your quest to keep your compute safe and clean.

In light of that, please do this.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.

Adobe Reader Update
  • Please download Adobe Reader
  • After installing the latest Adobe Reader, uninstall all previous versions through Add/Remove Programs.
  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition
===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck Install the Ask Toolbar and make Ask my default search provider
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:
  • Click Start, Control Panel, Java, then Advanced
  • Scroll down to Miscellaneous then uncheck the box for Java Quick Starter.
  • Click OK and reboot your computer.
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did all your programs update properly?
  • One last check, any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 whitez

whitez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 12 June 2014 - 06:25 PM

Hi again,

All programs updated properly and all good, no issue  :bananas:

Thanks a lot for your help!!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 PM

Posted 12 June 2014 - 06:28 PM

Excellent. It was my pleasure, I'm glad things are running smoothly.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean

--------------

Your machine appears to be clean. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Please do the following to remove some of the tools we used during our time together: Following this step you may remove any other remaining tools or logs.

Delete the tools used during the disinfection:
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK. Note: It may appear as if Combofix is installing again but it is uninstalling. Please allow the program to run its course.

run-box.jpg

  • This will remove Combofix and other tools we used from your computer.
Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read: Simple and easy ways to keep your computer safe and secure on the Internet.

In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 whitez

whitez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 13 June 2014 - 06:12 PM

Thanks a lot again for your help and everyone else that helped in this forum.

I really appreciate it. You guys are the best!!  :thumbsup:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users