Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rookit found, persistent SSDT hooks and registry keys


  • This topic is locked This topic is locked
22 replies to this topic

#1 bitterjava

bitterjava

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 10 July 2014 - 06:32 PM

I have an old Asus Eee PC 1005HA, running Windows XP SP3, that I'm having trouble with. (Since XP is obsolete, I'm planning to replace the OS with either Windows7 or Linux Mint, but I want to get rid of the malware first).

 

I noticed the computer running extremely slowly, so I ran TDSSKiller (which didn't find anything) and RKill (which found ZeroAccess). Initially I tried running MalwareBytes Anti-Malware but got an Access Denied error when I tried to install it. I couldn't update Avast Antivirus either. I was able to run MalwareBytes Anti-Rootkit Beta, after which I was able to install and run MalwareBytes Anti-Malware and update Avast.

 

I've also run RogueKiller a few times and it keeps finding malicious registry keys and SSDT hooks, which I have no idea how to remove. Also I have a Windows Security Alert telling me my antivirus software is out of date, but Avast is showing everything is fine. If needed I can run RogueKiller or other diagnostic tools, but I'll wait until instructed in case you'd rather I use something else. Any help you can give is greatly appreciated. I've provided the DDS logs below as a start:

 

 

DDS.txt

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by RLE at 19:19:09 on 2014-07-10
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.263 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{A7C112A4-AAF8-4B78-85DA-BECDD825DD80} : NameServer = 8.8.8.8
TCP: Interfaces\{A7C112A4-AAF8-4B78-85DA-BECDD825DD80} : DHCPNameServer = 192.168.10.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\aibelive\voice command\skype4com.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rle\application data\mozilla\firefox\profiles\ehrkr222.default\
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2002-1-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2002-1-1 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-5-4 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-5-4 411680]
R1 policyappblockservice;Parental Control Application Filter;c:\program files\parental control\bin\policyappblock.sys [2009-2-2 5120]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2002-1-1 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-4 50344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-7 55152]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-5-23 53208]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files\m-audio\midisport\AudioDevMon.exe [2010-10-6 1636872]
R2 privoxy;privoxy;c:\program files\privoxy\privoxy.exe --service --> c:\program files\privoxy\privoxy.exe --service [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-9 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-1 39040]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-7 1684736]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\nitropdf5\bepldr.exe [2007-11-15 151552]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\drivers\MAudioMIDISPORT_DFU.sys [2011-7-30 23304]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-20 7680]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2011-7-30 169224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-23 23256]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-7 232872]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2010-8-3 26112]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2014-5-25 106248]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-23 1809720]
S4 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-23 860472]
.
=============== File Associations ===============
.
ShellExec: NitroPDF.exe: Open="c:\program files\nitro pdf\professional\NitroPDF.exe""%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-06-06 18:43:19    26624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-05-25 20:12:38    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-05-24 19:40:05    107224    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-23 16:53:52    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-23 16:22:38    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400864030171
2014-05-23 16:22:38    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-23 16:22:37    67824    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-05-23 16:22:37    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1400864030171
2014-05-23 16:22:37    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-23 16:22:37    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-23 16:22:35    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-23 01:08:21    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-23 01:08:20    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 11:26:02    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25:54    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-06 15:03:26    4249600    ----a-w-    c:\program files\GUT9.tmp
.
============= FINISH: 19:22:28.82 ===============
 

 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2009 3:11:45 AM
System Uptime: 7/10/2014 7:10:55 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | 1005HA
Processor:          Intel® Atom™ CPU N280   @ 1.66GHz | PBGA 437 | 1666/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 72 GiB total, 12.619 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 8.843 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MP620 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MP620 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1: 6/2/2014 1:45:44 PM - System Checkpoint
RP2: 7/10/2014 7:22:02 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader 8.1.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUS VIBE
ASUSUpdate for Eee PC
AT&T Communication Manager
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Azurewave Wireless LAN Card
Brain Workshop 4.8.1
Canon MP620 series MP Drivers
CCleaner
Choice Guard
Cisco Systems VPN Client 5.0.02.0090
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
Critical Update for Windows Media Player 11 (KB959772)
Data Sync
Driver Installer
Dropbox
DVDFab 8.0.8.5 (19/03/2011)
Eee Docking 1.3.1.0
Eee Storage
EeePC1005HA Screen Saver
EeeSplendid
EzMessenger
FreeMat
FreeMind
gbrainy 2.06
gedit 2.29.3
Google Update Helper
GoToMyPC
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB939209)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hott notes 4
Intel® Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
M-Audio MIDISPORT Driver 6.1.2 (x86)
Malwarebytes Anti-Exploit version 0.10.3.0100
Malwarebytes Anti-Malware version 2.0.2.1012
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MiKTeX 2.8
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music AlarmClock v2.1.0
Nitro PDF Professional
NX Client for Windows 3.4.0-5
OpenSCAD (remove only)
Parental Control
Privoxy (remove only)
Programming Editor
PuTTY version 0.60
QuickTime 7
Realtek High Definition Audio Driver
ROOT
scilab-5.3.3
scilab-5.4.0
Scratch
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 3.6
SnagIt 8
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Super Hybrid Engine
SUPERAntiSpyware
Synaptics Pointing Device Driver
Telstra Turbo Connection Manager
Timetracker 0.9.11.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
Vim 7.2 (self-installing)
VLC media player 1.0.5
Voice Command EN Trial Version
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Revolution Education Ltd AXE027 PICAXE USB (2.08.14) Driver Package (03/18/2011 2.08.14)
Windows Driver Package - Revolution Education Ltd AXE027 PICAXE USB (2.08.14) VCP Driver Package (03/18/2011 2.08.14)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XEmacs 21.4.21
.
==== Event Viewer Messages From Past Week ========
.
7/10/2014 7:11:47 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 15 July 2014 - 06:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/540546 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bitterjava

bitterjava
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 17 July 2014 - 12:37 PM

I've run DDS again and included the logs below. One important thing I didn't mention in the first post was that I don't have the installation disc for XP anymore. I'm planning on moving to Linux Mint anyway since XP is no longer supported. I can post more information later - roommate's kid is having a tantrum right now, so it's a bit hard to concentrate.

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by RLE at 13:23:21 on 2014-07-17
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.542 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{A7C112A4-AAF8-4B78-85DA-BECDD825DD80} : NameServer = 8.8.8.8
TCP: Interfaces\{A7C112A4-AAF8-4B78-85DA-BECDD825DD80} : DHCPNameServer = 192.168.10.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\aibelive\voice command\skype4com.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rle\application data\mozilla\firefox\profiles\ehrkr222.default\
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2002-1-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2002-1-1 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-5-4 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-5-4 414520]
R1 policyappblockservice;Parental Control Application Filter;c:\program files\parental control\bin\policyappblock.sys [2009-2-2 5120]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2002-1-1 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-4 50344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-7 55152]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-5-23 53208]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files\m-audio\midisport\AudioDevMon.exe [2010-10-6 1636872]
R2 privoxy;privoxy;c:\program files\privoxy\privoxy.exe --service --> c:\program files\privoxy\privoxy.exe --service [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-9 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-1 39040]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-7 1684736]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\nitropdf5\bepldr.exe [2007-11-15 151552]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\drivers\MAudioMIDISPORT_DFU.sys [2011-7-30 23304]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-20 7680]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [2011-7-30 169224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-23 23256]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-7 232872]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2010-8-3 26112]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2014-5-25 106248]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-23 1809720]
S4 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-23 860472]
.
=============== File Associations ===============
.
ShellExec: NitroPDF.exe: Open="c:\program files\nitro pdf\professional\NitroPDF.exe""%1"
.
=============== Created Last 30 ================
.
2014-07-17 17:22:43    --------    d-----w-    c:\windows\jumpshot.com
2014-07-10 23:24:46    43152    ----a-w-    c:\windows\avastSS.scr
.
==================== Find3M  ====================
.
2014-07-10 23:24:48    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-07-10 23:24:48    67824    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-07-10 23:24:48    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 23:24:48    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-10 23:24:48    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-06-06 18:43:19    26624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-05-25 20:12:38    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-05-24 19:40:05    107224    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-23 16:22:38    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400864030171
2014-05-23 16:22:37    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1400864030171
2014-05-23 01:08:21    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-23 01:08:20    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 11:26:02    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25:54    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-06 15:03:26    4249600    ----a-w-    c:\program files\GUT9.tmp
.
============= FINISH: 13:26:20.65 ===============
 

 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2009 3:11:45 AM
System Uptime: 7/17/2014 1:20:47 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | 1005HA
Processor:          Intel® Atom™ CPU N280   @ 1.66GHz | PBGA 437 | 1666/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 72 GiB total, 12.54 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 8.843 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MP620 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MP620 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1: 6/2/2014 1:45:44 PM - System Checkpoint
RP2: 7/10/2014 7:22:02 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader 8.1.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUS VIBE
ASUSUpdate for Eee PC
AT&T Communication Manager
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Azurewave Wireless LAN Card
Brain Workshop 4.8.1
Canon MP620 series MP Drivers
CCleaner
Choice Guard
Cisco Systems VPN Client 5.0.02.0090
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
Critical Update for Windows Media Player 11 (KB959772)
Data Sync
Driver Installer
Dropbox
DVDFab 8.0.8.5 (19/03/2011)
Eee Docking 1.3.1.0
Eee Storage
EeePC1005HA Screen Saver
EeeSplendid
EzMessenger
FreeMat
FreeMind
gbrainy 2.06
gedit 2.29.3
Google Update Helper
GoToMyPC
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB939209)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hott notes 4
Intel® Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
M-Audio MIDISPORT Driver 6.1.2 (x86)
Malwarebytes Anti-Exploit version 0.10.3.0100
Malwarebytes Anti-Malware version 2.0.2.1012
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MiKTeX 2.8
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music AlarmClock v2.1.0
Nitro PDF Professional
NX Client for Windows 3.4.0-5
OpenSCAD (remove only)
Parental Control
Privoxy (remove only)
Programming Editor
PuTTY version 0.60
QuickTime 7
Realtek High Definition Audio Driver
ROOT
scilab-5.3.3
scilab-5.4.0
Scratch
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 3.6
SnagIt 8
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Super Hybrid Engine
SUPERAntiSpyware
Synaptics Pointing Device Driver
Telstra Turbo Connection Manager
Timetracker 0.9.11.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
Vim 7.2 (self-installing)
VLC media player 1.0.5
Voice Command EN Trial Version
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Revolution Education Ltd AXE027 PICAXE USB (2.08.14) Driver Package (03/18/2011 2.08.14)
Windows Driver Package - Revolution Education Ltd AXE027 PICAXE USB (2.08.14) VCP Driver Package (03/18/2011 2.08.14)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XEmacs 21.4.21
.
==== Event Viewer Messages From Past Week ========
.
7/10/2014 7:11:47 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
.
==== End Of File ===========================
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 18 July 2014 - 04:10 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 bitterjava

bitterjava
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 20 July 2014 - 11:16 AM

Hi Gary, thank you very much for helping me. I was able to download and run Combofix without having to change the name or anything. I disabled the Avast shields before running and have re-enabled them now. Here's the Combofix log:

 

log.txt

 

ComboFix 14-07-19.01 - RLE 07/20/2014  11:39:51.8.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.548 [GMT -4:00]
Running from: c:\documents and settings\RLE\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-20 to 2014-07-20  )))))))))))))))))))))))))))))))
.
.
2014-07-17 17:22 . 2014-07-17 17:22    --------    d-----w-    c:\windows\jumpshot.com
2014-07-10 23:24 . 2014-07-10 23:24    43152    ----a-w-    c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 23:25 . 2012-05-04 04:01    414520    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-10 23:24 . 2014-05-23 16:22    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-10 23:24 . 2012-05-04 04:01    57800    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-07-10 23:24 . 2012-05-04 04:01    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-07-10 23:24 . 2002-01-01 08:05    67824    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-07-10 23:24 . 2002-01-01 08:05    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 23:24 . 2002-01-01 08:05    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-10 23:24 . 2012-05-04 04:01    55112    ----a-w-    c:\windows\system32\drivers\aswrdr.sys
2014-07-10 23:24 . 2012-05-04 04:00    276432    ----a-w-    c:\windows\system32\aswBoot.exe
2014-06-06 18:43 . 2014-06-02 00:51    26624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-05-25 20:12 . 2014-05-25 20:12    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-05-24 19:40 . 2014-05-23 14:48    107224    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-23 16:22 . 2012-05-04 04:01    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400864030171
2014-05-23 16:22 . 2012-05-04 04:01    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1400864030171
2014-05-23 01:08 . 2012-10-15 22:18    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-23 01:08 . 2012-03-14 01:12    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 11:26 . 2014-05-23 16:08    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2014-05-23 15:56    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-06 15:03 . 2013-07-06 15:03    4249600    ----a-w-    c:\program files\GUT9.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-10 23:24    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-07 05:07    297808    ----a-w-    c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-07 05:07    297808    ----a-w-    c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-02-08 210208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-10 4086432]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
 SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2009-12-15 22:13    15216    ----a-w-    c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^RLE^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\RLE\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^RLE^Start Menu^Programs^Startup^hott notes 4.lnk]
path=c:\documents and settings\RLE\Start Menu\Programs\Startup\hott notes 4.lnk
backup=c:\windows\pss\hott notes 4.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^RLE^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\RLE\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^RLE^Start Menu^Programs^Startup^timetracker.lnk]
path=c:\documents and settings\RLE\Start Menu\Programs\Startup\timetracker.lnk
backup=c:\windows\pss\timetracker.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 23:51    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2008-12-01 18:23    33280    ----a-w-    c:\program files\AT&T\Communication Manager\ATTCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autodetect]
2008-08-07 17:49    91648    ----a-w-    c:\windows\system32\SupportAppXL\AutoDect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2014-07-10 23:24    4086432    ----a-w-    c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2009-05-08 14:42    395776    ----a-w-    c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16    141608    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51    3885408    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Parental Control]
2009-03-20 22:23    1104384    ----a-w-    c:\program files\Parental Control\bin\pcontrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 20:24    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-13 00:08    21898024    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07    2260480    ------w-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-01-06 21:37    5625624    ----a-w-    c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"SBAMSvc"=2 (0x2)
"CVPND"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Securepoint VPN"=2 (0x2)
"OpenVPNService"=3 (0x3)
"OpenVPNAccessClient"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"HitmanProScheduler"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1/1/2002 4:05 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1/1/2002 4:05 AM 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5/4/2012 12:01 AM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5/4/2012 12:01 AM 414520]
R1 policyappblockservice;Parental Control Application Filter;c:\program files\Parental Control\bin\policyappblock.sys [2/2/2009 4:22 PM 5120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [10/10/2013 6:54 PM 120088]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/23/2014 12:22 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [1/1/2002 4:05 AM 67824]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [5/23/2014 12:08 PM 53208]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files\M-Audio\MIDISPORT\AudioDevMon.exe [10/6/2010 4:45 PM 1636872]
R2 privoxy;privoxy;c:\program files\Privoxy\privoxy.exe --service --> c:\program files\Privoxy\privoxy.exe --service [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/9/2009 7:17 AM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/1/2009 10:19 PM 39040]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/7/2009 9:19 PM 1684736]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 10:07 PM 113152]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [11/15/2007 6:05 PM 151552]
S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\drivers\MAudioMIDISPORT_DFU.sys [7/30/2011 3:03 PM 23304]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [10/20/2009 1:42 AM 7680]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [7/30/2011 3:03 PM 169224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/23/2014 11:56 AM 23256]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [5/7/2009 10:35 PM 232872]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 8:37 AM 26624]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [8/3/2010 5:25 PM 26112]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [5/25/2014 4:05 PM 106248]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/23/2014 11:56 AM 1809720]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/23/2014 11:56 AM 860472]
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-15 01:08]
.
2014-07-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-10 23:24]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-04 04:01]
.
2014-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-04 04:01]
.
2014-07-20 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
2014-05-24 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
2014-06-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b3ca3820-e8e8-4b9c-b146-69afa3252529.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-06-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task db84223b-311c-4992-8118-85277d1bc312.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{A7C112A4-AAF8-4B78-85DA-BECDD825DD80}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\RLE\Application Data\Mozilla\Firefox\Profiles\ehrkr222.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-20 12:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-07-20  12:05:57
ComboFix-quarantined-files.txt  2014-07-20 16:05
ComboFix2.txt  2014-05-25 22:43
.
Pre-Run: 13,078,925,312 bytes free
Post-Run: 13,070,962,688 bytes free
.
- - End Of File - - 6D259D54777F18CC125ED2197BB2BC59
8F558EB6672622401DA993E1E865C861
 

 

Combofix-quarantined-files.txt

 

2014-07-20 15:53:29 . 2014-07-20 15:53:29           14,317 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-07-20 15:39:49 . 2014-07-20 15:39:49              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-07-20 15:35:22 . 2014-07-20 15:35:23               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
 

 

ComboFix2.txt

 

ComboFix 14-05-19.01 - Administrator 05/25/2014  18:33:16.7.2 - x86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.680 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-25 to 2014-05-25  )))))))))))))))))))))))))))))))
.
.
2014-05-25 22:03 . 2014-05-25 22:30    --------    d-----w-    c:\documents and settings\Administrator
2014-05-25 20:20 . 2014-05-25 20:20    --------    d-----w-    c:\windows\ERUNT
2014-05-25 20:12 . 2014-05-25 20:12    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-05-25 20:03 . 2014-05-25 20:05    --------    d-----w-    c:\program files\HitmanPro
2014-05-25 20:03 . 2014-05-25 22:08    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2014-05-25 02:26 . 2014-05-25 21:39    26624    ----a-w-    c:\windows\system32\TrueSight.sys
2014-05-25 02:15 . 2012-01-10 17:57    637848    ----a-w-    c:\windows\system32\npDeployJava1.dll
2014-05-25 02:15 . 2012-01-10 17:57    567696    ----a-w-    c:\windows\system32\deployJava1.dll
2014-05-24 23:06 . 2014-05-24 23:06    --------    d-----w-    c:\program files\CCleaner
2014-05-24 02:55 . 2014-05-24 03:02    --------    d-----w-    c:\windows\system32\MRT
2014-05-24 02:12 . 2014-05-24 03:18    --------    d-----w-    c:\windows\ie8updates
2014-05-24 01:39 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2014-05-24 01:35 . 2013-02-12 00:32    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2014-05-24 01:34 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2014-05-24 01:33 . 2014-02-26 01:59    13312    -c----w-    c:\windows\system32\dllcache\xp_eos.exe
2014-05-24 01:33 . 2014-02-26 01:59    13312    ------w-    c:\windows\system32\xp_eos.exe
2014-05-24 01:33 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2014-05-24 01:33 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2014-05-24 01:31 . 2014-03-06 17:59    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2014-05-24 01:31 . 2014-03-06 17:59    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2014-05-24 01:31 . 2014-03-06 17:59    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2014-05-24 01:31 . 2014-03-06 17:59    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2014-05-23 17:05 . 2014-05-23 17:09    --------    d-----w-    C:\FRST
2014-05-23 16:22 . 2014-05-23 16:22    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-23 16:22 . 2014-05-23 16:22    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-23 16:08 . 2014-05-12 11:26    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-23 15:56 . 2014-05-12 11:25    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-23 15:56 . 2014-05-23 15:56    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-23 15:48 . 2014-05-25 19:52    --------    d-----w-    C:\AdwCleaner
2014-05-23 14:48 . 2014-05-23 15:56    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2014-05-23 14:48 . 2014-05-24 20:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-05-23 14:48 . 2014-05-24 19:40    107224    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-23 01:35 . 2014-05-23 01:35    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-05-23 01:35 . 2014-05-23 01:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-05-23 01:35 . 2014-05-23 01:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-05-23 01:35 . 2014-05-23 01:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-05-23 01:35 . 2014-05-23 01:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-05-23 01:33 . 2014-05-23 01:34    --------    d-----w-    c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-23 16:53 . 2012-05-04 04:01    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-23 16:53 . 2012-05-04 04:01    411680    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-23 16:53 . 2012-05-04 04:01    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys
2014-05-23 16:22 . 2012-05-04 04:01    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-05-23 16:22 . 2012-05-04 04:01    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400864030171
2014-05-23 16:22 . 2002-01-01 08:05    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-23 16:22 . 2012-05-04 04:01    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1400864030171
2014-05-23 16:22 . 2002-01-01 08:05    67824    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-05-23 16:22 . 2002-01-01 08:05    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-23 16:22 . 2012-05-04 04:00    271264    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-23 01:08 . 2012-10-15 22:18    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-23 01:08 . 2012-03-14 01:12    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:59 . 2009-04-29 10:54    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2009-04-29 10:54    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2009-04-29 10:54    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2009-04-29 10:54    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2009-04-29 10:54    385024    ----a-w-    c:\windows\system32\html.iec
2013-07-06 15:03 . 2013-07-06 15:03    4249600    ----a-w-    c:\program files\GUT9.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-23 16:22    260976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-07 05:07    297808    ----a-w-    c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-07 05:07    297808    ----a-w-    c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-02-08 210208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-23 3873704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
 SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2009-12-15 22:13    15216    ----a-w-    c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^RLE^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\RLE\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^RLE^Start Menu^Programs^Startup^hott notes 4.lnk]
path=c:\documents and settings\RLE\Start Menu\Programs\Startup\hott notes 4.lnk
backup=c:\windows\pss\hott notes 4.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^RLE^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\RLE\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^RLE^Start Menu^Programs^Startup^timetracker.lnk]
path=c:\documents and settings\RLE\Start Menu\Programs\Startup\timetracker.lnk
backup=c:\windows\pss\timetracker.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 23:51    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2008-12-01 18:23    33280    ----a-w-    c:\program files\AT&T\Communication Manager\ATTCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autodetect]
2008-08-07 17:49    91648    ----a-w-    c:\windows\system32\SupportAppXL\AutoDect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2014-05-23 16:22    3873704    ----a-w-    c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2009-05-08 14:42    395776    ----a-w-    c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16    141608    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51    3885408    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Parental Control]
2009-03-20 22:23    1104384    ----a-w-    c:\program files\Parental Control\bin\pcontrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 20:24    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-13 00:08    21898024    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07    2260480    ------w-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"SBAMSvc"=2 (0x2)
"CVPND"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Securepoint VPN"=2 (0x2)
"OpenVPNService"=3 (0x3)
"OpenVPNAccessClient"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1/1/2002 4:05 AM 49944]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1/1/2002 4:05 AM 180632]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5/4/2012 12:01 AM 777488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5/4/2012 12:01 AM 411680]
S1 policyappblockservice;Parental Control Application Filter;c:\program files\Parental Control\bin\policyappblock.sys [2/2/2009 4:22 PM 5120]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/23/2014 12:22 PM 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [1/1/2002 4:05 AM 67824]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [5/25/2014 4:05 PM 106248]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [5/23/2014 12:08 PM 53208]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files\M-Audio\MIDISPORT\AudioDevMon.exe [10/6/2010 4:45 PM 1636872]
S2 privoxy;privoxy;c:\program files\Privoxy\privoxy.exe --service --> c:\program files\Privoxy\privoxy.exe --service [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/7/2009 9:19 PM 1684736]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 10:07 PM 113152]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [11/15/2007 6:05 PM 151552]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/9/2009 7:17 AM 38912]
S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\drivers\MAudioMIDISPORT_DFU.sys [7/30/2011 3:03 PM 23304]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [10/20/2009 1:42 AM 7680]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\drivers\MAudioMIDISPORT.sys [7/30/2011 3:03 PM 169224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/23/2014 11:56 AM 23256]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [5/7/2009 10:35 PM 232872]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 8:37 AM 26624]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [8/3/2010 5:25 PM 26112]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/1/2009 10:19 PM 39040]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/23/2014 11:56 AM 1809720]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/23/2014 11:56 AM 860472]
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-15 01:08]
.
2014-05-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-23 16:22]
.
2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-04 04:01]
.
2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-04 04:01]
.
2014-05-25 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
2014-05-24 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{A7C112A4-AAF8-4B78-85DA-BECDD825DD80}: NameServer = 8.8.8.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-25 18:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-866712340-552036587-3804464721-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,e8,e5,7f,fc,28,b3,4f,98,a3,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,e8,e5,7f,fc,28,b3,4f,98,a3,3b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2014-05-25  18:43:06
ComboFix-quarantined-files.txt  2014-05-25 22:43
ComboFix2.txt  2014-05-25 22:28
ComboFix3.txt  2014-05-25 21:36
ComboFix4.txt  2014-05-25 00:10
ComboFix5.txt  2014-05-25 22:31
.
Pre-Run: 11,291,799,552 bytes free
Post-Run: 11,270,696,960 bytes free
.
- - End Of File - - 905BC648166FACB16227378A5C87BEE5
8F558EB6672622401DA993E1E865C861

 

 

I'm about to download and run the Farbar Recovery Scan Tool and will post the log when I've done so.

 

Thanks again,

 

Bitterjava
 



#6 bitterjava

bitterjava
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 20 July 2014 - 11:40 AM

Here are the FRST logs. I disabled Avast shields again to run this.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by RLE (administrator) on R on 20-07-2014 12:20:21
Running from C:\Documents and Settings\RLE\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(M-Audio) C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe
(The Privoxy team - www.privoxy.org) C:\Program Files\Privoxy\privoxy.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsEPCMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-866712340-552036587-3804464721-1005\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [395776 2009-05-08] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk
ShortcutTarget:  SuperHybridEngine.lnk -> C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: OverlayIconExtension1 -> {fe25455d-b4c2-4e32-97d2-92632ec1c224} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: OverlayIconExtension2 -> {1fae2d88-a78e-4f03-909f-be818a3c1ce6} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Aibelive\Voice Command\skype4com.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{A7C112A4-AAF8-4B78-85DA-BECDD825DD80}: [NameServer]8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\RLE\Application Data\Mozilla\Firefox\Profiles\ehrkr222.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Edge - C:\Documents and Settings\RLE\Application Data\Mozilla\Firefox\Profiles\ehrkr222.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-06-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-28]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-04]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-07-09] (Apple Inc.)
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [113152 2008-11-20] (SmithMicro Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
S3 bepldr; C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [151552 2007-11-15] () [File not signed]
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-10-26] (Cisco Systems, Inc.)
S3 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [557424 2009-12-15] (Citrix Online, a division of Citrix Systems, Inc.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-05-25] (SurfRight B.V.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MIDISPORTAudioDevMon; C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe [1636872 2010-10-06] (M-Audio)
R2 privoxy; C:\Program Files\Privoxy\privoxy.exe [302080 2008-01-20] (The Privoxy team - www.privoxy.org) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1528928 2009-03-13] (Atheros Communications, Inc.)
R3 AsusACPI; C:\WINDOWS\System32\DRIVERS\ASUSACPI.sys [10752 2008-04-08] (ASUSTeK Computer Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-10] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-10] ()
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) [File not signed]
S3 BrSerIf; C:\WINDOWS\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [11904 2006-09-03] (Brother Industries Ltd.) [File not signed]
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534568 2008-05-29] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2008-08-19] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
R3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [57384 2008-03-10] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-08-19] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [55152 2009-02-06] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 MADFUMIDISPORT2010; C:\WINDOWS\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [23304 2010-10-06] (M-Audio)
S3 MAUSBMIDISPORT; C:\WINDOWS\System32\DRIVERS\MAudioMIDISPORT.sys [169224 2010-10-06] (M-Audio)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2008-11-20] (Printing Communications Assoc., Inc. (PCAUSA))
R1 policyappblockservice; C:\Program Files\Parental Control\bin\policyappblock.sys [5120 2009-02-02] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRS_PremiumSound_Service; C:\WINDOWS\System32\drivers\srs_PremiumSound_i386.sys [232872 2009-04-20] ()
S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
S3 SWNC8U80; C:\WINDOWS\System32\DRIVERS\swnc8u80.sys [168192 2008-08-20] (Sierra Wireless Inc.)
S3 SWUMX80; C:\WINDOWS\System32\DRIVERS\swumx80.sys [142976 2008-08-20] (Sierra Wireless Inc.)
S3 tap0801; C:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2010-01-08] (AnchorFree Inc)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [26112 2010-08-03] (The OpenVPN Project) [File not signed]
R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [18816 2008-11-20] (Bytemobile, Inc.) [File not signed]
R3 uvclf; C:\WINDOWS\System32\DRIVERS\uvclf.sys [39040 2008-11-18] (GenesysLogic Technologies, Inc.)
U3 catchme; \??\C:\DOCUME~1\RLE\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U3 TlntSvr;
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 12:20 - 2014-07-20 12:21 - 00016263 _____ () C:\Documents and Settings\RLE\Desktop\FRST.txt
2014-07-20 12:18 - 2014-07-20 12:18 - 01080320 _____ (Farbar) C:\Documents and Settings\RLE\Desktop\FRST.exe
2014-07-20 12:06 - 2014-07-20 12:21 - 00000000 ____D () C:\Documents and Settings\RLE\Local Settings\temp
2014-07-20 12:06 - 2014-07-20 12:06 - 00019598 _____ () C:\ComboFix.txt
2014-07-20 12:06 - 2014-07-20 12:06 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-20 12:06 - 2014-07-20 12:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-07-20 12:06 - 2014-07-20 12:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-07-20 11:35 - 2014-07-20 12:06 - 00000000 ____D () C:\Qoobox
2014-07-20 11:35 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-07-20 11:35 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-07-20 11:35 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-07-20 11:35 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-07-20 11:35 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-07-20 11:35 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-07-20 11:35 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-07-20 11:35 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-07-20 11:35 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-07-20 11:33 - 2014-07-20 11:33 - 05222180 ____R (Swearware) C:\Documents and Settings\RLE\Desktop\ComboFix.exe
2014-07-17 13:22 - 2014-07-17 13:22 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 19:38 - 2014-07-17 13:39 - 00000000 ____D () C:\Documents and Settings\RLE\Desktop\Logs 2014-07-10
2014-07-10 19:24 - 2014-07-10 19:24 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified Files and Folders =======

2014-07-20 12:21 - 2014-07-20 12:20 - 00016263 _____ () C:\Documents and Settings\RLE\Desktop\FRST.txt
2014-07-20 12:21 - 2014-07-20 12:06 - 00000000 ____D () C:\Documents and Settings\RLE\Local Settings\temp
2014-07-20 12:21 - 2012-05-04 00:02 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 12:20 - 2014-05-23 13:05 - 00000000 ____D () C:\FRST
2014-07-20 12:18 - 2014-07-20 12:18 - 01080320 _____ (Farbar) C:\Documents and Settings\RLE\Desktop\FRST.exe
2014-07-20 12:06 - 2014-07-20 12:06 - 00019598 _____ () C:\ComboFix.txt
2014-07-20 12:06 - 2014-07-20 12:06 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-20 12:06 - 2014-07-20 12:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-07-20 12:06 - 2014-07-20 12:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-07-20 12:06 - 2014-07-20 11:35 - 00000000 ____D () C:\Qoobox
2014-07-20 12:06 - 2009-04-29 07:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-20 12:06 - 2009-04-29 07:09 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-07-20 12:00 - 2009-04-29 06:54 - 00000227 _____ () C:\WINDOWS\system.ini
2014-07-20 11:36 - 2009-04-29 07:10 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-20 11:35 - 2012-07-07 19:00 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-20 11:35 - 2009-04-29 07:05 - 01922965 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 11:34 - 2014-05-23 12:12 - 00000000 ____D () C:\WINDOWS\erdnt
2014-07-20 11:33 - 2014-07-20 11:33 - 05222180 ____R (Swearware) C:\Documents and Settings\RLE\Desktop\ComboFix.exe
2014-07-20 11:29 - 2014-05-24 00:09 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-20 11:29 - 2012-05-04 00:02 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 11:29 - 2009-04-29 06:54 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-20 11:28 - 2009-04-29 00:03 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-20 11:28 - 2009-04-29 00:03 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-17 13:56 - 2009-07-22 03:12 - 00000278 ___SH () C:\Documents and Settings\RLE\ntuser.ini
2014-07-17 13:39 - 2014-07-10 19:38 - 00000000 ____D () C:\Documents and Settings\RLE\Desktop\Logs 2014-07-10
2014-07-17 13:36 - 2014-05-23 22:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-17 13:22 - 2014-07-17 13:22 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 19:25 - 2012-05-04 00:01 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 19:25 - 2012-05-04 00:01 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 19:24 - 2014-07-10 19:24 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 19:24 - 2014-05-23 12:22 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 19:24 - 2012-05-04 00:01 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-10 19:24 - 2012-05-04 00:01 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 19:24 - 2012-05-04 00:01 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-07-10 19:24 - 2012-05-04 00:00 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 19:24 - 2002-01-01 04:05 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 19:24 - 2002-01-01 04:05 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-07-10 19:24 - 2002-01-01 04:05 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-26 17:38 - 2012-05-31 09:36 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\Documents and Settings\RLE\gosetup.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-07-2014
Ran by RLE at 2014-07-20 12:23:00
Running from C:\Documents and Settings\RLE\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 8.1.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asus ACPI Driver (HKLM\...\{19F5658D-92E8-4A08-8657-D38ABB1574B2}) (Version: 6.1.1.1008 - AsusTek Computer)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.142 - Ecareme, Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
AT&T Communication Manager (HKLM\...\{AF64F216-D859-43FC-9068-0005A41AEBA3}) (Version: 6.10.0025.0 - AT&T)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Azurewave Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.7.0 - Azurewave)
Brain Workshop 4.8.1 (HKLM\...\Brain Workshop_is1) (Version: 4.8.1 - Paul Hoskinson & Jonathan Toomim)
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.02.0090 (HKLM\...\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}) (Version: 5.0.2 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Data Sync (HKLM\...\{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}) (Version: 1.0.2 - ASUS)
Driver Installer (HKLM\...\{F804CAE5-50B2-4646-803A-A428325237CA}) (Version: 2.3.0.797 - Option NV)
Dropbox (HKCU\...\Dropbox) (Version: 1.2.48 - Dropbox, Inc.)
DVDFab 8.0.8.5 (19/03/2011) (HKLM\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
Eee Docking 1.3.1.0 (HKLM\...\Eee Docking_is1) (Version: 1.3.1.0 - ASUSTEK)
Eee Storage (HKLM\...\Eee Storage) (Version: 2.0.15.415 - eCareme Technologies, Inc.)
EeePC1005HA Screen Saver (HKLM\...\EeePC1005HA) (Version:  - )
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.1.0020 - ASUS)
EzMessenger (HKLM\...\{C72CA49A-9237-4810-8449-45DA3BD26D64}) (Version: 1.0.2 - ASUS)
FreeMat (HKLM\...\FreeMat) (Version: 4.1.1 - Humanity)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.8.1 - )
gbrainy 2.06 (HKLM\...\gbrainy) (Version: 2.06 - )
gedit 2.29.3 (HKLM\...\gedit_is1) (Version: 2.29.3 - GNOME)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMyPC (HKLM\...\{58F4D4FD-1814-4068-B316-C28FC776C6DD}) (Version: 7.1.533 - Citrix Online)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
hott notes 4 (HKLM\...\hott notes 4) (Version: 4.1 - Joel Riley)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}) (Version: 9.0.3.15 - Apple Inc.)
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Malwarebytes Anti-Exploit version 0.10.3.0100 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.3.0100 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
M-Audio MIDISPORT Driver 6.1.2 (x86) (HKLM\...\{46D2EDB6-3B13-4723-80FE-E972201C334C}) (Version: 6.1.2 - M-Audio)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - ) <==== ATTENTION
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MiKTeX 2.8 (HKLM\...\MiKTeX 2.8) (Version: 2.8 - MiKTeX.org)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music AlarmClock v2.1.0 (HKLM\...\{BEEB434F-CAFE-4708-BE3A-7C61587FA8C8}) (Version: 2.1.0 - B. Whittington Yuille)
Nitro PDF Professional (HKLM\...\{A4ABFA60-DE8E-4237-BDF9-4015FE673AD1}) (Version: 5.3.2 - Nitro PDF Software)
NX Client for Windows 3.4.0-5 (HKLM\...\nxclient_is1) (Version: 3.4.0-5 - NoMachine)
OpenSCAD (remove only) (HKLM\...\OpenSCAD) (Version:  - )
Parental Control (HKLM\...\Parental Control) (Version: 1.5.4.31 - International Syst)
Privoxy (remove only) (HKLM\...\Privoxy) (Version:  - )
Programming Editor (HKLM\...\{CD6FA0C1-2A72-472B-A60B-101B763DC185}) (Version: 5.4.0 - Revolution Education Ltd)
PuTTY version 0.60 (HKLM\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5821 - Realtek Semiconductor Corp.)
ROOT (HKLM\...\{F570A3D8-BC0D-408E-BBE3-57E6DEEE5AAA}) (Version: 5.22.00 - ROOT Team)
scilab-5.3.3 (HKLM\...\scilab-5.3.3_is1) (Version:  - DIGITEO)
scilab-5.4.0 (HKLM\...\scilab-5.4.0_is1) (Version:  - Scilab Enterprises)
Scratch (HKLM\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 3.6 (HKLM\...\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}) (Version: 3.6.248 - Skype Technologies S.A.)
SnagIt 8 (HKLM\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 1.18 - ASUS)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.8.0 - Synaptics Incorporated)
Telstra Turbo Connection Manager (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - Telstra)
Timetracker 0.9.11.0 (HKLM\...\Timetracker) (Version: 0.9.11.0 - 0xff.net)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB942763) (HKLM\...\KB942763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB953356) (HKLM\...\KB953356) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
USB2.0 UVC Camera Device (HKLM\...\{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}) (Version: 0.1.0.0 - UVCPCC)
Vim 7.2 (self-installing) (HKLM\...\Vim 7.2) (Version:  - )
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Voice Command EN Trial Version (HKLM\...\InstallShield_{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}) (Version: 3.1.0.4 - Aibelive)
Voice Command EN Trial Version (Version: 3.1.0.4 - Aibelive) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.4400 -  )
Windows Driver Package - Revolution Education Ltd AXE027 PICAXE USB (2.08.14) Driver Package (03/18/2011 2.08.14) (HKLM\...\771BEB483AF8009DB42E83AEECF2019F391D8444) (Version: 03/18/2011 2.08.14 - Revolution Education Ltd)
Windows Driver Package - Revolution Education Ltd AXE027 PICAXE USB (2.08.14) VCP Driver Package (03/18/2011 2.08.14) (HKLM\...\B013235C94BA4F7146366F3252184FB3D919B8A5) (Version: 03/18/2011 2.08.14 - Revolution Education Ltd)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XEmacs 21.4.21 (HKLM\...\XEmacs_is1) (Version:  - XEmacs Development Team)

==================== Restore Points  =========================

02-06-2014 17:45:44 System Checkpoint
10-07-2014 23:22:02 avast! antivirus system restore point
17-07-2014 17:27:46 Software Distribution Service 3.0
20-07-2014 15:35:58 ComboFix created restore point

==================== Hosts content: ==========================

2009-04-29 06:54 - 2014-06-01 22:12 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b3ca3820-e8e8-4b9c-b146-69afa3252529.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task db84223b-311c-4992-8118-85277d1bc312.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2002-01-01 01:02 - 2014-07-10 19:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-20 11:32 - 2014-07-20 11:32 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14072000\algo.dll
2008-01-20 13:06 - 2008-01-20 13:06 - 00065024 _____ () C:\Program Files\Privoxy\mgwz.dll
2008-02-08 16:42 - 2008-02-08 16:42 - 00210208 _____ () C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
2007-11-15 18:01 - 2007-11-15 18:01 - 00495616 _____ () C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepprint.dll
2002-01-01 04:11 - 2014-07-10 19:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-04-13 12:08 - 2009-04-13 12:08 - 00136464 _____ () C:\Program Files\ASUS\Eee Storage\EcaremeDLL.dll
2009-05-07 10:30 - 2009-05-07 10:30 - 00029968 _____ () C:\WINDOWS\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll
2009-05-07 10:30 - 2009-05-07 10:30 - 00839680 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk => C:\WINDOWS\pss\VPN Client.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^RLE^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^RLE^Start Menu^Programs^Startup^hott notes 4.lnk => C:\WINDOWS\pss\hott notes 4.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^RLE^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^RLE^Start Menu^Programs^Startup^timetracker.lnk => C:\WINDOWS\pss\timetracker.lnkStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AT&T Communication Manager => "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
MSCONFIG\startupreg: autodetect => C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: Eee Docking => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSCONFIG\startupreg: Parental Control => "C:\Program Files\Parental Control\bin\pcontrol.exe" --start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 00:20:57 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:46 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:43 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:43 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:43 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:43 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:43 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/20/2014 00:20:42 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (07/20/2014 11:28:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/17/2014 01:55:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/17/2014 01:26:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/10/2014 07:11:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (06/06/2014 03:16:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (06/06/2014 02:36:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (06/05/2014 04:49:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (06/02/2014 02:37:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (06/02/2014 02:31:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (06/02/2014 01:43:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 1015.17 MB
Available physical RAM: 504.32 MB
Total Pagefile: 2441.94 MB
Available Pagefile: 2071.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:72.06 GB) (Free:12.26 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:72.05 GB) (Free:8.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 7EE5D663)
Partition 1: (Active) - (Size=72 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=72 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=1C)
Partition 4: (Not Active) - (Size=47 MB) - (Type=EF)

==================== End Of Log ============================

 

 

 

 

 

Unfortunately I can't upload Summary.nfo as its's over the 512KB size limit.

 



#7 bitterjava

bitterjava
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 20 July 2014 - 11:45 AM

D'oh, didn't compress the file first. Here's Summary.nfo compressed into Summary.zip.

 

 

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 20 July 2014 - 02:25 PM

Are you planning on reformatting your hard drive and doing a fresh install?

Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S4 IntelIde; No ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
2014-07-17 13:22 - 2014-07-17 13:22 - 00000000 ____D () C:\WINDOWS\jumpshot.com
C:\Documents and Settings\RLE\gosetup.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reformat?
  • Ficxog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 bitterjava

bitterjava
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 20 July 2014 - 06:00 PM

Hi Gary,

 

I'm hoping to move to Linux Mint 16 Xfce on this computer, but I still have to check the hardware will support it. I'll test Mint using a bootable USB stick, and if it works, I'll format the hard drive prior to installing. If not I'll have to figure out how to reinstall XP from a USB stick, as it's a netbook with no CD drive and it came with the OS preinstalled.

 

Malware on a netbook sucks.

 

 

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by RLE at 2014-07-20 18:40:45 Run:1
Running from C:\Documents and Settings\RLE\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S4 IntelIde; No ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
2014-07-17 13:22 - 2014-07-17 13:22 - 00000000 ____D () C:\WINDOWS\jumpshot.com
C:\Documents and Settings\RLE\gosetup.exe
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully.
'HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}' => Key deleted successfully.
'HKCR\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}' => Key deleted successfully.
'HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.
IntelIde => Service deleted successfully.
SBRE => Service deleted successfully.
C:\WINDOWS\jumpshot.com => Moved successfully.
C:\Documents and Settings\RLE\gosetup.exe => Moved successfully.

==== End of Fixlog ====



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 20 July 2014 - 09:30 PM

That looks good.

Are you going to back up files to an external drive and then put them back on the Netbook?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 bitterjava

bitterjava
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 21 July 2014 - 07:33 AM

Will doing that infect the external backup drive too? I've backed up everything important to an ftp server, but I didn't have enough room for the less important stuff and I'd like to save everything if possible.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 21 July 2014 - 08:16 AM

My thoughts are to transfer over what you want and then I have steps we can take to scan the external drive for malware. That will allow us to confirm your files are clean and no threat when you put them back on the Netbook.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 bitterjava

bitterjava
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 21 July 2014 - 09:41 AM

Sounds good. Should I go ahead and start copying files to the external drive now?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 21 July 2014 - 01:57 PM

Yes, that would be great. Once you are all set you can do this to scan the external drive.

===================================================

Panda USB Vaccine

--------------------

Alternate download link 1
Alternate download link 2

  • Double-click on USBVaccineSetup.exe to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your external drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
  • Leave the external drive attached to your computer
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon Including External Drive

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Attach any external drives you want to scan if not already attached
  • Click the Scan button near the top
  • Select Custom Scan then click Scan Now >>
  • Place a check mark in any additonal drives you would like to scan
  • Click Start Scan

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
===================================================

ESET Online Scanner Including External Drives

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Select Enable detection of potentially unwanted applications then click Start
  • Click Advanced settings
  • Select Scan for potentially unsafe applications
  • Click Change... next to Current scan targets: Operating memory, Local drives
  • Place a check mark in any additional drives you would like to scan then click OK
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Scan logs (if applicable)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 bitterjava

bitterjava
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 22 July 2014 - 05:07 PM

Hi, the first Panda link redirected to http://www.pandasecurity.com/mediacenter/ but the first alternative link (Cnet) worked and the program ran without a problem. I'm now running the MalwareBytes scan (posting this from a different computer).


Edited by bitterjava, 22 July 2014 - 05:07 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users