Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Laptop Infected on 6/13/14


  • This topic is locked This topic is locked
58 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 6,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 AM

Posted 16 June 2014 - 02:53 PM

This post if for bloopie to follow up on. DDS Logs here:

bloopie, don't now if this matters but I have been having trouble downloading stuff since this "infection"  After trying to download some stuff the computer froze.  I was downloading from reputable sites download.com or directly from the suggested oem's site.  I then could not do anything and waited for a while but nothing happened so I forced it to shut down.  I used System Restore and that seemed to fix it.  If more info is needed just tell me.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Chris at 15:38:31 on 2014-06-16
#Option MBR scan  is disabled.
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.212 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Dell\Printer Software\DKab1err.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\WINDOWS2\system32\DKabcoms.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\WINDOWS2\system32\wbem\wmiprvse.exe
C:\WINDOWS2\System32\alg.exe
C:\WINDOWS2\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS2\system32\svchost.exe -k DcomLaunch
C:\WINDOWS2\system32\svchost.exe -k rpcss
C:\WINDOWS2\System32\svchost.exe -k netsvcs
C:\WINDOWS2\system32\svchost.exe -k NetworkService
C:\WINDOWS2\system32\svchost.exe -k LocalService
C:\WINDOWS2\system32\svchost.exe -k LocalService
C:\WINDOWS2\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS2\system32\svchost.exe -k HPService
C:\WINDOWS2\System32\svchost.exe -k HPZ12
C:\WINDOWS2\System32\svchost.exe -k HPZ12
C:\WINDOWS2\system32\svchost.exe -k imgsvc
C:\WINDOWS2\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=55&CUI=&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD&SSPV=TBannersC_sp_ie
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [DKab1err] c:\program files\dell\printer software\DKab1err.exe
uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1376169384968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: NameServer = 192.168.10.5
TCP: Interfaces\{0E49FE7C-B438-4516-8EDD-0E8E31739A75} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6653E184-A059-48F4-AA0A-B4336F4E8391} : DHCPNameServer = 192.168.10.5
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\5x90649l.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=55&CUI=&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD&SSPV=TBannersC_sp_ff
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\chris\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows2\npMSDM.dll
FF - plugin: c:\windows2\system32\macromed\flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows2\system32\drivers\aswRvrt.sys [2014-3-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows2\system32\drivers\aswVmm.sys [2014-3-1 180632]
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows2\system32\drivers\BMLoad.sys [2012-10-13 13184]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows2\system32\drivers\pssnap.sys [2013-6-28 16504]
R1 aswSnx;aswSnx;c:\windows2\system32\drivers\aswsnx.sys [2014-3-1 777488]
R1 aswSP;aswSP;c:\windows2\system32\drivers\aswsp.sys [2014-3-1 411680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswHwid;avast! HardwareID;c:\windows2\system32\drivers\aswHwid.sys [2014-5-5 24184]
R2 aswMonFlt;aswMonFlt;c:\windows2\system32\drivers\aswmonflt.sys [2014-3-1 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-3-1 50344]
R2 CltMngSvc;Search Protect Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-5-23 2497856]
R2 dkab_device;dkab_device;c:\windows2\system32\dkabcoms.exe -service --> c:\windows2\system32\DKabcoms.exe -service [?]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2014-5-29 601072]
S0 cerc6;cerc6; [x]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-3-14 36392]
S3 t_mobile_zte_cdc_acm;T-Mobile webConnect CDC-ACM driver;c:\windows2\system32\drivers\t_mobile_zte_cdc_acm.sys [2011-12-17 66432]
S3 t_mobile_zte_cdc_ecm;t_mobile_zte_cdc_ecm;c:\windows2\system32\drivers\t_mobile_zte_cdc_ecm.sys [2011-12-17 32768]
S3 t_mobile_zte_cpo;T-Mobile webConnect Install;c:\windows2\system32\drivers\t_mobile_zte_cpo.sys [2011-12-17 9984]
S3 t_mobile_zte_ecm_enum;T-Mobile webConnect DC Enumerator;c:\windows2\system32\drivers\t_mobile_zte_ecm_enum.sys [2011-12-17 44800]
S3 t_mobile_zte_ecm_enum_filter;t_mobile_zte_ecm_enum_filter;c:\windows2\system32\drivers\t_mobile_zte_ecm_enum_filter.sys [2011-12-17 44800]
S3 WIMMount;WIMMount;c:\program files\macrium\reflect\wimmount.sys [2014-6-14 19024]
.
=============== Created Last 30 ================
.
2014-06-15 13:54:38 -------- d-----w- c:\documents and settings\chris\application data\Ashampoo
2014-06-15 13:54:22 -------- d-----w- c:\documents and settings\chris\local settings\application data\ashampoo
2014-06-15 13:53:58 -------- d-----w- c:\documents and settings\all users.windows2\application data\Ashampoo
2014-06-15 13:53:55 -------- d-----w- c:\program files\Ashampoo
2014-06-15 13:39:45 -------- d-----w- c:\program files\MyPC Backup
2014-06-15 13:35:04 -------- d-----w- c:\documents and settings\chris\local settings\application data\SearchProtect
2014-06-15 13:34:48 -------- d-----w- c:\program files\SearchProtect
2014-06-15 03:19:04 -------- d-----w- c:\windows2\Logs
2014-06-15 01:49:44 -------- d-----w- c:\windows2\system32\HtmlData
2014-06-14 15:09:41 536576 ----a-w- c:\windows2\system32\sqlite3.dll
2014-06-13 18:34:19 -------- d-----w- c:\windows2\system32\wbem\repository\FS
2014-06-13 18:34:19 -------- d-----w- c:\windows2\system32\wbem\Repository
2014-06-13 02:18:54 -------- d-----w- c:\documents and settings\chris\application data\FastStone
2014-06-13 01:48:26 -------- d-----w- C:\boot
2014-06-13 01:47:54 -------- d-----w- c:\program files\Macrium
2014-06-13 01:24:47 -------- d-----w- c:\documents and settings\all users.windows2\application data\Macrium
2014-06-12 22:29:00 -------- d-----w- c:\program files\FastStone Image Viewer
.
==================== Find3M  ====================
.
2014-05-30 04:25:42 920064 ----a-w- c:\windows2\system32\wininet.dll
2014-05-30 04:25:42 43520 ------w- c:\windows2\system32\licmgr10.dll
2014-05-30 04:25:42 18944 ----a-w- c:\windows2\system32\corpol.dll
2014-05-30 04:25:42 1469440 ------w- c:\windows2\system32\inetcpl.cpl
2014-05-29 07:45:28 385024 ------w- c:\windows2\system32\html.iec
2014-05-15 22:03:04 777488 ----a-w- c:\windows2\system32\drivers\aswsnx.sys
2014-05-14 20:38:49 70832 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl
2014-05-14 20:38:49 692400 ----a-w- c:\windows2\system32\FlashPlayerApp.exe
2014-05-14 20:38:44 17938608 ----a-w- c:\windows2\system32\FlashPlayerInstaller.exe
2014-05-06 00:49:45 776976 ----a-w- c:\windows2\system32\drivers\aswsnx.sys.1400191384843
2014-05-06 00:49:45 67824 ----a-w- c:\windows2\system32\drivers\aswmonflt.sys
2014-05-06 00:49:45 54832 ----a-w- c:\windows2\system32\drivers\aswrdr.sys.1400191384843
2014-05-06 00:49:45 49944 ----a-w- c:\windows2\system32\drivers\aswRvrt.sys
2014-05-06 00:49:45 24184 ----a-w- c:\windows2\system32\drivers\aswHwid.sys
2014-05-06 00:49:45 180632 ----a-w- c:\windows2\system32\drivers\aswVmm.sys
2014-05-06 00:49:44 43152 ----a-w- c:\windows2\avastSS.scr
2014-04-25 09:54:51 406528 ----a-w- c:\windows2\system32\usp10.dll
2014-04-15 00:13:52 94632 ----a-w- c:\windows2\system32\WindowsAccessBridge.dll
2014-04-14 23:47:42 145408 ----a-w- c:\windows2\system32\javacpl.cpl
.
============= FINISH: 15:40:55.01 ===============

Edited by pcpunk, 16 June 2014 - 03:10 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:46 AM

Posted 16 June 2014 - 05:56 PM

Hello pcpunk,
 
Thanks for the logs! :)
 
I just want to let you know that I will be looking over them tonight, and hopefully I'll get back to you later tonight. If not, then I'll be around tomorrow late afternoon EDT.
 
In the meantime though, let's get another couple of logs from FRST...instructions are below:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. You will need the 32-bit version.

  • Double-click FRST (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

bloopie



#3 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 AM

Posted 16 June 2014 - 09:45 PM

No hurry bloopie, I am up and running now with Linux.

 

The Addition.txt did not appear and I would not know how to fix that lol.  I will post it as soon as you give me directions.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by Chris (administrator) on CHRIS-1EC6C6A3C on 16-06-2014 22:37:40
Running from C:\Documents and Settings\Chris\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\WINDOWS2\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS2\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS2\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS2\system32\services.exe
(Microsoft Corporation) C:\WINDOWS2\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS2\system32\spoolsv.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Microsoft Corporation) C:\WINDOWS2\explorer.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dell, Inc.) C:\Program Files\Dell\Printer Software\dkab1err.exe
(Microsoft Corporation) C:\WINDOWS2\system32\ctfmon.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
( ) C:\WINDOWS2\system32\dkabcoms.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Client Connect LTD) C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\WINDOWS2\system32\wbem\wmiprvse.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\alg.exe
(Microsoft Corporation) C:\WINDOWS2\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS2\system32\userinit.exe,
Winlogon\Notify\crypt32chain: C:\WINDOWS2\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS2\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS2\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS2\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS2\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS2\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS2\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS2\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1078081533-261903793-1417001333-1004\...\Run: [DKab1err] => C:\Program Files\Dell\Printer Software\DKab1err.exe [582976 2010-08-03] (Dell, Inc.)
HKU\S-1-5-21-1078081533-261903793-1417001333-1004\...\Run: [ctfmon.exe] => C:\WINDOWS2\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {57C5C20C-6F5D-4F7B-AEC3-F05A24FA3088} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS2\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS2\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS2\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\5x90649l.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=55&CUI=&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD&SSPV=TBannersC_sp_ff
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=69&CUI=&SSPV=TBannersC_sp_ff&Lay=1&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS2\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS2\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Chris\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\5x90649l.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\5x90649l.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\xfinity.xml
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-01]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\addon [2012-10-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-01]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.yahoo.com/", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=55&CUI=&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD&SSPV=TBannersC_sp_ch"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-29]
CHR Extension: (Google Search) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-05]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257712 2014-05-14] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
S4 Alerter; C:\WINDOWS2\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
R3 ALG; C:\WINDOWS2\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation)
S3 aspnet_state; C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS2\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-05] (AVAST Software)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R3 BITS; C:\WINDOWS2\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
S2 Browser; C:\WINDOWS2\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S3 CiSvc; C:\WINDOWS2\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS2\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; c:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
S3 COMSysApp; C:\WINDOWS2\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS2\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS2\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS2\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation)
R2 dkab_device; C:\WINDOWS2\system32\DKabcoms.exe [593920 2012-10-02] ( ) [File not signed]
S3 dmadmin; C:\WINDOWS2\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINDOWS2\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS2\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS2\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS2\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS2\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS2\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS2\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S3 FontCache3.0.0.0; c:\WINDOWS2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS2\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
S3 HTTPFilter; C:\WINDOWS2\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
S3 idsvc; c:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS2\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS2\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS2\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS2\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS2\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS2\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS2\system32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS2\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation)
S3 napagent; C:\WINDOWS2\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS2\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S4 NetDDE; C:\WINDOWS2\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS2\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R3 Netman; C:\WINDOWS2\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation)
S4 NetTcpPortSharing; c:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINDOWS2\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS2\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
R2 PlugPlay; C:\WINDOWS2\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS2\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PolicyAgent; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS2\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS2\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS2\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [601072 2014-05-29] (Paramount Software UK Ltd)
S4 RemoteAccess; C:\WINDOWS2\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS2\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS2\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINDOWS2\system32\rsvp.exe [132608 2008-04-13] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS2\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS2\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
R2 seclogon; C:\WINDOWS2\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
R2 SENS; C:\WINDOWS2\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS2\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS2\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINDOWS2\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS2\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS2\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS2\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS2\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS2\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation)
R3 TermService; C:\WINDOWS2\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
R2 Themes; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS2\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS2\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation)
S3 UPS; C:\WINDOWS2\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
S3 VSS; C:\WINDOWS2\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS2\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
R2 WebClient; C:\WINDOWS2\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS2\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS2\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS2\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS2\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS2\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
S3 WudfSvc; C:\WINDOWS2\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS2\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS2\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 ACPI; C:\WINDOWS2\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINDOWS2\System32\DRIVERS\ACPIEC.sys [11648 2008-04-13] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINDOWS2\System32\drivers\ADIHdAud.sys [281600 2007-10-01] (Analog Devices, Inc.)
R3 AEAudio; C:\WINDOWS2\System32\drivers\AEAudio.sys [94976 2007-07-13] (Andrea Electronics Corporation)
S3 aec; C:\WINDOWS2\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINDOWS2\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R3 AgereSoftModem; C:\WINDOWS2\System32\DRIVERS\AGRSM.sys [1204128 2008-11-21] (Agere Systems)
R3 Arp1394; C:\WINDOWS2\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS2\system32\drivers\aswHwid.sys [24184 2014-05-05] ()
R2 aswMonFlt; C:\WINDOWS2\system32\drivers\aswMonFlt.sys [67824 2014-05-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS2\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS2\system32\Drivers\aswRvrt.sys [49944 2014-05-05] ()
R1 aswSnx; C:\WINDOWS2\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS2\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS2\system32\drivers\aswTdi.sys [57672 2014-05-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS2\system32\Drivers\aswVmm.sys [180632 2014-05-05] ()
S3 AsyncMac; C:\WINDOWS2\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINDOWS2\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
S3 Atmarpc; C:\WINDOWS2\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINDOWS2\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R3 bcm4sbxp; C:\WINDOWS2\System32\DRIVERS\bcm4sbxp.sys [45312 2005-08-05] (Broadcom Corporation)
R1 Beep; C:\WINDOWS2\system32\Drivers\Beep.sys [4224 2008-04-13] (Microsoft Corporation)
R0 BMLoad; C:\WINDOWS2\System32\drivers\BMLoad.sys [13184 2009-12-14] (Bytemobile, Inc.) [File not signed]
S4 cbidf2k; C:\WINDOWS2\system32\Drivers\cbidf2k.sys [13952 2008-04-13] (Microsoft Corporation)
S1 Cdaudio; C:\WINDOWS2\system32\Drivers\Cdaudio.sys [18688 2008-04-13] (Microsoft Corporation)
R4 Cdfs; C:\WINDOWS2\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINDOWS2\System32\DRIVERS\cdrom.sys [62976 2008-05-02] (Microsoft Corporation)
R3 CmBatt; C:\WINDOWS2\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINDOWS2\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
R0 Disk; C:\WINDOWS2\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINDOWS2\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINDOWS2\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINDOWS2\System32\drivers\dmload.sys [5888 2008-04-13] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINDOWS2\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation)
S3 drmkaud; C:\WINDOWS2\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation)
S4 Fastfat; C:\WINDOWS2\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
S1 Fdc; C:\WINDOWS2\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINDOWS2\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
S1 Flpydisk; C:\WINDOWS2\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINDOWS2\System32\DRIVERS\fltMgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINDOWS2\system32\Drivers\Fs_Rec.sys [7936 2008-04-13] (Microsoft Corporation)
R0 Ftdisk; C:\WINDOWS2\System32\DRIVERS\ftdisk.sys [125056 2008-04-13] (Microsoft Corporation)
R3 Gpc; C:\WINDOWS2\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
R3 HBtnKey; C:\WINDOWS2\System32\DRIVERS\cpqbttn.sys [14904 2010-02-25] (Hewlett-Packard Company)
R3 HDAudBus; C:\WINDOWS2\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 HidUsb; C:\WINDOWS2\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS2\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS2\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS2\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 HTTP; C:\WINDOWS2\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINDOWS2\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
R3 ialm; C:\WINDOWS2\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
R0 iastor; C:\WINDOWS2\System32\drivers\iastor.sys [324120 2008-07-20] (Intel Corporation)
R1 Imapi; C:\WINDOWS2\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINDOWS2\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 Ip6Fw; C:\WINDOWS2\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINDOWS2\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-13] (Microsoft Corporation)
S3 IpInIp; C:\WINDOWS2\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINDOWS2\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINDOWS2\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IRENUM; C:\WINDOWS2\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINDOWS2\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINDOWS2\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R1 kbdhid; C:\WINDOWS2\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation)
R3 kmixer; C:\WINDOWS2\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation)
R0 KSecDD; C:\WINDOWS2\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R1 mnmdd; C:\WINDOWS2\system32\Drivers\mnmdd.sys [4224 2008-04-13] (Microsoft Corporation)
R3 Modem; C:\WINDOWS2\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINDOWS2\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
R3 mouhid; C:\WINDOWS2\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINDOWS2\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
R3 MRxDAV; C:\WINDOWS2\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS2\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINDOWS2\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS2\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINDOWS2\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation)
S3 MSPQM; C:\WINDOWS2\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation)
R3 mssmbios; C:\WINDOWS2\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 Mup; C:\WINDOWS2\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINDOWS2\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS2\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS2\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINDOWS2\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINDOWS2\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINDOWS2\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINDOWS2\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS2\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
R3 NIC1394; C:\WINDOWS2\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINDOWS2\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINDOWS2\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINDOWS2\system32\Drivers\Null.sys [2944 2008-04-13] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINDOWS2\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-13] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINDOWS2\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-13] (Microsoft Corporation)
R0 ohci1394; C:\WINDOWS2\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
R3 Parport; C:\WINDOWS2\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINDOWS2\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
R2 ParVdm; C:\WINDOWS2\system32\Drivers\ParVdm.sys [6784 2008-04-13] (Microsoft Corporation)
R0 PCI; C:\WINDOWS2\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINDOWS2\System32\DRIVERS\pciide.sys [3328 2008-04-13] (Microsoft Corporation)
R0 Pcmcia; C:\WINDOWS2\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINDOWS2\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINDOWS2\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R0 pssnap; C:\WINDOWS2\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R3 Ptilink; C:\WINDOWS2\System32\DRIVERS\ptilink.sys [17792 2008-04-13] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS2\System32\Drivers\PxHelp20.sys [20576 2004-08-02] (Sonic Solutions) [File not signed]
R1 RasAcd; C:\WINDOWS2\System32\DRIVERS\rasacd.sys [8832 2008-04-13] (Microsoft Corporation)
R3 Rasl2tp; C:\WINDOWS2\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS2\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINDOWS2\System32\DRIVERS\raspti.sys [16512 2008-04-13] (Microsoft Corporation)
R1 Rdbss; C:\WINDOWS2\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINDOWS2\System32\DRIVERS\RDPCDD.sys [4224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINDOWS2\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINDOWS2\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS2\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S2 Serial; C:\WINDOWS2\system32\Drivers\Serial.sys [64512 2008-04-13] (Microsoft Corporation)
S1 Sfloppy; C:\WINDOWS2\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 splitter; C:\WINDOWS2\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation)
R0 sr; C:\WINDOWS2\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINDOWS2\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
S3 StillCam; C:\WINDOWS2\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation)
R3 swenum; C:\WINDOWS2\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINDOWS2\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation)
R3 sysaudio; C:\WINDOWS2\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation)
R1 Tcpip; C:\WINDOWS2\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
R1 tcpipBM; C:\WINDOWS2\system32\Drivers\tcpipBM.sys [24192 2009-12-14] (Bytemobile, Inc.) [File not signed]
S3 TDPIPE; C:\WINDOWS2\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation)
S3 TDTCP; C:\WINDOWS2\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation)
R1 TermDD; C:\WINDOWS2\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S3 t_mobile_zte_cdc_acm; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_cdc_acm.sys [66432 2011-01-18] (T-Mobile)
S3 t_mobile_zte_cdc_ecm; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_cdc_ecm.sys [32768 2011-01-18] (T-Mobile)
S3 t_mobile_zte_cpo; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_cpo.sys [9984 2011-01-18] (T-Mobile)
S3 t_mobile_zte_ecm_enum; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_ecm_enum.sys [44800 2011-01-18] (T-Mobile)
S3 t_mobile_zte_ecm_enum_filter; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_ecm_enum_filter.sys [44800 2011-01-18] (T-Mobile)
S4 Udfs; C:\WINDOWS2\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R3 Update; C:\WINDOWS2\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
S3 usbccgp; C:\WINDOWS2\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS2\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINDOWS2\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
S3 usbprint; C:\WINDOWS2\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation)
S3 usbscan; C:\WINDOWS2\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
S3 USBSTOR; C:\WINDOWS2\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
R3 usbuhci; C:\WINDOWS2\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINDOWS2\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINDOWS2\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
R3 Wanarp; C:\WINDOWS2\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
S3 Wdf01000; C:\WINDOWS2\System32\Drivers\wdf01000.sys [444136 2009-07-14] (Microsoft Corporation)
R3 wdmaud; C:\WINDOWS2\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2014-06-14] (Microsoft Corporation)
R1 WmiAcpi; C:\WINDOWS2\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation)
R1 WS2IFSL; C:\WINDOWS2\System32\drivers\ws2ifsl.sys [12032 2008-04-13] (Microsoft Corporation)
S3 WudfPf; C:\WINDOWS2\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINDOWS2\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
U3 TlntSvr; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-16 22:37 - 2014-06-16 22:38 - 00041922 _____ () C:\Documents and Settings\Chris\Desktop\FRST.txt
2014-06-16 22:36 - 2014-06-16 22:36 - 01072640 _____ (Farbar) C:\Documents and Settings\Chris\Desktop\FRST.exe
2014-06-16 15:50 - 2014-06-16 15:50 - 00004505 _____ () C:\Documents and Settings\Chris\Desktop\attach.zip
2014-06-15 09:57 - 2014-06-15 09:57 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\Ashampoo Burning Studio FREE
2014-06-15 09:54 - 2014-06-15 09:54 - 00000956 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Ashampoo Burning Studio FREE.lnk
2014-06-15 09:54 - 2014-06-15 09:54 - 00000261 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Your Software Deals.url
2014-06-15 09:54 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\Chris\Local Settings\Application Data\ashampoo
2014-06-15 09:54 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\Chris\Application Data\Ashampoo
2014-06-15 09:54 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Ashampoo
2014-06-15 09:54 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Ashampoo
2014-06-15 09:53 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Ashampoo
2014-06-15 09:53 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Ashampoo
2014-06-15 09:53 - 2014-06-15 09:53 - 00000000 ____D () C:\Program Files\Ashampoo
2014-06-15 09:40 - 2014-06-15 09:40 - 00001632 _____ () C:\Documents and Settings\Chris\Desktop\Sync Folder.lnk
2014-06-15 09:39 - 2014-06-15 09:40 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-06-15 09:39 - 2014-06-15 09:39 - 00000762 _____ () C:\Documents and Settings\Chris\Desktop\MyPC Backup.lnk
2014-06-15 09:39 - 2014-06-15 09:39 - 00000000 ____D () C:\Documents and Settings\Chris\Start Menu\Programs\MyPC Backup
2014-06-15 09:35 - 2014-06-15 09:35 - 00000000 ____D () C:\Documents and Settings\Chris\Local Settings\Application Data\SearchProtect
2014-06-15 09:34 - 2014-06-15 09:35 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-14 23:44 - 2014-06-14 23:44 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2957509$
2014-06-14 23:43 - 2014-06-14 23:44 - 00014543 _____ () C:\WINDOWS2\KB2957689-IE8.log
2014-06-14 23:43 - 2014-06-14 23:43 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2939576$
2014-06-14 23:42 - 2014-06-14 23:42 - 00005091 _____ () C:\WINDOWS2\KB2957503.log
2014-06-14 23:42 - 2014-06-14 23:42 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2957503$
2014-06-14 23:42 - 2014-06-14 23:42 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2926765$
2014-06-14 23:37 - 2014-06-14 23:44 - 00018252 _____ () C:\WINDOWS2\KB2957509.log
2014-06-14 23:37 - 2014-06-14 23:43 - 00011683 _____ () C:\WINDOWS2\KB2939576.log
2014-06-14 23:36 - 2014-06-14 23:42 - 00010861 _____ () C:\WINDOWS2\KB2926765.log
2014-06-14 23:16 - 2014-06-14 23:17 - 00002287 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Reflect.lnk
2014-06-14 23:16 - 2014-06-14 23:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Macrium
2014-06-14 23:16 - 2014-06-14 23:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Macrium
2014-06-14 21:49 - 2014-06-14 21:49 - 00000000 ____D () C:\WINDOWS2\system32\HtmlData
2014-06-14 21:21 - 2014-06-14 21:21 - 00000550 _____ () C:\Documents and Settings\Chris\My Documents\Data_140614_2120 Linux Mint.pxj
2014-06-14 19:49 - 2014-06-14 19:49 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\XP HACK
2014-06-14 11:11 - 2014-06-14 11:11 - 00001375 _____ () C:\Documents and Settings\Chris\Desktop\AdwCleaner[R3].txt
2014-06-14 11:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS2\system32\sqlite3.dll
2014-06-14 11:01 - 2014-06-14 11:01 - 00017873 _____ () C:\Documents and Settings\Chris\Desktop\Result.txt
2014-06-13 16:10 - 2014-06-13 16:10 - 00000070 _____ () C:\Documents and Settings\Guest\Application Data\mbam.context.scan
2014-06-13 16:06 - 2014-06-13 16:06 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Malwarebytes
2014-06-13 15:55 - 2014-06-13 15:55 - 00000000 ____D () C:\Documents and Settings\Guest\My Documents\Macrium
2014-06-12 22:18 - 2014-06-12 22:18 - 00000000 ____D () C:\Documents and Settings\Chris\Application Data\FastStone
2014-06-12 22:15 - 2014-06-12 22:18 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\Reflect
2014-06-12 21:47 - 2014-06-12 21:47 - 00000000 ____D () C:\Program Files\Macrium
2014-06-12 21:30 - 2014-06-12 21:38 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\Macrium
2014-06-12 21:24 - 2014-06-14 23:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Macrium
2014-06-12 21:24 - 2014-06-14 23:17 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Macrium
2014-06-12 18:29 - 2014-06-13 14:32 - 00000000 ____D () C:\Program Files\FastStone Image Viewer
2014-06-10 15:23 - 2014-06-10 15:23 - 00090112 _____ () C:\WINDOWS2\Minidump\Mini061014-01.dmp
2014-06-07 22:03 - 2014-06-13 14:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Speccy
2014-06-07 22:03 - 2014-06-13 14:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Speccy
2014-06-07 11:45 - 2014-06-07 11:45 - 00000632 _____ () C:\Documents and Settings\Chris\Desktop\Paint Scren Shot Instructions.txt
2014-06-06 14:02 - 2014-06-06 14:02 - 00001111 _____ () C:\Documents and Settings\Chris\Desktop\UPS.txt
2014-06-05 21:11 - 2014-06-05 21:11 - 00000063 _____ () C:\Documents and Settings\Chris\Desktop\Screen shot software.txt
2014-05-21 21:51 - 2014-05-21 21:51 - 00000039 _____ () C:\Documents and Settings\Chris\Desktop\XfinityToolbarFixMicrosoft.txt
 
==================== One Month Modified Files and Folders =======
 
2014-06-16 22:38 - 2014-06-16 22:37 - 00041922 _____ () C:\Documents and Settings\Chris\Desktop\FRST.txt
2014-06-16 22:38 - 2013-10-07 17:07 - 00000000 ____D () C:\Documents and Settings\Chris\Local Settings\temp
2014-06-16 22:38 - 2012-08-14 23:13 - 00000832 _____ () C:\WINDOWS2\Tasks\Adobe Flash Player Updater.job
2014-06-16 22:37 - 2014-02-27 13:17 - 00000000 ____D () C:\FRST
2014-06-16 22:36 - 2014-06-16 22:36 - 01072640 _____ (Farbar) C:\Documents and Settings\Chris\Desktop\FRST.exe
2014-06-16 22:28 - 2013-11-10 17:06 - 00000884 _____ () C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 22:22 - 2013-09-18 18:50 - 00000364 ____H () C:\WINDOWS2\Tasks\avast! Emergency Update.job
2014-06-16 22:19 - 2012-08-14 21:31 - 01603461 _____ () C:\WINDOWS2\WindowsUpdate.log
2014-06-16 22:17 - 2012-08-14 17:25 - 00000159 _____ () C:\WINDOWS2\wiadebug.log
2014-06-16 22:17 - 2012-08-14 17:25 - 00000049 _____ () C:\WINDOWS2\wiaservc.log
2014-06-16 22:17 - 2012-08-14 17:13 - 00000000 ____D () C:\WINDOWS2\Temp
2014-06-16 22:16 - 2014-02-27 13:37 - 00000882 _____ () C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineCore1cf33e29e97c75c.job
2014-06-16 22:16 - 2013-09-15 19:31 - 00000300 _____ () C:\WINDOWS2\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078081533-261903793-1417001333-1004.job
2014-06-16 22:16 - 2012-08-14 21:39 - 00000006 ____H () C:\WINDOWS2\Tasks\SA.DAT
2014-06-16 18:58 - 2012-08-14 21:40 - 00000278 ___SH () C:\Documents and Settings\Chris\ntuser.ini
2014-06-16 18:58 - 2012-08-14 21:39 - 00032548 _____ () C:\WINDOWS2\SchedLgU.Txt
2014-06-16 16:41 - 2013-10-08 14:45 - 00128339 _____ () C:\WINDOWS2\setupapi.log
2014-06-16 15:50 - 2014-06-16 15:50 - 00004505 _____ () C:\Documents and Settings\Chris\Desktop\attach.zip
2014-06-16 15:44 - 2014-02-26 14:24 - 00018111 _____ () C:\Documents and Settings\Chris\Desktop\attach.txt
2014-06-16 15:44 - 2014-02-26 14:24 - 00012613 _____ () C:\Documents and Settings\Chris\Desktop\dds.txt
2014-06-16 15:25 - 2013-07-12 21:06 - 00007168 _____ () C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-16 14:46 - 2008-04-13 19:00 - 00013646 _____ () C:\WINDOWS2\system32\wpa.dbl
2014-06-15 09:57 - 2014-06-15 09:57 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\Ashampoo Burning Studio FREE
2014-06-15 09:54 - 2014-06-15 09:54 - 00000956 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Ashampoo Burning Studio FREE.lnk
2014-06-15 09:54 - 2014-06-15 09:54 - 00000261 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Your Software Deals.url
2014-06-15 09:54 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\Chris\Local Settings\Application Data\ashampoo
2014-06-15 09:54 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\Chris\Application Data\Ashampoo
2014-06-15 09:54 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Ashampoo
2014-06-15 09:54 - 2014-06-15 09:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Ashampoo
2014-06-15 09:54 - 2014-06-15 09:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Ashampoo
2014-06-15 09:54 - 2014-06-15 09:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Ashampoo
2014-06-15 09:53 - 2014-06-15 09:53 - 00000000 ____D () C:\Program Files\Ashampoo
2014-06-15 09:40 - 2014-06-15 09:40 - 00001632 _____ () C:\Documents and Settings\Chris\Desktop\Sync Folder.lnk
2014-06-15 09:40 - 2014-06-15 09:39 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-06-15 09:39 - 2014-06-15 09:39 - 00000762 _____ () C:\Documents and Settings\Chris\Desktop\MyPC Backup.lnk
2014-06-15 09:39 - 2014-06-15 09:39 - 00000000 ____D () C:\Documents and Settings\Chris\Start Menu\Programs\MyPC Backup
2014-06-15 09:35 - 2014-06-15 09:35 - 00000000 ____D () C:\Documents and Settings\Chris\Local Settings\Application Data\SearchProtect
2014-06-15 09:35 - 2014-06-15 09:34 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-15 01:09 - 2013-11-10 19:26 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp
2014-06-14 23:55 - 2012-08-14 17:13 - 00000000 ____D () C:\WINDOWS2
2014-06-14 23:45 - 2013-07-07 18:57 - 00000000 ____D () C:\WINDOWS2\Microsoft.NET
2014-06-14 23:44 - 2014-06-14 23:44 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2957509$
2014-06-14 23:44 - 2014-06-14 23:43 - 00014543 _____ () C:\WINDOWS2\KB2957689-IE8.log
2014-06-14 23:44 - 2014-06-14 23:37 - 00018252 _____ () C:\WINDOWS2\KB2957509.log
2014-06-14 23:44 - 2013-10-09 14:12 - 00029232 _____ () C:\WINDOWS2\updspapi.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00235625 _____ () C:\WINDOWS2\FaxSetup.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00115141 _____ () C:\WINDOWS2\ocgen.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00091210 _____ () C:\WINDOWS2\tsoc.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00078592 _____ () C:\WINDOWS2\comsetup.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00047774 _____ () C:\WINDOWS2\ntdtcsetup.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00037726 _____ () C:\WINDOWS2\iis6.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00013123 _____ () C:\WINDOWS2\ocmsn.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00011912 _____ () C:\WINDOWS2\msgsocm.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00001374 _____ () C:\WINDOWS2\imsins.log
2014-06-14 23:44 - 2013-10-09 14:11 - 00001374 _____ () C:\WINDOWS2\imsins.BAK
2014-06-14 23:44 - 2012-08-14 22:23 - 00000000 ____D () C:\WINDOWS2\ie8updates
2014-06-14 23:43 - 2014-06-14 23:43 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2939576$
2014-06-14 23:43 - 2014-06-14 23:37 - 00011683 _____ () C:\WINDOWS2\KB2939576.log
2014-06-14 23:42 - 2014-06-14 23:42 - 00005091 _____ () C:\WINDOWS2\KB2957503.log
2014-06-14 23:42 - 2014-06-14 23:42 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2957503$
2014-06-14 23:42 - 2014-06-14 23:42 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2926765$
2014-06-14 23:42 - 2014-06-14 23:36 - 00010861 _____ () C:\WINDOWS2\KB2926765.log
2014-06-14 23:41 - 2012-08-14 17:23 - 00205216 _____ () C:\WINDOWS2\system32\PerfStringBackup.INI
2014-06-14 23:17 - 2014-06-14 23:16 - 00002287 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Reflect.lnk
2014-06-14 23:17 - 2014-06-12 21:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Macrium
2014-06-14 23:17 - 2014-06-12 21:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Macrium
2014-06-14 23:16 - 2014-06-14 23:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Macrium
2014-06-14 23:16 - 2014-06-14 23:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Macrium
2014-06-14 21:49 - 2014-06-14 21:49 - 00000000 ____D () C:\WINDOWS2\system32\HtmlData
2014-06-14 21:21 - 2014-06-14 21:21 - 00000550 _____ () C:\Documents and Settings\Chris\My Documents\Data_140614_2120 Linux Mint.pxj
2014-06-14 19:49 - 2014-06-14 19:49 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\XP HACK
2014-06-14 11:11 - 2014-06-14 11:11 - 00001375 _____ () C:\Documents and Settings\Chris\Desktop\AdwCleaner[R3].txt
2014-06-14 11:09 - 2013-11-12 16:18 - 00000000 ____D () C:\AdwCleaner
2014-06-14 11:01 - 2014-06-14 11:01 - 00017873 _____ () C:\Documents and Settings\Chris\Desktop\Result.txt
2014-06-14 10:54 - 2013-07-07 19:25 - 00002355 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Microsoft Download Manager.lnk
2014-06-14 10:50 - 2013-11-24 17:09 - 00001801 _____ () C:\Documents and Settings\Chris\Desktop\Google Chrome.lnk
2014-06-14 10:50 - 2013-11-09 19:43 - 00000712 _____ () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-14 10:50 - 2013-11-09 19:43 - 00000712 _____ () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-14 10:50 - 2013-11-09 19:43 - 00000712 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Mozilla Firefox.lnk
2014-06-13 19:43 - 2013-08-09 21:57 - 00000178 ___SH () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\ntuser.ini
2014-06-13 19:41 - 2014-02-12 19:22 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\AVAST Software
2014-06-13 16:10 - 2014-06-13 16:10 - 00000070 _____ () C:\Documents and Settings\Guest\Application Data\mbam.context.scan
2014-06-13 16:06 - 2014-06-13 16:06 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Malwarebytes
2014-06-13 15:55 - 2014-06-13 15:55 - 00000000 ____D () C:\Documents and Settings\Guest\My Documents\Macrium
2014-06-13 14:47 - 2013-08-15 20:24 - 00000000 ____D () C:\WINDOWS2\system32\MRT
2014-06-13 14:45 - 2012-08-14 22:19 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS2\system32\MRT.exe
2014-06-13 14:37 - 2014-03-01 14:09 - 00001733 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\avast! Free Antivirus.lnk
2014-06-13 14:34 - 2013-11-10 19:26 - 00000000 ___SD () C:\Documents and Settings\Guest
2014-06-13 14:34 - 2013-08-09 21:57 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C
2014-06-13 14:34 - 2012-08-14 21:40 - 00000000 ____D () C:\Documents and Settings\Chris
2014-06-13 14:34 - 2012-08-14 21:39 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-06-13 14:34 - 2012-08-14 21:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-06-13 14:34 - 2012-08-14 21:30 - 00000000 ____D () C:\WINDOWS2\Registration
2014-06-13 14:33 - 2014-06-07 22:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Speccy
2014-06-13 14:33 - 2014-06-07 22:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Speccy
2014-06-13 14:32 - 2014-06-12 18:29 - 00000000 ____D () C:\Program Files\FastStone Image Viewer
2014-06-12 22:18 - 2014-06-12 22:18 - 00000000 ____D () C:\Documents and Settings\Chris\Application Data\FastStone
2014-06-12 22:18 - 2014-06-12 22:15 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\Reflect
2014-06-12 21:47 - 2014-06-12 21:47 - 00000000 ____D () C:\Program Files\Macrium
2014-06-12 21:38 - 2014-06-12 21:30 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\Macrium
2014-06-12 20:26 - 2013-09-15 19:31 - 00000308 _____ () C:\WINDOWS2\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078081533-261903793-1417001333-1004.job
2014-06-10 15:23 - 2014-06-10 15:23 - 00090112 _____ () C:\WINDOWS2\Minidump\Mini061014-01.dmp
2014-06-10 15:23 - 2012-10-18 18:57 - 00000000 ____D () C:\WINDOWS2\Minidump
2014-06-10 14:40 - 2012-08-14 17:13 - 00000000 ____D () C:\WINDOWS2\Help
2014-06-07 11:45 - 2014-06-07 11:45 - 00000632 _____ () C:\Documents and Settings\Chris\Desktop\Paint Scren Shot Instructions.txt
2014-06-06 14:02 - 2014-06-06 14:02 - 00001111 _____ () C:\Documents and Settings\Chris\Desktop\UPS.txt
2014-06-05 21:11 - 2014-06-05 21:11 - 00000063 _____ () C:\Documents and Settings\Chris\Desktop\Screen shot software.txt
2014-05-30 00:25 - 2012-08-14 22:24 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\jsdbgui.dll
2014-05-30 00:25 - 2012-08-14 22:23 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\iertutil.dll
2014-05-30 00:25 - 2012-08-14 22:23 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\iedvtool.dll
2014-05-30 00:25 - 2012-08-14 22:23 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\msfeeds.dll
2014-05-30 00:25 - 2012-08-14 22:23 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\ieproxy.dll
2014-05-30 00:25 - 2012-08-14 22:23 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\msfeedsbs.dll
2014-05-30 00:25 - 2012-08-14 22:23 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\xpshims.dll
2014-05-30 00:25 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS2\system32\iertutil.dll
2014-05-30 00:25 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS2\system32\msfeeds.dll
2014-05-30 00:25 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS2\system32\msfeedsbs.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 06023680 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\mshtml.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 06023680 _____ (Microsoft Corporation) C:\WINDOWS2\system32\mshtml.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS2\system32\inetcpl.cpl
2014-05-30 00:25 - 2008-04-13 19:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\inetcpl.cpl
2014-05-30 00:25 - 2008-04-13 19:00 - 01217024 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\urlmon.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS2\system32\urlmon.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\wininet.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS2\system32\wininet.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS2\system32\mstime.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\mstime.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS2\system32\iedkcs32.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\iedkcs32.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS2\system32\occache.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\occache.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\iepeers.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS2\system32\iepeers.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\url.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS2\system32\url.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00067584 ____N (Microsoft Corporation) C:\WINDOWS2\system32\mshtmled.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00067584 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\mshtmled.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS2\system32\licmgr10.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\licmgr10.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS2\system32\jsproxy.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\jsproxy.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\corpol.dll
2014-05-30 00:25 - 2008-04-13 19:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS2\system32\corpol.dll
2014-05-30 00:25 - 2004-08-04 04:00 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\vgx.dll
2014-05-29 21:25 - 2012-08-14 22:23 - 11084288 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\ieframe.dll
2014-05-29 21:25 - 2009-03-08 04:39 - 11084288 _____ (Microsoft Corporation) C:\WINDOWS2\system32\ieframe.dll
2014-05-29 03:45 - 2008-04-13 19:00 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS2\system32\html.iec
2014-05-29 03:45 - 2008-04-13 19:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS2\system32\ie4uinit.exe
2014-05-29 03:45 - 2008-04-13 19:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\ie4uinit.exe
2014-05-22 18:23 - 2013-11-23 21:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-21 21:51 - 2014-05-21 21:51 - 00000039 _____ () C:\Documents and Settings\Chris\Desktop\XfinityToolbarFixMicrosoft.txt
2014-05-18 22:25 - 2009-05-31 10:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
 
Some content of TEMP:
====================
C:\Documents and Settings\Chris\Local Settings\temp\BackupSetup.exe
C:\Documents and Settings\Chris\Local Settings\temp\difxapi.dll
C:\Documents and Settings\Chris\Local Settings\temp\en_ww_Package.exe
C:\Documents and Settings\Chris\Local Settings\temp\hpzmsi01.exe
C:\Documents and Settings\Chris\Local Settings\temp\hpzpnp01.exe
C:\Documents and Settings\Chris\Local Settings\temp\hpzscr01.EXE
C:\Documents and Settings\Chris\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Chris\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Chris\Local Settings\temp\nsbCA.exe
C:\Documents and Settings\Chris\Local Settings\temp\nsjD3.exe
C:\Documents and Settings\Chris\Local Settings\temp\nsoD7.exe
C:\Documents and Settings\Chris\Local Settings\temp\nswC4.exe
C:\Documents and Settings\Chris\Local Settings\temp\nswDA.exe
C:\Documents and Settings\Chris\Local Settings\temp\nsyC7.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS2\explorer.exe => File is digitally signed
C:\WINDOWS2\system32\winlogon.exe => File is digitally signed
C:\WINDOWS2\system32\svchost.exe => File is digitally signed
C:\WINDOWS2\system32\services.exe => File is digitally signed
C:\WINDOWS2\system32\User32.dll => File is digitally signed
C:\WINDOWS2\system32\userinit.exe => File is digitally signed
C:\WINDOWS2\system32\rpcss.dll => File is digitally signed
C:\WINDOWS2\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:46 AM

Posted 16 June 2014 - 10:46 PM

Hello again,

 

Good work, and thanks again for the FRST log! As I'm checking this over now, I'd still like to see the Addition.txt. Here's how:

 

On the first run of FRST, it should have produced an Addition.txt on the desktop...but if not, then you need only to restart FRST (by double-clicking FRST.exe again).

 

  • Then, looking underneath the main action buttons (Scan, Search Files, etc.), you should see many checkboxes (some with checkmarks, and some without)
  • At the far bottom-right checkbox, you should see "Addition.txt"
  • Make sure there is a checkmark next to the Addition.txt box, and then click the Scan button again
  • The tool will run another scan, but when finished you should also see an Addition.txt as well as the FRST.txt it creates this time
  • Copy and Paste that log in your next reply.

I'll be preparing your next steps soon. :)

 

bloopie



#5 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 AM

Posted 16 June 2014 - 11:13 PM

I will run farbar again because the files seem to be the same.

 

Okay it seemed to work this time:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-06-2014
Ran by Chris at 2014-06-17 10:47:32
Running from C:\Documents and Settings\Chris\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}) (Version: 8.06.04 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4700 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Printer Software Uninstall (HKLM\...\Dell_HostCD) (Version:  - Dell, Inc.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6551 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Search Protect (HKLM\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sonic MyDVD (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 5.3.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.3 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5210 - Analog Devices)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
T-Mobile Connection Manager (HKLM\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
25-03-2014 01:35:16 Software Distribution Service 3.0
25-03-2014 17:44:31 Software Distribution Service 3.0
30-03-2014 22:19:34 System Checkpoint
01-04-2014 22:27:47 System Checkpoint
03-04-2014 03:20:00 System Checkpoint
07-04-2014 19:49:35 System Checkpoint
07-04-2014 19:57:12 Installed Windows 7 Upgrade Advisor
08-04-2014 19:23:59 avast! antivirus system restore point
08-04-2014 19:40:07 Software Distribution Service 3.0
10-04-2014 18:06:23 System Checkpoint
12-04-2014 14:17:13 System Checkpoint
13-04-2014 19:39:08 System Checkpoint
18-04-2014 21:23:05 System Checkpoint
22-04-2014 20:29:43 System Checkpoint
22-04-2014 23:34:56 Installed Java 7 Update 55
29-04-2014 00:47:39 System Checkpoint
01-05-2014 03:02:27 System Checkpoint
03-05-2014 00:16:28 Software Distribution Service 3.0
06-05-2014 00:49:15 avast! antivirus system restore point
08-05-2014 23:59:14 System Checkpoint
14-05-2014 19:11:32 Software Distribution Service 3.0
03-06-2014 16:44:37 System Checkpoint
11-06-2014 21:13:15 Software Distribution Service 3.0
13-06-2014 01:47:52 Installed Macrium Reflect Free Edition
13-06-2014 18:31:52 Restore Operation
13-06-2014 18:36:04 avast! antivirus system restore point
13-06-2014 18:45:21 Software Distribution Service 3.0
15-06-2014 00:23:23 System Checkpoint
15-06-2014 03:15:54 Installed Macrium Reflect Free Edition
15-06-2014 03:37:55 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2008-04-13 19:00 - 2013-10-22 16:08 - 00000098 ____A C:\WINDOWS2\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS2\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS2\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS2\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineCore1cf33e29e97c75c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS2\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS2\system32\xp_eos.exe
Task: C:\WINDOWS2\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1078081533-261903793-1417001333-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS2\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078081533-261903793-1417001333-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS2\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078081533-261903793-1417001333-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-16 18:51 - 2014-06-16 18:51 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061601\algo.dll
2013-06-14 14:25 - 2013-06-14 14:25 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll
2014-03-01 14:08 - 2014-03-01 14:08 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-14 10:06 - 2014-03-14 10:06 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2014-03-14 10:00 - 2014-03-14 10:00 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-04-13 19:00 - 2008-04-13 19:00 - 00059904 _____ () C:\WINDOWS2\system32\devenum.dll
2008-04-13 19:00 - 2008-04-13 19:00 - 00014336 _____ () C:\WINDOWS2\system32\msdmo.dll
2014-06-14 11:30 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-14 11:30 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-14 11:30 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-04-09 00:04 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-09 00:04 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-06-14 11:30 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS2\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^MCtlSvc.lnk => C:\WINDOWS2\pss\MCtlSvc.lnkCommon Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS2\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => 
MSCONFIG\startupreg: IgfxTray => 
MSCONFIG\startupreg: Persistence => 
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => 
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdateManager => "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C4700,10.0.0.5
Description: Photosmart C4700 series
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/14/2014 11:41:08 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.
 
Error: (06/14/2014 11:41:08 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (06/14/2014 11:41:08 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.
 
Error: (06/14/2014 11:41:08 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (06/14/2014 11:41:06 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The
Error code is the first DWORD in Data section.
 
Error: (06/14/2014 11:41:06 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (04/05/2014 03:23:40 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (04/05/2014 03:23:40 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
Error: (04/03/2014 06:27:37 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
 
Error: (04/03/2014 06:27:37 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
 
 
System errors:
=============
Error: (06/17/2014 10:15:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (06/17/2014 10:15:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
 
Error: (06/17/2014 09:30:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (06/17/2014 09:30:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
 
Error: (06/16/2014 10:17:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (06/16/2014 10:17:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
 
Error: (06/16/2014 02:47:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (06/16/2014 02:47:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
 
Error: (06/15/2014 00:57:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (06/15/2014 00:57:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (06/14/2014 11:41:08 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ASP.NETASP.NET
 
Error: (06/14/2014 11:41:08 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance
 
Error: (06/14/2014 11:41:08 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: aspnet_stateASP.NET State Service
 
Error: (06/14/2014 11:41:08 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance
 
Error: (06/14/2014 11:41:06 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ASP.NET_2.0.50727ASP.NET_2.0.50727
 
Error: (06/14/2014 11:41:06 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance
 
Error: (04/05/2014 03:23:40 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl
 
Error: (04/05/2014 03:23:40 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance
 
Error: (04/03/2014 06:27:37 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl
 
Error: (04/03/2014 06:27:37 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 72%
Total physical RAM: 1015.36 MB
Available physical RAM: 276.74 MB
Total Pagefile: 2442.47 MB
Available Pagefile: 1380.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:41.93 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:13.72 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: E93260AE)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)
 
==================== End Of Log ============================

Edited by pcpunk, 17 June 2014 - 09:53 AM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:46 AM

Posted 16 June 2014 - 11:31 PM

Hello again,

 

Yes, but you still only posted the FRST.txt. I'm looking for the Addition.txt (which was minimized after the scan, and saved to the desktop).

 

Check your desktop for the text file called Addition or Addition.txt, then copy and paste that for me in your next reply please. :)

 

bloopie



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:46 AM

Posted 17 June 2014 - 12:03 AM

Hello again,
 
Okay, well then post the Addition.txt to the next post! :)

 

After reviewing the above logs we have a little work to do on this machine, but first I'd like to answer some of your questions:
 

Can I do this in Safe Mode with Networking and or is this unessesary?

Normal mode is just fine as you have been doing. :)
 
==========
 

Once I Restored the System with System Restore does this eliminate the possible malware or will you still be able to detect it?

Well, this really depends on whether your System Restore Points were infected as well. Many times this is the case, so you may have returned the PC to an earlier date, but still with some infection remnants present. We can detect most of them, but we'll still need to flush out your old restore points after cleaning, just to be safe. :wink:
 
==========
 

Also I just got an Update notice from avast for: Adobe AIR, FlashPlayer Active X, Flash Player Plugin, Java Runtime Enviroment 7, and Quicktime.  I did not download, please tell me if I need to.

Not to worry about these, we will be updating everything necessary, after we make sure the machine is clean as a whistle! :wink: :)
 
==========
 

I read about the Firewall, but I am unfamiliar with if I even have one now that xp is not supported.

The Windows XP built-in firewall is sufficient enough, it just won't be updated/supported anymore (just like your OS, Windows XP as well). They are both outdated, but not un-useable.
 
You may also use a third party firewall if you know how to configure it as well (such as Comodo's firewall), but in either case the OS software needs to be updated.
 
====================

Step :step1:

Let's run a fix with FRST:

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   1.24KB   7 downloads
  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

==========

After running the above, and posting all requested logs, please let me know how the system is running now!

bloopie



#8 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 AM

Posted 17 June 2014 - 10:21 AM

Okay, for some reason the Fixlist.txt did not work.  It is in the right place all on the desktop.

 

I don't know how to get the image right but you can click on it to make readable, bigger.


Edited by pcpunk, 17 June 2014 - 11:06 AM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:46 AM

Posted 17 June 2014 - 05:20 PM

Hello again pcpunk,

 

From your attachment, it looks like the file on your desktop is saved as "fixlist(1).txt". This will not work as it's not named correctly. You may have downloaded the file twice, and didn't overwrite, hence the (1) in the file name. Remove any other fixlists on your desktop, and make sure you have only 1 file named fixlist.txt

 

Then try again to open FRST, and press the Fix button just once and wait. Let me know if you encounter the problem again. :)

 

bloopie



#10 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 AM

Posted 17 June 2014 - 05:29 PM

I have already done this three times but nothing, maybe the fixlist?  Remember it messed up that Addition file name also, perhaps my pc.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:46 AM

Posted 17 June 2014 - 06:03 PM

Hello again,

There doesn't seem to be anything wrong with the fixlist that is attached (I tested it myself), and I doubt your machine is borking the fix either. But please remove the below programs first before we try the fix again (below that):

Looking over your extras.txt and Addition.txt, you should remove two adware programs from your Add/Remove Programs list:

  • MyPC Backup
  • Search Protect

Unless you use either program above, please remove them Via Add/Remove Programs.

==========

Next to try the fix again, please right-click and delete FRST as well as all of the text files associated with it (i.e. FRST.txt, fixlist.txt, fixlist(1).txt, Addition.txt...etc) from your desktop.

 

Then download a fresh copy of FRST from here (saved to the desktop), and also download the fixlist again from Post #7 above (again, saved to the desktop). Then try the fix again, and let me know what happens (post another fresh screenshot if you still get an error).

====================

Also, you have quite a few items disabled in MSConfig...is there a good reason for these?:

MSCONFIG\startupfolder: C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS2\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^MCtlSvc.lnk => C:\WINDOWS2\pss\MCtlSvc.lnkCommon Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS2\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdateManager => "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


MSConfig is best used as a troubleshooter. I would recommend setting your system to use a "Normal Boot" in MSConfig. We can remove the registry startup entries so that these programs do not run on startup, but will still function normally if you choose to run them.

For this, please make sure you run the fixlist successfully and post the Fixlog.txt to me for confirmation. Then we'll get a fresh scan with FRST when your machine is set to "Normal Boot" in MSConfig, so we can target the reg entries. This part of course is up to you, but I just want to let you know that you need not run a "Custom Boot" in MSConfig all the time. :wink:

==========

Let me know how you get on with the fixlist, and the removal of the Adware programs I listed above, and we'll go from there. :)

bloopie


Edited by bloopie, 17 June 2014 - 06:04 PM.


#12 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 AM

Posted 17 June 2014 - 06:30 PM

I can't find "Search Protect" but I would also like to Remove Ashampoo as this program loaded some of these things, is that okay?

Stuff was disabled to make startup faster but whatever advice you suggest is were we will go.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-06-2014
Ran by Chris at 2014-06-17 19:44:09 Run:3
Running from C:\Documents and Settings\Chris\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=55&CUI=&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD&SSPV=TBannersC_sp_ff
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=69&CUI=&SSPV=TBannersC_sp_ff&Lay=1&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD
FF SearchPlugin: C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\5x90649l.default\searchplugins\trovi-search.xml
CHR StartupUrls: "https://www.yahoo.com/", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=55&CUI=&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD&SSPV=TBannersC_sp_ch"
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
C:\Program Files\MyPC Backup\BackupStack.exe
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
S0 cerc6; No ImagePath
 
*****************
 
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox newtab deleted successfully.
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\5x90649l.default\searchplugins\trovi-search.xml => Moved successfully.
CHR StartupUrls: "https://www.yahoo.com/", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396F0CD&SearchSource=55&CUI=&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD&SSPV=TBannersC_sp_ch" ==> The Chrome "Settings" can be used to fix the entry.
'HKCU\SOFTWARE\Policies\Google' => Key deleted successfully.
BackupStack => Service not found.
"C:\Program Files\MyPC Backup\BackupStack.exe" => File/Directory not found.
CltMngSvc => Service not found.
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe => Moved successfully.
cerc6 => Service deleted successfully.
 
==== End of Fixlog ====

Edited by pcpunk, 17 June 2014 - 06:48 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:46 AM

Posted 17 June 2014 - 10:29 PM

Hello again,

So I see the fixlist worked this time...good! :) Do you notice any changes to the behavior of the machine as of now?

==========
 

I would also like to Remove Ashampoo as this program loaded some of these things, is that okay?

Yes, that is perfectly okay. :wink:
 

I can't find "Search Protect"

Did you run the fixlist before removing the programs I asked? If so, that would certainly be one reason you don't see Search Protect in Add/Remove Programs.

==========

Step :step1:
No matter, in any case, please run AdwCleaner as I instructed in Step 2 of Post #7 above and post the resultant log for me (AdwCleaner will most likely target the program in it's routines).

==========

Step :step2:
After posting the AdwCleaner Report, I'd like you to please set the machine to "Boot Normally" from MSConfig, then give me a fresh FRST.txt and Addition.txt (remove any older logs prior to running FRST again) so that I can target the reg entries and see the state of the machine after we've removed programs, done a fix, and ran AdwCleaner!

(when running FRST again, please make sure the box next to Addition.txt is checked. When FRST completes, it should give you both the FRST.txt again, and also the Addition.txt again.

==========

In your next reply, please include the following:
  • The AdwCleaner log
  • The fresh FRST.txt and Addition.txt from the "Normal Boot" set from MSConfig
  • Let me know if you removed Ashampoo
  • Let me know how the machine is running now!
bloopie

#14 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 AM

Posted 18 June 2014 - 08:08 AM

Hello again,

So I see the fixlist worked this time...good! :) Do you notice any changes to the behavior of the machine as of now?

Not I did not see any difference, it has worked well enough since I Restored it except for some Downloads that I tried.  avast was detecting threats and would not download some things that have been confirmed to be safe. 

==========
 

I would also like to Remove Ashampoo as this program loaded some of these things, is that okay?

Yes, that is perfectly okay. :wink:
 Or is it possible to remove that junk and keep Ashampoo, it's not important but it is a decent program c.netdownloads gave it a high score except for the add-ware that annoyingly comes with it.  Again it is not important as I might guess that it will try to reload that stuff if removed.

I can't find "Search Protect"

Did you run the fixlist before removing the programs I asked? If so, that would certainly be one reason you don't see Search Protect in Add/Remove Programs.

No I did it in the order that you presented it, removed them first then ran FRST.

==========

Step :step1:
No matter, in any case, please run AdwCleaner as I instructed in Step 2 of Post #7 above and post the resultant log for me (AdwCleaner will most likely target the program in it's routines).

==========

Step :step2:
After posting the AdwCleaner Report, I'd like you to please set the machine to "Boot Normally" from MSConfig, then give me a fresh FRST.txt and Addition.txt (remove any older logs prior to running FRST again) so that I can target the reg entries and see the state of the machine after we've removed programs, done a fix, and ran AdwCleaner!

(when running FRST again, please make sure the box next to Addition.txt is checked. When FRST completes, it should give you both the FRST.txt again, and also the Addition.txt again.

==========

In your next reply, please include the following:

  • The AdwCleaner log
  • The fresh FRST.txt and Addition.txt from the "Normal Boot" set from MSConfig
  • Let me know if you removed Ashampoo
  • Let me know how the machine is running now!
bloopie

 


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#15 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:46 AM

Posted 18 June 2014 - 08:52 AM

1.  I did not see anything that I wanted to keep, except for the Ashampoo issue.  Should I keep it or will it try to reload these little nasty's:

Folder Found : C:\Documents and Settings\Chris\Local Settings\Application Data\SearchProtect
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\SearchProtect
 
2.  I don't need these and there is an annoying little popup for MyPC Backup that comes up all the time.
Also, I lost the AdwareCleaner results when I shut down to update the msconfig and could not find it, where is it located.  I looked through the C:Drive in "Programs" and elsewhere but nothing.  I can see that it is here somewhere lol.
 
3  .I did not remove Ashampoo yet until you can advise me as to weather it will cause me issues after removing the add-ons.
 
4.  Computer is running fine or even great, slow on start-up which I can live with.  Let me explain, it starts up quickly but green light stays solid until 52seconds after Logging in, then starts blinking and goes off, probably normal.  I don't see AddBlock anymore and was interested in your opinion on this.  It was slowing down my Google Chrome load time so I disabled it.  It was highly suggested by a techie friend of mine and I read about it also.
 
5.  I also have this add-on from Ashampoo:  trovi.com which is set by them as one of my tabs to load upon start-up.  I think I tried to delete it through Google Chrome settings but it came back.  I'm sorry but I have issues with my memory.  I am guessing this will go away when we remove those add-ons above but am afraid if I don't remove Ashampoo they will come back.
 
 
 
# AdwCleaner v3.212 - Report created 18/06/2014 at 09:40:32
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Chris - CHRIS-1EC6C6A3C
# Running from : C:\Documents and Settings\Chris\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Documents and Settings\Chris\Local Settings\Application Data\SearchProtect
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\SearchProtect
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - 
 
C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Documents and Settings\Chris\Application 
 
Data\Mozilla\Firefox\Profiles\5x90649l.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\Guest\Application 
 
Data\Mozilla\Firefox\Profiles\vm4kgtp8.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\preferences ]
 
Found [Startup_urls] : 
 
hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M18BD1E0E-AA2D-4AC0-811B-E41C4396
 
F0CD&SearchSource=55&CUI=&UM=5&UP=SP094747C0-5367-405C-A17B-BF3F9A7C24FD&SSPV=TBannersC_sp_ch
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
[ File : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\preferences ]
 
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
 
*************************
 
AdwCleaner[R3].txt - [1375 octets] - [14/06/2014 11:08:50]
AdwCleaner[R4].txt - [2084 octets] - [18/06/2014 09:11:06]
AdwCleaner[R5].txt - [2004 octets] - [18/06/2014 09:40:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [2064 octets] ##########
 

Edited by pcpunk, 18 June 2014 - 01:46 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users