Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp netbook hangs at startup after avast detected trojan files


  • This topic is locked This topic is locked
18 replies to this topic

#1 dman_starr

dman_starr

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 24 June 2014 - 10:01 PM

I was trying to secure my netbook so I added avast in replacement of microsofts security software and did some updates on programs. I attempted to add and older version of a mediaplayer from a download site and google chrome refused to download and said it contained malware. Everything seemed to be working ok but when I ran the first Avast scan it found several threats and recommended a boottime scan. The boottime scan hung at 42% for hours and never completed. I have tried to run other scans and had problems with freezing in both safe mode and regular and at this point I'm not even sure I can boot to regular mode for sure. I tried last known good config and two system restores from safe mode and neither would take. I'm currently on a different pc. Can you help me?

 

Also, I foolishly removed Avast software because I read some XP pcs have had issues with freezing and wanted to see if that was the problem. I then realized I should have looked for a copy of the scan that found the trojans before I did that. 


Edited by dman_starr, 24 June 2014 - 10:06 PM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 AM

Posted 29 June 2014 - 10:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/538918 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 30 June 2014 - 06:15 PM

I do not have a windows disk. I am running service pack 3 and not sure what bit it is. I am only able to boot to safe mode with networking at this time. Just ran Malware Bytes scan with rootkits checked and it found nothing. I did remove some unused programs using revo installer before things got bad (and before posting to this forum) in advanced mode but I only removed bolded items it found. I suppose there's a possibility that I removed something important from the registry if it misidentified it. Also, I downloaded some new software so I supposed something could have gotten through the backdoor of an install.
 
Here are the logs:
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6000.21376  BrowserJavaVersion: 10.60.2
Run by D-Man at 18:01:43 on 2014-06-30
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.771 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\d-man\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B856C9B7-2B14-4EBD-9250-30AE63D5E3AE} : DHCPNameServer = 192.168.1.1
Filter: x-sdch - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-6-23 53208]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-23 110296]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-23 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-23 860472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-12 1684736]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-3-27 145408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-6-23 23256]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [2009-5-25 9728]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2009-5-25 9984]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-3-12 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S4 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-12 237568]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1" 
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" 
.
=============== Created Last 30 ================
.
2014-06-24 19:56:40 -------- d-----w- c:\program files\SumatraPDF
2014-06-24 03:01:52 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-23 23:25:58 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-23 23:25:58 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-23 23:25:58 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-23 23:25:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-06-23 21:38:38 -------- d-----w- c:\documents and settings\d-man\application data\MPC-HC
2014-06-23 21:35:28 218200 ----a-w- c:\windows\system32\unrar.dll
2014-06-23 21:35:12 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-06-23 20:06:18 -------- d-----w- c:\documents and settings\d-man\application data\SumatraPDF
2014-06-23 18:20:12 -------- d-----w- c:\program files\VS Revo Group
2014-06-23 17:57:05 -------- d-----w- c:\documents and settings\d-man\local settings\application data\Secunia PSI
2014-06-23 17:56:08 -------- d-----w- c:\program files\Secunia
2014-06-23 17:34:46 -------- d-----w- c:\documents and settings\d-man\local settings\application data\Temp
2014-06-23 17:18:00 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2014-06-23 00:59:57 -------- d-----w- c:\documents and settings\d-man\local settings\application data\Sun
2014-06-22 05:48:31 6010880 ----a-w- c:\program files\GUT4136.tmp
2014-06-22 05:48:31 -------- d-----w- c:\program files\GUM4135.tmp
.
==================== Find3M  ====================
.
2014-06-24 03:03:10 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-24 03:03:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-23 17:20:20 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1403544224750
2014-06-23 17:20:20 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1403544224750
2014-05-31 21:11:30 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-31 21:11:23 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 18:02:28.34 ===============


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 01 July 2014 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 01 July 2014 - 01:32 PM

Addition.txt is attached at instructed. Thanks for your help!
 
RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : D-Man [Admin rights]
Mode : Remove -- Date : 07/01/2014  12:42:28
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[PUM.StartMenu] 
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ex
 
plorer\Advanced | Start_ShowRecentDocs : 0  -> NOT SELECTED
[PUM.DesktopIcons] 
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ex
 
plorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-
 
08002B30309D} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543216L9A300 +++++
--- User ---
[MBR] d674bf3d4478356534c7928037fa5082
[BSP] 64351435cf86308a5d72535434189a8b : HP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 7169 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 14684160 | Size: 145456 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_07012014_124044.log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-06-2014
Ran by D-Man (administrator) on ACER-NETTOP on 01-07-2014 13:18:50
Running from C:\Documents and Settings\D-Man\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS 
 
Language: English (United States)
Internet Explorer Version 7
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link for 32-Bit version: 
 
Download link for 64-Bit Version: 
 
Download link from any site other than Bleeping Computer is unpermitted or 
 
outdated.
 
tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe 
 
[421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common 
 
Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] 
 
(Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe 
 
[152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common 
 
Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2214429306-3042452539-1974565712-1005\...\Run: [swg] => 
 
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
 
[68856 2009-05-25] (Google Inc.)
HKU\S-1-5-21-2214429306-3042452539-1974565712-1005\...\Run: [Google 
 
Update] => C:\Documents and Settings\D-Man\Local Settings\Application 
 
Data\Google\Update\GoogleUpdate.exe [136176 2012-02-10] (Google Inc.)
HKU\S-1-5-21-2214429306-3042452539-1974565712-1005\...\MountPoints2: 
 
{8a0646f2-4fe3-11de-94ee-00235a7f1192} - E:\install.EXE id= ver=1.0.0.0
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-
 
00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
 
b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %
 
SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
 
b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
 
b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-
 
 
{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie=
 
{inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
 
 
&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe=
 
{outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-
 
 
{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie=
 
{inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS329
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
 
 
&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe=
 
{outputEncoding}&rlz=1I7ACAW_enUS329
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-
 
5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows 
 
Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - 
 
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-
 
CE66B5AD205D} - C:\Program 
 
Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-
 
76C02E2E7C4E} - C:\Program Files\Google\Google 
 
Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - 
 
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - 
 
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No 
 
File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No 
 
File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} 
 
 
tivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} 
 
DPF: {31435657-9980-0010-8000-00AA00389B71} 
 
 
ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} 
 
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} 
 
 
m.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} 
 
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
 
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} 
 
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program 
 
Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft 
 
Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program 
 
Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft 
 
Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program 
 
Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: x-sdch - No CLSID Value - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple 
 
Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32
 
\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32
 
\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla 
 
Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft 
 
Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program 
 
Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program 
 
Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents 
 
and Settings\D-Man\Local Settings\Application 
 
Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents 
 
and Settings\D-Man\Local Settings\Application 
 
Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\DotNetAssistantExtension [2009-08-11]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Google\Chrome\User 
 
Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86
 
\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\D-Man\Local 
 
Settings\Application Data\Google\Chrome\Application\35.0.1916.153
 
\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\D-Man\Local 
 
Settings\Application Data\Google\Chrome\Application\35.0.1916.153
 
\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\D-Man\Local 
 
Settings\Application Data\Google\Chrome\Application\35.0.1916.153\pdf.dll 
 
()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media 
 
Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - 
 
C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation 
 
(written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media 
 
Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\D-Man\Local 
 
Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll 
 
(Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files\Java\jre7
 
\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U60) - C:\Program Files\Java\jre7
 
\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows 
 
Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla 
 
Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32
 
\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32
 
\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft 
 
Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\D-Man\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\D-Man\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
CHR Extension: (Gmail) - C:\Documents and Settings\D-Man\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-10]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\D-
 
Man\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= 
 
ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 
 
32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 
 
2014-05-31] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-
 
Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-
 
Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009
 
-02-05] (Acer Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008
 
-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] 
 
(Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1346464 2008-12-30] 
 
(Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 
 
2008-04-14] (Microsoft Corporation)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08
 
-17] (Microsoft Corporation)
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-
 
11-02] (Dritek System Inc.)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] 
 
(Atheros Communications, Inc.)
S3 M3000Srv; C:\WINDOWS\System32\Drivers\M3000KNT.sys [145408 2009-
 
01-02] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys 
 
[53208 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-
 
05-12] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] 
 
(Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] 
 
(Microsoft Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-
 
09] (Microsoft Corporation)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-09-
 
25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PLTurbh; C:\WINDOWS\System32\drivers\plturbh.sys [9728 2008-05-20] 
 
(Prolific Technology Inc.) [File not signed]
S3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [9984 2008-11-26] 
 
(Prolific Technology Inc.) [File not signed]
R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [26888 2009-09-25] ()
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35152 2014-07-
 
01] ()
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-01 13:18 - 2014-07-01 13:19 - 00014348 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\FRST.txt
2014-07-01 13:18 - 2014-07-01 13:18 - 00000000 ____D () C:\FRST
2014-07-01 12:45 - 2014-07-01 13:17 - 00001621 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\post.txt
2014-07-01 12:33 - 2014-07-01 13:01 - 00035152 _____ () 
 
C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-07-01 12:33 - 2014-07-01 12:33 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Application Data\RogueKiller
2014-07-01 12:31 - 2014-07-01 12:31 - 00001572 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\klhj.txt
2014-07-01 12:30 - 2014-07-01 13:01 - 04721240 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\RogueKiller.exe
2014-07-01 12:30 - 2014-07-01 12:30 - 01073664 _____ (Farbar) C:\Documents and 
 
Settings\D-Man\Desktop\FRST.exe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ___RD () C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Accessories
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\QuickTime
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Acer GameZone
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Local Settings\Application Data\Google
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\InstallShield
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\Adobe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\Acer
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program 
 
Files\SumatraPDF
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-06-24 00:56 - 2014-07-01 12:53 - 00000178 ___SH () C:\Documents and 
 
Settings\Administrator\ntuser.ini
2014-06-24 00:56 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Local Settings\Temp
2014-06-24 00:56 - 2014-06-24 14:55 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator
2014-06-24 00:56 - 2009-03-12 01:37 - 00060664 _____ () C:\Documents and 
 
Settings\Administrator\Local Settings\Application 
 
Data\GDIPFONTCACHEV1.DAT
2014-06-24 00:56 - 2009-03-12 01:31 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\Macromedia
2014-06-24 00:56 - 2009-03-12 01:27 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\Super-Cow
2014-06-24 00:56 - 2009-03-12 01:25 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Local Settings\Application Data\Grubby Games
2014-06-24 00:56 - 2009-03-12 01:24 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Local Settings\Application Data\Oberon Games
2014-06-24 00:56 - 2009-03-12 01:15 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\My Documents\My Google Gadgets
2014-06-24 00:56 - 2009-03-12 01:06 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\Acer GameZone Console
2014-06-24 00:56 - 2009-03-12 00:16 - 00000803 _____ () C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-06-24 00:56 - 2009-03-12 00:10 - 00000738 _____ () C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-06-24 00:56 - 2009-03-12 00:07 - 00001599 _____ () C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-06-23 22:03 - 2014-06-23 23:17 - 00000830 _____ () 
 
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-23 22:01 - 2014-06-30 14:44 - 00110296 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 18:26 - 2014-06-23 18:26 - 00000781 _____ () C:\Documents and 
 
Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-23 18:25 - 2014-06-24 14:56 - 00000000 ____D () C:\Program 
 
Files\Malwarebytes Anti-Malware
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Application Data\Malwarebytes
2014-06-23 18:25 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-23 18:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-23 16:38 - 2014-06-23 16:38 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Application Data\MPC-HC
2014-06-23 16:35 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\K-Lite 
 
Codec Pack
2014-06-23 16:35 - 2013-12-01 07:10 - 00218200 _____ () 
 
C:\WINDOWS\system32\unrar.dll
2014-06-23 15:06 - 2014-06-23 15:06 - 00001590 _____ () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2014-06-23 15:06 - 2014-06-23 15:06 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Application Data\SumatraPDF
2014-06-23 14:41 - 2014-06-23 14:41 - 00307712 _____ (FileHippo.com) 
 
C:\Documents and Settings\D-Man\Desktop\UpdateChecker.exe
2014-06-23 13:20 - 2014-06-23 13:20 - 00000921 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\Revo Uninstaller.lnk
2014-06-23 13:20 - 2014-06-23 13:20 - 00000000 ____D () C:\Program Files\VS 
 
Revo Group
2014-06-23 12:57 - 2014-06-23 12:57 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Secunia PSI
2014-06-23 12:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program 
 
Files\Secunia
2014-06-23 12:34 - 2014-06-23 12:34 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Temp
2014-06-23 12:20 - 2014-06-23 12:20 - 00776976 _____ (AVAST Software) 
 
C:\WINDOWS\system32\Drivers\aswsnx.sys.1403544224750
2014-06-23 12:20 - 2014-06-23 12:20 - 00054832 _____ (AVAST Software) 
 
C:\WINDOWS\system32\Drivers\aswrdr.sys.1403544224750
2014-06-23 12:18 - 2014-06-24 17:14 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Application Data\AVAST Software
2014-06-22 19:59 - 2014-06-22 19:59 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Sun
2014-06-22 00:48 - 2014-06-22 00:49 - 00000000 ____D () C:\Program 
 
Files\GUM4135.tmp
2014-06-22 00:48 - 2014-06-22 00:48 - 06010880 _____ () C:\Program 
 
Files\GUT4136.tmp
 
==================== One Month Modified Files and Folders =======
 
2014-07-01 13:19 - 2014-07-01 13:18 - 00014348 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\FRST.txt
2014-07-01 13:19 - 2009-05-25 15:17 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Local Settings\Temp
2014-07-01 13:18 - 2014-07-01 13:18 - 00000000 ____D () C:\FRST
2014-07-01 13:17 - 2014-07-01 12:45 - 00001621 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\post.txt
2014-07-01 13:01 - 2014-07-01 12:33 - 00035152 _____ () 
 
C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-07-01 13:01 - 2014-07-01 12:30 - 04721240 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\RogueKiller.exe
2014-07-01 12:58 - 2009-03-11 16:03 - 00511862 _____ () 
 
C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-01 12:53 - 2014-06-24 00:56 - 00000178 ___SH () C:\Documents and 
 
Settings\Administrator\ntuser.ini
2014-07-01 12:53 - 2009-03-12 00:06 - 01634354 _____ () 
 
C:\WINDOWS\WindowsUpdate.log
2014-07-01 12:52 - 2009-05-25 15:17 - 00000178 ___SH () C:\Documents and 
 
Settings\D-Man\ntuser.ini
2014-07-01 12:33 - 2014-07-01 12:33 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Application Data\RogueKiller
2014-07-01 12:31 - 2014-07-01 12:31 - 00001572 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\klhj.txt
2014-07-01 12:30 - 2014-07-01 12:30 - 01073664 _____ (Farbar) C:\Documents and 
 
Settings\D-Man\Desktop\FRST.exe
2014-06-30 14:44 - 2014-06-23 22:01 - 00110296 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 14:41 - 2009-03-11 07:53 - 00001158 _____ () 
 
C:\WINDOWS\system32\wpa.dbl
2014-06-24 17:14 - 2014-06-23 12:18 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Application Data\AVAST Software
2014-06-24 14:58 - 2009-03-12 00:10 - 00000006 ____H () 
 
C:\WINDOWS\Tasks\SA.DAT
2014-06-24 14:58 - 2009-03-11 16:04 - 00000159 _____ () 
 
C:\WINDOWS\wiadebug.log
2014-06-24 14:58 - 2009-03-11 16:04 - 00000049 _____ () 
 
C:\WINDOWS\wiaservc.log
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ___RD () C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Accessories
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\QuickTime
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Start Menu\Programs\Acer GameZone
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Local Settings\Application Data\Google
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\InstallShield
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\Adobe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Application Data\Acer
2014-06-24 14:57 - 2014-06-24 00:56 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator\Local Settings\Temp
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program 
 
Files\SumatraPDF
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-06-24 14:56 - 2014-06-23 18:25 - 00000000 ____D () C:\Program 
 
Files\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-23 16:35 - 00000000 ____D () C:\Program Files\K-Lite 
 
Codec Pack
2014-06-24 14:56 - 2014-06-23 12:56 - 00000000 ____D () C:\Program 
 
Files\Secunia
2014-06-24 14:56 - 2011-06-20 15:07 - 00000000 ____D () C:\Program Files\Foxit 
 
Software
2014-06-24 14:56 - 2010-01-24 00:48 - 00000000 ____D () C:\Program 
 
Files\QuickTime
2014-06-24 14:56 - 2009-12-19 00:06 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Application Data\Yahoo!
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ___RD () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\Games
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ___RD () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\Accessories
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ____D () C:\Program 
 
Files\Windows NT
2014-06-24 14:56 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\Help
2014-06-24 14:56 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\addins
2014-06-24 14:55 - 2014-06-24 00:56 - 00000000 ____D () C:\Documents and 
 
Settings\Administrator
2014-06-24 00:45 - 2009-03-12 00:10 - 00032314 _____ () 
 
C:\WINDOWS\SchedLgU.Txt
2014-06-24 00:26 - 2009-12-19 02:23 - 00000000 __HDC () 
 
C:\WINDOWS\$NtUninstallKB958869$
2014-06-23 23:17 - 2014-06-23 22:03 - 00000830 _____ () 
 
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-23 22:47 - 2012-02-10 15:47 - 00000978 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2214429306-3042452539
 
-1974565712-1005UA.job
2014-06-23 22:03 - 2013-12-16 17:20 - 00699056 _____ (Adobe Systems 
 
Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-23 22:03 - 2011-06-14 14:50 - 00071344 _____ (Adobe Systems 
 
Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-23 19:46 - 2009-03-11 16:03 - 01731949 _____ () 
 
C:\WINDOWS\FaxSetup.log
2014-06-23 19:03 - 2014-01-05 21:24 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Apple Computer
2014-06-23 19:01 - 2010-01-25 01:40 - 00000000 ____D () 
 
C:\WINDOWS\system32\Adobe
2014-06-23 18:27 - 2009-03-11 16:03 - 00855940 _____ () C:\WINDOWS\ocgen.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00666518 _____ () C:\WINDOWS\tsoc.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00576523 _____ () 
 
C:\WINDOWS\comsetup.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00352093 _____ () 
 
C:\WINDOWS\ntdtcsetup.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00268653 _____ () C:\WINDOWS\iis6.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00095661 _____ () C:\WINDOWS\ocmsn.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00086547 _____ () 
 
C:\WINDOWS\msgsocm.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-06-23 18:27 - 2009-03-11 16:02 - 00654186 _____ () 
 
C:\WINDOWS\setupapi.log
2014-06-23 18:26 - 2014-06-23 18:26 - 00000781 _____ () C:\Documents and 
 
Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Application Data\Malwarebytes
2014-06-23 16:38 - 2014-06-23 16:38 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Application Data\MPC-HC
2014-06-23 16:17 - 2009-03-11 16:03 - 00004566 _____ () 
 
C:\WINDOWS\imsins.BAK
2014-06-23 16:15 - 2009-03-12 00:05 - 00034919 _____ () 
 
C:\WINDOWS\wmsetup.log
2014-06-23 16:15 - 2009-03-12 00:05 - 00000000 ____D () C:\Program Files\Online 
 
Services
2014-06-23 16:15 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\Cursors
2014-06-23 15:06 - 2014-06-23 15:06 - 00001590 _____ () C:\Documents and 
 
Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2014-06-23 15:06 - 2014-06-23 15:06 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Application Data\SumatraPDF
2014-06-23 14:41 - 2014-06-23 14:41 - 00307712 _____ (FileHippo.com) 
 
C:\Documents and Settings\D-Man\Desktop\UpdateChecker.exe
2014-06-23 13:22 - 2009-12-19 00:02 - 00000000 ____D () C:\Program Files\Yahoo!
2014-06-23 13:20 - 2014-06-23 13:20 - 00000921 _____ () C:\Documents and 
 
Settings\D-Man\Desktop\Revo Uninstaller.lnk
2014-06-23 13:20 - 2014-06-23 13:20 - 00000000 ____D () C:\Program Files\VS 
 
Revo Group
2014-06-23 12:57 - 2014-06-23 12:57 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Secunia PSI
2014-06-23 12:47 - 2012-02-10 15:47 - 00000926 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2214429306-3042452539
 
-1974565712-1005Core.job
2014-06-23 12:34 - 2014-06-23 12:34 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Temp
2014-06-23 12:20 - 2014-06-23 12:20 - 00776976 _____ (AVAST Software) 
 
C:\WINDOWS\system32\Drivers\aswsnx.sys.1403544224750
2014-06-23 12:20 - 2014-06-23 12:20 - 00054832 _____ (AVAST Software) 
 
C:\WINDOWS\system32\Drivers\aswrdr.sys.1403544224750
2014-06-23 12:13 - 2009-03-11 16:02 - 00208715 _____ () 
 
C:\WINDOWS\setupact.log
2014-06-23 12:10 - 2009-03-27 14:43 - 00000000 ____D () 
 
C:\WINDOWS\Screensavers
2014-06-23 12:09 - 2011-06-14 14:48 - 00001945 _____ () 
 
C:\WINDOWS\epplauncher.mif
2014-06-23 12:07 - 2009-05-25 06:59 - 00000000 ____D () C:\Program 
 
Files\Common Files\Nero
2014-06-23 12:07 - 2009-05-25 06:59 - 00000000 ____D () C:\Documents and 
 
Settings\All Users\Application Data\Nero
2014-06-23 12:06 - 2009-05-25 07:09 - 00000188 _____ () 
 
C:\WINDOWS\system32\MsiExec.exe.log
2014-06-23 12:06 - 2009-05-25 07:08 - 00001024 _____ () C:\Documents and 
 
Settings\D-Man\.rnd
2014-06-23 11:57 - 2013-12-16 14:00 - 00000000 ____D () 
 
C:\WINDOWS\system32\MRT
2014-06-23 11:53 - 2009-05-30 02:10 - 92708840 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\MRT.exe
2014-06-22 20:00 - 2009-03-12 00:10 - 00000000 ____D () C:\Documents and 
 
Settings\NetworkService\Local Settings\Temp
2014-06-22 19:59 - 2014-06-22 19:59 - 00000000 ____D () C:\Documents and 
 
Settings\D-Man\Local Settings\Application Data\Sun
2014-06-22 00:49 - 2014-06-22 00:48 - 00000000 ____D () C:\Program 
 
Files\GUM4135.tmp
2014-06-22 00:48 - 2014-06-22 00:48 - 06010880 _____ () C:\Program 
 
Files\GUT4136.tmp
2014-06-03 20:51 - 2009-05-25 11:32 - 00000118 _____ () C:\Documents and 
 
Settings\D-Man\Application Data\default.pls
2014-06-03 18:52 - 2009-05-25 09:56 - 00000069 _____ () 
 
C:\WINDOWS\NeroDigital.ini
 
Some content of TEMP:
====================
C:\Documents and Settings\D-Man\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\dropbox_sqlite_ext.
 
{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4prwvb.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\NEW4.tmp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-
 
8b99b693.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 02 July 2014 - 07:23 AM


I'm unable to read your FRST log with all those additional line breaks.
Please remove the WordWrap from NotePad.
You will find this function under the Format menu.

Run the FRST tool one more time and post a fresh logs.
Each line should be terminated by a Carriage return.

#7 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 02 July 2014 - 04:03 PM

FRST froze and was "not responding" about halfway through the scan 3 times (while running in Safe Mode). I restarted the laptop
on each instance (in case it would help) but the tool continued to freeze. It spit out a partial log on the first attempt even so. I will include the partial log first, then a repost of the original log I sent you that was formatted wrong. Note that I did remove a few things from startup via msconfig between the two logs.
 
Also, do you think I should attempt to reverse the System Restores I tried before we got started (mentioned in my initial post)? Because although it stated the system could not be restored, it does appear to have made some subtle changes (unless it's my imagination). Could that be compounding the problem? 
 
Here goes:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-06-2014
Ran by D-Man (administrator) on ACER-NETTOP on 02-07-2014 13:50:40
Running from C:\Documents and Settings\D-Man\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Safe Mode (minimal)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2214429306-3042452539-1974565712-1005\...\MountPoints2: {8a0646f2-4fe3-11de-94ee-00235a7f1192} - E:\install.EXE id= ver=1.0.0.0
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U60) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
CHR Extension: (Gmail) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-10]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-31] (Oracle Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1346464 2008-12-30] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 M3000Srv; C:\WINDOWS\System32\Drivers\M3000KNT.sys [145408 2009-01-02] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PLTurbh; C:\WINDOWS\System32\drivers\plturbh.sys [9728 2008-05-20] (Prolific Technology Inc.) [File not signed]
S3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [9984 2008-11-26] (Prolific Technology Inc.) [File not signed]
R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [26888 2009-09-25] ()
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35152 2014-07-01] ()
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-02 12:00 - 2014-07-02 13:51 - 00012720 _____ () C:\Documents and Settings\D-Man\Desktop\FRST.txt
2014-07-01 13:18 - 2014-07-02 13:50 - 00000000 ____D () C:\FRST
2014-07-01 12:33 - 2014-07-01 13:01 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-07-01 12:33 - 2014-07-01 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-07-01 12:30 - 2014-07-01 13:01 - 04721240 _____ () C:\Documents and Settings\D-Man\Desktop\RogueKiller.exe
2014-07-01 12:30 - 2014-07-01 12:30 - 01073664 _____ (Farbar) C:\Documents and Settings\D-Man\Desktop\FRST.exe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Acer GameZone
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InstallShield
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Acer
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\SumatraPDF
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-06-24 00:56 - 2014-07-01 12:53 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-24 00:56 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-06-24 00:56 - 2014-06-24 14:55 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-24 00:56 - 2009-03-12 01:37 - 00060664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-24 00:56 - 2009-03-12 01:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-06-24 00:56 - 2009-03-12 01:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Super-Cow
2014-06-24 00:56 - 2009-03-12 01:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Grubby Games
2014-06-24 00:56 - 2009-03-12 01:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Oberon Games
2014-06-24 00:56 - 2009-03-12 01:15 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\My Google Gadgets
2014-06-24 00:56 - 2009-03-12 01:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Acer GameZone Console
2014-06-24 00:56 - 2009-03-12 00:16 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-06-24 00:56 - 2009-03-12 00:10 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-06-24 00:56 - 2009-03-12 00:07 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-06-23 22:03 - 2014-06-23 23:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-23 22:01 - 2014-07-02 13:46 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 18:26 - 2014-06-23 18:26 - 00000781 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-23 18:25 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-23 18:25 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-23 18:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-23 16:38 - 2014-06-23 16:38 - 00000000 ____D () C:\Documents and Settings\D-Man\Application Data\MPC-HC
2014-06-23 16:35 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-06-23 16:35 - 2013-12-01 07:10 - 00218200 _____ () C:\WINDOWS\system32\unrar.dll
2014-06-23 15:06 - 2014-06-23 15:06 - 00001590 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2014-06-23 15:06 - 2014-06-23 15:06 - 00000000 ____D () C:\Documents and Settings\D-Man\Application Data\SumatraPDF
2014-06-23 14:41 - 2014-06-23 14:41 - 00307712 _____ (FileHippo.com) C:\Documents and Settings\D-Man\Desktop\UpdateChecker.exe
2014-06-23 13:20 - 2014-06-23 13:20 - 00000921 _____ () C:\Documents and Settings\D-Man\Desktop\Revo Uninstaller.lnk
2014-06-23 13:20 - 2014-06-23 13:20 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-23 12:57 - 2014-06-23 12:57 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Secunia PSI
2014-06-23 12:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\Secunia
2014-06-23 12:34 - 2014-06-23 12:34 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Temp
2014-06-23 12:20 - 2014-06-23 12:20 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403544224750
2014-06-23 12:20 - 2014-06-23 12:20 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403544224750
2014-06-23 12:18 - 2014-06-24 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-06-22 19:59 - 2014-06-22 19:59 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Sun
2014-06-22 00:48 - 2014-06-22 00:49 - 00000000 ____D () C:\Program Files\GUM4135.tmp
2014-06-22 00:48 - 2014-06-22 00:48 - 06010880 _____ () C:\Program Files\GUT4136.tmp
 
==================== One Month Modified Files and Folders =======
 
2014-07-02 13:51 - 2014-07-02 12:00 - 00012720 _____ () C:\Documents and Settings\D-Man\Desktop\FRST.txt
2014-07-02 13:51 - 2009-05-25 15:17 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Temp
2014-07-02 13:50 - 2014-07-01 13:18 - 00000000 ____D () C:\FRST
2014-07-02 13:47 - 2009-05-25 15:17 - 00000178 ___SH () C:\Documents and Settings\D-Man\ntuser.ini
2014-07-02 13:47 - 2009-03-12 00:06 - 01637518 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-02 13:46 - 2014-06-23 22:01 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 13:45 - 2010-01-06 11:04 - 00000000 ____D () C:\Documents and Settings\D-Man\Start Menu\Programs\SlowBlast
2014-07-02 13:44 - 2009-05-25 15:17 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Google
2014-07-02 13:44 - 2009-03-12 01:06 - 00000000 ____D () C:\Program Files\Google
2014-07-02 13:43 - 2009-03-11 07:56 - 00000211 __RSH () C:\boot.ini
2014-07-02 13:43 - 2009-03-11 07:53 - 00000503 _____ () C:\WINDOWS\win.ini
2014-07-02 13:43 - 2009-03-11 07:53 - 00000254 _____ () C:\WINDOWS\system.ini
2014-07-02 12:12 - 2009-03-11 16:03 - 00511862 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-01 13:01 - 2014-07-01 12:33 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-07-01 13:01 - 2014-07-01 12:30 - 04721240 _____ () C:\Documents and Settings\D-Man\Desktop\RogueKiller.exe
2014-07-01 12:53 - 2014-06-24 00:56 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-07-01 12:33 - 2014-07-01 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-07-01 12:30 - 2014-07-01 12:30 - 01073664 _____ (Farbar) C:\Documents and Settings\D-Man\Desktop\FRST.exe
2014-06-30 14:41 - 2009-03-11 07:53 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-24 17:14 - 2014-06-23 12:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-06-24 14:58 - 2009-03-12 00:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-24 14:58 - 2009-03-11 16:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-24 14:58 - 2009-03-11 16:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Acer GameZone
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InstallShield
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Acer
2014-06-24 14:57 - 2014-06-24 00:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\SumatraPDF
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-06-24 14:56 - 2014-06-23 18:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-23 16:35 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-06-24 14:56 - 2014-06-23 12:56 - 00000000 ____D () C:\Program Files\Secunia
2014-06-24 14:56 - 2011-06-20 15:07 - 00000000 ____D () C:\Program Files\Foxit Software
2014-06-24 14:56 - 2010-01-24 00:48 - 00000000 ____D () C:\Program Files\QuickTime
2014-06-24 14:56 - 2009-12-19 00:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-24 14:56 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\Help
2014-06-24 14:56 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\addins
2014-06-24 14:55 - 2014-06-24 00:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-24 00:45 - 2009-03-12 00:10 - 00032314 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-24 00:26 - 2009-12-19 02:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2014-06-23 23:17 - 2014-06-23 22:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-23 22:47 - 2012-02-10 15:47 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2214429306-3042452539-1974565712-1005UA.job
2014-06-23 22:03 - 2013-12-16 17:20 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-23 22:03 - 2011-06-14 14:50 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-23 19:46 - 2009-03-11 16:03 - 01731949 _____ () C:\WINDOWS\FaxSetup.log
2014-06-23 19:03 - 2014-01-05 21:24 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Apple Computer
2014-06-23 19:01 - 2010-01-25 01:40 - 00000000 ____D () C:\WINDOWS\system32\Adobe
2014-06-23 18:27 - 2009-03-11 16:03 - 00855940 _____ () C:\WINDOWS\ocgen.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00666518 _____ () C:\WINDOWS\tsoc.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00576523 _____ () C:\WINDOWS\comsetup.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00352093 _____ () C:\WINDOWS\ntdtcsetup.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00268653 _____ () C:\WINDOWS\iis6.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00095661 _____ () C:\WINDOWS\ocmsn.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00086547 _____ () C:\WINDOWS\msgsocm.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-06-23 18:27 - 2009-03-11 16:02 - 00654186 _____ () C:\WINDOWS\setupapi.log
2014-06-23 18:26 - 2014-06-23 18:26 - 00000781 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-23 16:38 - 2014-06-23 16:38 - 00000000 ____D () C:\Documents and Settings\D-Man\Application Data\MPC-HC
2014-06-23 16:17 - 2009-03-11 16:03 - 00004566 _____ () C:\WINDOWS\imsins.BAK
2014-06-23 16:15 - 2009-03-12 00:05 - 00034919 _____ () C:\WINDOWS\wmsetup.log
2014-06-23 16:15 - 2009-03-12 00:05 - 00000000 ____D () C:\Program Files\Online Services
2014-06-23 16:15 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\Cursors
2014-06-23 15:06 - 2014-06-23 15:06 - 00001590 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2014-06-23 15:06 - 2014-06-23 15:06 - 00000000 ____D () C:\Documents and Settings\D-Man\Application Data\SumatraPDF
2014-06-23 14:41 - 2014-06-23 14:41 - 00307712 _____ (FileHippo.com) C:\Documents and Settings\D-Man\Desktop\UpdateChecker.exe
2014-06-23 13:22 - 2009-12-19 00:02 - 00000000 ____D () C:\Program Files\Yahoo!
2014-06-23 13:20 - 2014-06-23 13:20 - 00000921 _____ () C:\Documents and Settings\D-Man\Desktop\Revo Uninstaller.lnk
2014-06-23 13:20 - 2014-06-23 13:20 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-23 12:57 - 2014-06-23 12:57 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Secunia PSI
2014-06-23 12:47 - 2012-02-10 15:47 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2214429306-3042452539-1974565712-1005Core.job
2014-06-23 12:34 - 2014-06-23 12:34 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Temp
2014-06-23 12:20 - 2014-06-23 12:20 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403544224750
2014-06-23 12:20 - 2014-06-23 12:20 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403544224750
2014-06-23 12:13 - 2009-03-11 16:02 - 00208715 _____ () C:\WINDOWS\setupact.log
2014-06-23 12:10 - 2009-03-27 14:43 - 00000000 ____D () C:\WINDOWS\Screensavers
2014-06-23 12:09 - 2011-06-14 14:48 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-06-23 12:07 - 2009-05-25 06:59 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-06-23 12:07 - 2009-05-25 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Nero
2014-06-23 12:06 - 2009-05-25 07:09 - 00000188 _____ () C:\WINDOWS\system32\MsiExec.exe.log
2014-06-23 12:06 - 2009-05-25 07:08 - 00001024 _____ () C:\Documents and Settings\D-Man\.rnd
2014-06-23 11:57 - 2013-12-16 14:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-23 11:53 - 2009-05-30 02:10 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-22 20:00 - 2009-03-12 00:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-06-22 19:59 - 2014-06-22 19:59 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Sun
2014-06-22 00:49 - 2014-06-22 00:48 - 00000000 ____D () C:\Program Files\GUM4135.tmp
2014-06-22 00:48 - 2014-06-22 00:48 - 06010880 _____ () C:\Program Files\GUT4136.tmp
2014-06-03 20:51 - 2009-05-25 11:32 - 00000118 _____ () C:\Documents and Settings\D-Man\Application Data\default.pls
2014-06-03 18:52 - 2009-05-25 09:56 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
 
Some content of TEMP:
====================
C:\Documents and Settings\D-Man\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4prwvb.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\NEW4.tmp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8b99b693.exe
 
 
==================== Bamital & volsnap Check =================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-06-2014
Ran by D-Man (administrator) on ACER-NETTOP on 01-07-2014 13:18:50
Running from C:\Documents and Settings\D-Man\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2214429306-3042452539-1974565712-1005\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-05-25] (Google Inc.)
HKU\S-1-5-21-2214429306-3042452539-1974565712-1005\...\Run: [Google Update] => C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2012-02-10] (Google Inc.)
HKU\S-1-5-21-2214429306-3042452539-1974565712-1005\...\MountPoints2: {8a0646f2-4fe3-11de-94ee-00235a7f1192} - E:\install.EXE id= ver=1.0.0.0
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: x-sdch - No CLSID Value - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U60) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
CHR Extension: (Gmail) - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-10]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-31] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1346464 2008-12-30] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 M3000Srv; C:\WINDOWS\System32\Drivers\M3000KNT.sys [145408 2009-01-02] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-09-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PLTurbh; C:\WINDOWS\System32\drivers\plturbh.sys [9728 2008-05-20] (Prolific Technology Inc.) [File not signed]
S3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [9984 2008-11-26] (Prolific Technology Inc.) [File not signed]
R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [26888 2009-09-25] ()
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35152 2014-07-01] ()
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-01 13:18 - 2014-07-01 13:19 - 00014348 _____ () C:\Documents and Settings\D-Man\Desktop\FRST.txt
2014-07-01 13:18 - 2014-07-01 13:18 - 00000000 ____D () C:\FRST
2014-07-01 12:45 - 2014-07-01 13:17 - 00001621 _____ () C:\Documents and Settings\D-Man\Desktop\post.txt
2014-07-01 12:33 - 2014-07-01 13:01 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-07-01 12:33 - 2014-07-01 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-07-01 12:31 - 2014-07-01 12:31 - 00001572 _____ () C:\Documents and Settings\D-Man\Desktop\klhj.txt
2014-07-01 12:30 - 2014-07-01 13:01 - 04721240 _____ () C:\Documents and Settings\D-Man\Desktop\RogueKiller.exe
2014-07-01 12:30 - 2014-07-01 12:30 - 01073664 _____ (Farbar) C:\Documents and Settings\D-Man\Desktop\FRST.exe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Acer GameZone
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InstallShield
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Acer
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\SumatraPDF
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-06-24 00:56 - 2014-07-01 12:53 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-24 00:56 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-06-24 00:56 - 2014-06-24 14:55 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-24 00:56 - 2009-03-12 01:37 - 00060664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-24 00:56 - 2009-03-12 01:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-06-24 00:56 - 2009-03-12 01:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Super-Cow
2014-06-24 00:56 - 2009-03-12 01:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Grubby Games
2014-06-24 00:56 - 2009-03-12 01:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Oberon Games
2014-06-24 00:56 - 2009-03-12 01:15 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\My Google Gadgets
2014-06-24 00:56 - 2009-03-12 01:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Acer GameZone Console
2014-06-24 00:56 - 2009-03-12 00:16 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-06-24 00:56 - 2009-03-12 00:10 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-06-24 00:56 - 2009-03-12 00:07 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-06-23 22:03 - 2014-06-23 23:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-23 22:01 - 2014-06-30 14:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 18:26 - 2014-06-23 18:26 - 00000781 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-23 18:25 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-23 18:25 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-23 18:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-23 16:38 - 2014-06-23 16:38 - 00000000 ____D () C:\Documents and Settings\D-Man\Application Data\MPC-HC
2014-06-23 16:35 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-06-23 16:35 - 2013-12-01 07:10 - 00218200 _____ () C:\WINDOWS\system32\unrar.dll
2014-06-23 15:06 - 2014-06-23 15:06 - 00001590 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2014-06-23 15:06 - 2014-06-23 15:06 - 00000000 ____D () C:\Documents and Settings\D-Man\Application Data\SumatraPDF
2014-06-23 14:41 - 2014-06-23 14:41 - 00307712 _____ (FileHippo.com) C:\Documents and Settings\D-Man\Desktop\UpdateChecker.exe
2014-06-23 13:20 - 2014-06-23 13:20 - 00000921 _____ () C:\Documents and Settings\D-Man\Desktop\Revo Uninstaller.lnk
2014-06-23 13:20 - 2014-06-23 13:20 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-23 12:57 - 2014-06-23 12:57 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Secunia PSI
2014-06-23 12:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\Secunia
2014-06-23 12:34 - 2014-06-23 12:34 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Temp
2014-06-23 12:20 - 2014-06-23 12:20 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403544224750
2014-06-23 12:20 - 2014-06-23 12:20 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403544224750
2014-06-23 12:18 - 2014-06-24 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-06-22 19:59 - 2014-06-22 19:59 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Sun
2014-06-22 00:48 - 2014-06-22 00:49 - 00000000 ____D () C:\Program Files\GUM4135.tmp
2014-06-22 00:48 - 2014-06-22 00:48 - 06010880 _____ () C:\Program Files\GUT4136.tmp
 
==================== One Month Modified Files and Folders =======
 
2014-07-01 13:19 - 2014-07-01 13:18 - 00014348 _____ () C:\Documents and Settings\D-Man\Desktop\FRST.txt
2014-07-01 13:19 - 2009-05-25 15:17 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Temp
2014-07-01 13:18 - 2014-07-01 13:18 - 00000000 ____D () C:\FRST
2014-07-01 13:17 - 2014-07-01 12:45 - 00001621 _____ () C:\Documents and Settings\D-Man\Desktop\post.txt
2014-07-01 13:01 - 2014-07-01 12:33 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-07-01 13:01 - 2014-07-01 12:30 - 04721240 _____ () C:\Documents and Settings\D-Man\Desktop\RogueKiller.exe
2014-07-01 12:58 - 2009-03-11 16:03 - 00511862 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-01 12:53 - 2014-06-24 00:56 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-07-01 12:53 - 2009-03-12 00:06 - 01634354 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-01 12:52 - 2009-05-25 15:17 - 00000178 ___SH () C:\Documents and Settings\D-Man\ntuser.ini
2014-07-01 12:33 - 2014-07-01 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-07-01 12:31 - 2014-07-01 12:31 - 00001572 _____ () C:\Documents and Settings\D-Man\Desktop\klhj.txt
2014-07-01 12:30 - 2014-07-01 12:30 - 01073664 _____ (Farbar) C:\Documents and Settings\D-Man\Desktop\FRST.exe
2014-06-30 14:44 - 2014-06-23 22:01 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 14:41 - 2009-03-11 07:53 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-24 17:14 - 2014-06-23 12:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-06-24 14:58 - 2009-03-12 00:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-24 14:58 - 2009-03-11 16:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-24 14:58 - 2009-03-11 16:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Acer GameZone
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InstallShield
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Acer
2014-06-24 14:57 - 2014-06-24 00:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Program Files\SumatraPDF
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-24 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-06-24 14:56 - 2014-06-23 18:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-24 14:56 - 2014-06-23 16:35 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-06-24 14:56 - 2014-06-23 12:56 - 00000000 ____D () C:\Program Files\Secunia
2014-06-24 14:56 - 2011-06-20 15:07 - 00000000 ____D () C:\Program Files\Foxit Software
2014-06-24 14:56 - 2010-01-24 00:48 - 00000000 ____D () C:\Program Files\QuickTime
2014-06-24 14:56 - 2009-12-19 00:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-06-24 14:56 - 2009-03-12 00:05 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-24 14:56 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\Help
2014-06-24 14:56 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\addins
2014-06-24 14:55 - 2014-06-24 00:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-24 00:45 - 2009-03-12 00:10 - 00032314 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-24 00:26 - 2009-12-19 02:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2014-06-23 23:17 - 2014-06-23 22:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-23 22:47 - 2012-02-10 15:47 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2214429306-3042452539-1974565712-1005UA.job
2014-06-23 22:03 - 2013-12-16 17:20 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-23 22:03 - 2011-06-14 14:50 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-23 19:46 - 2009-03-11 16:03 - 01731949 _____ () C:\WINDOWS\FaxSetup.log
2014-06-23 19:03 - 2014-01-05 21:24 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Apple Computer
2014-06-23 19:01 - 2010-01-25 01:40 - 00000000 ____D () C:\WINDOWS\system32\Adobe
2014-06-23 18:27 - 2009-03-11 16:03 - 00855940 _____ () C:\WINDOWS\ocgen.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00666518 _____ () C:\WINDOWS\tsoc.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00576523 _____ () C:\WINDOWS\comsetup.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00352093 _____ () C:\WINDOWS\ntdtcsetup.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00268653 _____ () C:\WINDOWS\iis6.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00095661 _____ () C:\WINDOWS\ocmsn.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00086547 _____ () C:\WINDOWS\msgsocm.log
2014-06-23 18:27 - 2009-03-11 16:03 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-06-23 18:27 - 2009-03-11 16:02 - 00654186 _____ () C:\WINDOWS\setupapi.log
2014-06-23 18:26 - 2014-06-23 18:26 - 00000781 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-23 16:38 - 2014-06-23 16:38 - 00000000 ____D () C:\Documents and Settings\D-Man\Application Data\MPC-HC
2014-06-23 16:17 - 2009-03-11 16:03 - 00004566 _____ () C:\WINDOWS\imsins.BAK
2014-06-23 16:15 - 2009-03-12 00:05 - 00034919 _____ () C:\WINDOWS\wmsetup.log
2014-06-23 16:15 - 2009-03-12 00:05 - 00000000 ____D () C:\Program Files\Online Services
2014-06-23 16:15 - 2009-03-11 15:57 - 00000000 ____D () C:\WINDOWS\Cursors
2014-06-23 15:06 - 2014-06-23 15:06 - 00001590 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2014-06-23 15:06 - 2014-06-23 15:06 - 00000000 ____D () C:\Documents and Settings\D-Man\Application Data\SumatraPDF
2014-06-23 14:41 - 2014-06-23 14:41 - 00307712 _____ (FileHippo.com) C:\Documents and Settings\D-Man\Desktop\UpdateChecker.exe
2014-06-23 13:22 - 2009-12-19 00:02 - 00000000 ____D () C:\Program Files\Yahoo!
2014-06-23 13:20 - 2014-06-23 13:20 - 00000921 _____ () C:\Documents and Settings\D-Man\Desktop\Revo Uninstaller.lnk
2014-06-23 13:20 - 2014-06-23 13:20 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-23 12:57 - 2014-06-23 12:57 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Secunia PSI
2014-06-23 12:47 - 2012-02-10 15:47 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2214429306-3042452539-1974565712-1005Core.job
2014-06-23 12:34 - 2014-06-23 12:34 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Temp
2014-06-23 12:20 - 2014-06-23 12:20 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403544224750
2014-06-23 12:20 - 2014-06-23 12:20 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403544224750
2014-06-23 12:13 - 2009-03-11 16:02 - 00208715 _____ () C:\WINDOWS\setupact.log
2014-06-23 12:10 - 2009-03-27 14:43 - 00000000 ____D () C:\WINDOWS\Screensavers
2014-06-23 12:09 - 2011-06-14 14:48 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-06-23 12:07 - 2009-05-25 06:59 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-06-23 12:07 - 2009-05-25 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Nero
2014-06-23 12:06 - 2009-05-25 07:09 - 00000188 _____ () C:\WINDOWS\system32\MsiExec.exe.log
2014-06-23 12:06 - 2009-05-25 07:08 - 00001024 _____ () C:\Documents and Settings\D-Man\.rnd
2014-06-23 11:57 - 2013-12-16 14:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-23 11:53 - 2009-05-30 02:10 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-22 20:00 - 2009-03-12 00:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-06-22 19:59 - 2014-06-22 19:59 - 00000000 ____D () C:\Documents and Settings\D-Man\Local Settings\Application Data\Sun
2014-06-22 00:49 - 2014-06-22 00:48 - 00000000 ____D () C:\Program Files\GUM4135.tmp
2014-06-22 00:48 - 2014-06-22 00:48 - 06010880 _____ () C:\Program Files\GUT4136.tmp
2014-06-03 20:51 - 2009-05-25 11:32 - 00000118 _____ () C:\Documents and Settings\D-Man\Application Data\default.pls
2014-06-03 18:52 - 2009-05-25 09:56 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
 
Some content of TEMP:
====================
C:\Documents and Settings\D-Man\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4prwvb.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\NEW4.tmp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8b99b693.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 03 July 2014 - 06:59 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Filter: x-sdch - No CLSID Value - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
C:\Documents and Settings\D-Man\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4prwvb.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\NEW4.tmp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8b99b693.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Let me know what problem persists.

#9 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 03 July 2014 - 04:15 PM

The laptop still gets stuck at the XP welcome screen. It sat there for 5-10 minutes so I have to do everything in Safe Mode with Networking as has been the case so far. Here are the logs.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:29-06-2014
Ran by D-Man at 2014-07-03 15:42:34 Run:1
Running from C:\Documents and Settings\D-Man\Desktop
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Filter: x-sdch - No CLSID Value - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
C:\Documents and Settings\D-Man\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4prwvb.dll
C:\Documents and Settings\D-Man\Local Settings\Temp\NEW4.tmp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8b99b693.exe
 
End
*****************
 
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}' => Key deleted successfully.
'HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully.
'HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => value deleted successfully.
'HKCR\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
'HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}'=> Key not found.
'HKCR\PROTOCOLS\Filter\x-sdch'=> Key not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
int15.sys => Service deleted successfully.
PCTINDIS5 => Service deleted successfully.
Rts516xIR => Service deleted successfully.
USBCCID => Service deleted successfully.
C:\Documents and Settings\D-Man\Local Settings\Temp\AskSLib.dll => Moved successfully.
C:\Documents and Settings\D-Man\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4prwvb.dll => Moved successfully.
C:\Documents and Settings\D-Man\Local Settings\Temp\NEW4.tmp.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8b99b693.exe => Moved successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.85  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Java™ 6 Update 22  
 Adobe Flash Player 14.0.0.125  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 04 July 2014 - 09:16 AM

When you boot in Safe mode only the processes needed by the operating systems are started.

Something is missing or a bad process is objecting to start normally in normal mode.

Remove these Tasks in C:\WINDOWS\Tasks folder.

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2214429306-3042452539-1974565712-1005Core.job => C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2214429306-3042452539-1974565712-1005UA.job => C:\Documents and Settings\D-Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe


Restart the computer normally.

If you let it run for an hour or more will the computer start?

It sat there for 5-10 minutes so I have to do everything in Safe Mode with Networking as has been the case so far. Here are the logs.



#11 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 05 July 2014 - 12:34 AM

I removed the tasks and the welcome screen for xp stayed on for hours.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 05 July 2014 - 06:55 AM

Well some files are missing and or damaged.
Since Windows XP is no longer supported by mircrosoft and you do not have the Operating systems disk I'm not sure will be able to restore this system.

Lets run this last tool.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#13 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 05 July 2014 - 10:04 AM

Recovery console successfully installed.
 
 
ComboFix 14-07-03.01 - D-Man 07/05/2014   9:37.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.666 [GMT -5:00]
Running from: c:\documents and settings\D-Man\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\documents and settings\D-Man\Application Data\.#
c:\documents and settings\D-Man\WINDOWS
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\Services.reg
c:\windows\system32\SET192.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-05 to 2014-07-05  )))))))))))))))))))))))))))))))
.
.
2014-07-01 18:18 . 2014-07-03 20:43 -------- d-----w- C:\FRST
2014-07-01 17:33 . 2014-07-01 18:01 35152 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-01 17:33 . 2014-07-01 17:33 -------- d-----w- C:\Documents
2014-07-01 17:33 . 2014-07-01 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2014-06-24 19:56 . 2014-06-24 19:56 -------- d-----w- c:\program files\SumatraPDF
2014-06-24 05:56 . 2014-06-24 19:55 -------- d-----w- c:\documents and settings\Administrator
2014-06-24 03:01 . 2014-07-02 18:46 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-23 23:25 . 2014-06-24 19:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-23 23:25 . 2014-06-23 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-06-23 23:25 . 2014-05-12 12:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-23 23:25 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-23 21:38 . 2014-06-23 21:38 -------- d-----w- c:\documents and settings\D-Man\Application Data\MPC-HC
2014-06-23 21:35 . 2013-12-01 12:10 218200 ----a-w- c:\windows\system32\unrar.dll
2014-06-23 21:35 . 2014-06-24 19:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-06-23 20:06 . 2014-06-23 20:06 -------- d-----w- c:\documents and settings\D-Man\Application Data\SumatraPDF
2014-06-23 18:20 . 2014-06-23 18:20 -------- d-----w- c:\program files\VS Revo Group
2014-06-23 17:57 . 2014-06-23 17:57 -------- d-----w- c:\documents and settings\D-Man\Local Settings\Application Data\Secunia PSI
2014-06-23 17:56 . 2014-06-24 19:56 -------- d-----w- c:\program files\Secunia
2014-06-23 17:34 . 2014-06-23 17:34 -------- d-----w- c:\documents and settings\D-Man\Local Settings\Application Data\Temp
2014-06-23 17:18 . 2014-06-24 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-06-23 00:59 . 2014-06-23 00:59 -------- d-----w- c:\documents and settings\D-Man\Local Settings\Application Data\Sun
2014-06-22 05:48 . 2014-06-22 05:49 -------- d-----w- c:\program files\GUM4135.tmp
2014-06-22 05:48 . 2014-06-22 05:48 6010880 ----a-w- c:\program files\GUT4136.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-24 03:03 . 2013-12-16 22:20 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-24 03:03 . 2011-06-14 19:50 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-23 17:20 . 2014-06-23 17:20 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1403544224750
2014-06-23 17:20 . 2014-06-23 17:20 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1403544224750
2014-05-31 21:11 . 2014-05-31 21:11 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-31 21:11 . 2011-06-28 20:07 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^D-Man^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\D-Man\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^D-Man^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\D-Man\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^D-Man^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\D-Man\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll  [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-14 01:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-01-25 10:45 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-10 20:47 136176 ----atw- c:\documents and settings\D-Man\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 06:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 21:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-24 07:40 17529856 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-05-07 19:44 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-05 10:32 1430824 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"RS_Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NeroRegInCDSrv"=2 (0x2)
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"InCDsrv"=2 (0x2)
"IAANTMON"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-080708-050100"=3 (0x3)
"0212271243293889mcinstcleanup"=2 (0x2)
"LightScribeService"=2 (0x2)
"YahooAUService"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/23/2014 6:25 PM 53208]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 10:03 PM 38912]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [6/23/2014 6:26 PM 860472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/12/2009 12:56 AM 1684736]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [3/27/2009 2:40 PM 145408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/23/2014 6:25 PM 23256]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys [5/25/2009 8:51 AM 9728]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [5/25/2009 8:51 AM 9984]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/12/2009 12:54 AM 162816]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [6/23/2014 6:26 PM 1809720]
S4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/12/2009 1:32 AM 237568]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mbamchameleon
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-InCD - c:\program files\Nero\Nero8\InCD\InCD.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-Prolific_OneButton - c:\program files\USBFast\OneBtn.exe
MSConfigStartUp-RDVCHG - c:\program files\Sprint\Sprint SmartView\RDVCHG.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero8\InCD\NBHGui.exe
MSConfigStartUp-Sprint SmartView - c:\program files\Sprint\Sprint SmartView\SprintSV.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-05 09:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-07-05  09:55:12
ComboFix-quarantined-files.txt  2014-07-05 14:55
.
Pre-Run: 130,225,463,296 bytes free
Post-Run: 131,044,352,000 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E001977DD71D4D8D1508BEF98E00271D
5C616939100B85E558DA92B899A0FC36


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 05 July 2014 - 01:15 PM

The is the instructions to rebuild a corrupt or missing boot.ini file.

The instructions is to boot from the Microsoft Windows XP CD. Since you do not have it will do that through the Recovery Console.

http://www.computerhope.com/issues/ch000648.htm
===
Restart the computer normally. You should have 2 seconds to select the Recovery Console option. (Hope that works)

Select the operating system you want to use; if you only have Windows XP on the computer you will get one prompt.

If prompted for the password enter the Admin password and press enter.

At the command prompt type bootcfg /rebuild to start the rebuild process. (make sure you have a space before /rebuild

Follow the rest of the instructions in the article.

That is:

* Prompt for the identified versions of Windows installed. When you receive this prompt press Y if the bootcfg command properly identified each of the Windows operating systems installed on the computer. It is important to realize this command only detects Windows XP, Windows 2000, and Windows NT installations.

* Prompt to enter the load identifier. This is the name of the operating system for the boot.ini. For example, Microsoft Windows XP Home users would enter Microsoft Windows XP Home edition.

* Prompt to Enter OS load options. When this prompt is received type /fastdetect to automatically detect the available options.
Once you have completed all the available options in the rebuild and are back at the prompt type exit to reboot the computer


If you have any question please ask before proceeding.

Keep me posted.

#15 dman_starr

dman_starr
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 06 July 2014 - 09:13 AM

nope. wouldn't allow me to go to recovery console. Is there anything I can do? There is an xp product key sticker on the bottom of the laptop.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users