Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Could these Avast reports be false positives?


  • This topic is locked This topic is locked
6 replies to this topic

#1 dbltip

dbltip

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 20 July 2014 - 04:04 PM

Hello

 

Today I ran a Boot-time scan with Avast.  I received multiple hits for Trojans, Malware and Dropper-gen.  The problem is that 5 out of 6 of these are trusted programs.  Wsop.com is a NJ online poker site and the other I believe is ZoneAlarm Firewall.  I did not want to delete them until I could get some professional advice.  So far I have them sitting in Avast's Virus Chest.  Thanks for your help.

These are the files that are in my Virus Chest:

 

Name-PresentationFontCache.ni.exe   LoacationC:\Windows\Assembly\NativeImages\_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a

Virus-Win32:Malware-gen

 

Name-WSOP.com_NJ.exe

Location-C:\ProgramFiles\NJ.WSOP.com\bin

Virus-WIN32:Dropper-gen[Drp]

 

Name-WSOP.com_NJ.exe

Location-C:\ProgramFiles\NJ.WSOP.com\bin

Virus-FileRepMalware

 

Name-WSOP.com_NJ.exe

Location-C:\ProgramFiles\NJ.WSOP.com\bin

Virus-FileRepMalware

 

Name-Zafwsetup_120_121_000.exe
Location-C:\Documentand Settings\Mom\My document\Downloads

Virus-Win32:Trojan-gen

 

Name-GLH059.TMP

Location-C:Program files\NJ.WSOP.com\bin

Virus-Virus-WIN32:Dropper-gen[Drp]

 


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:39 AM

Posted 21 July 2014 - 09:21 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:39 AM

Posted 24 July 2014 - 06:03 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:39 AM

Posted 31 July 2014 - 04:06 AM

User returned.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 dbltip

dbltip
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 01 August 2014 - 04:13 PM

I was finally able to run the Fbar Scan, here are the logs.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014
Ran by Mom at 2014-07-30 20:36:32
Running from C:\Documents and Settings\Mom\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version:  - )
Conexant AC-Link Audio (HKLM\...\Conexant PCI Audio) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
gc-browser-plugin-client (HKLM\...\{D589CDD1-93A0-47AC-B508-13AC6ED9BBBD}) (Version: 2.1.3.2 - GeoComply)
GeoComply Browser Plugin (HKLM\...\{31575B33-1F39-46C6-970F-3E2C45EF9DA8}) (Version: 2.1.7.1 - GeoComply)
GeoComply Browser Plugin-C (HKLM\...\{B38BD46F-7280-49C7-8AC0-099F96B01EFD}) (Version: 2.1.4.2 - GeoComply)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1399.3742 - Google Inc.)
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 3.200.16.1 - HPQ)
HP Software Update (HKLM\...\{15EE79F4-4ED1-4267-9B0F-351009325D7D}) (Version: 3.0.5.001 - HEWLET~1|Hewlett-Packard)
HP User Guides 0001 (HKLM\...\{06ECCCF4-9295-468E-851C-9529A7C181E8}) (Version: 1.00.0003 - HPQ)
HP Wireless Assistant (HKLM\...\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}) (Version: 1.0.0.31 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.637 - InterVideo Inc.)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 4.0 - SE (HKLM\...\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}) (Version: 4.00.050 - muvee Technologies)
NJ.WSOP.com (HKLM\...\NJ.WSOP.com) (Version:  - )
Quick Launch Buttons 5.10 B2 (HKLM\...\{CEB326EC-8F40-47B2-BA22-BB092565D66F}) (Version: 5.10 B2 - Hewlett-Packard Company)
QuickTime (HKLM\...\QuickTime) (Version:  - )
REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.60 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SMRecorder 1.3.2 (HKLM\...\SMRecorder) (Version: 1.3.2 - SMRecorder)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C) (Version:  - )
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.12.7.0 - )
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}) (Version: 1.08.0000 - Texas Instruments Inc.)
TIxx21 (Version: 1.08.0000 - Texas Instruments Inc.) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
ZoneAlarm Firewall (Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 12.0.121.000 - Check Point)
ZoneAlarm Security (Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{926ca321-67df-47d6-910e-22c203d78f23}\InprocServer32 -> C:\WINDOWS\mark_32.dll No File
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32 -> C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{a179efa6-7339-439d-b902-51603a945d25}\InprocServer32 -> C:\WINDOWS\batmeter16.dll No File
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No (the data entry has 5 more characters).

==================== Restore Points  =========================

26-04-2014 00:01:59 Software Distribution Service 3.0
26-04-2014 01:17:17 avast! antivirus system restore point
26-04-2014 02:18:09 Installed Java 7 Update 55
17-05-2014 00:21:39 avast! antivirus system restore point
25-05-2014 07:00:22 Software Distribution Service 3.0
26-05-2014 12:01:11 Software Distribution Service 3.0
11-06-2014 22:07:11 Software Distribution Service 3.0
06-07-2014 15:53:08 avast! antivirus system restore point
09-07-2014 12:30:02 Software Distribution Service 3.0
23-07-2014 23:48:06 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 08:00 - 2013-12-17 13:51 - 00450543 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{94908923-392F-4184-88CC-D486E0F19ED0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-02-16 21:13 - 2014-07-06 11:55 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-30 18:10 - 2014-07-30 18:10 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073002\algo.dll
2013-12-12 22:52 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-12 22:52 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-16 21:13 - 2014-07-06 11:55 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Mom^Start Menu^Programs^Startup^E-mail.lnk => C:\WINDOWS\pss\E-mail.lnkStartup
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: WINZIPDUDriverUpdater => C:\Program Files\WinZip Driver Updater\winzipdu.exe -rem

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 06:42:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 31.7.2014.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/28/2014 11:07:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 25.7.2014.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/13/2014 04:15:37 PM) (Source: ZAPrivacyService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/12/2014 07:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamscheduler.exe, version 3.0.2.0, faulting module unknown, version 0.0.0.0, fault address 0x0003001f.
Processing media-specific event for [mbamscheduler.exe!ws!]

Error: (07/12/2014 01:44:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/07/2014 10:25:28 AM) (Source: MsiInstaller) (EventID: 11704) (User: MOMSCOMPUTER)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 -- Error 1704.An installation for Java 7 Update 60 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (07/07/2014 10:19:12 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 358086517.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/07/2014 10:19:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application softonicdownloader_for_smrecorder.exe, version 1.41.1.8, faulting module softonicdownloader_for_smrecorder.exe, version 1.41.1.8, fault address 0x000270c3.
Processing media-specific event for [softonicdownloader_for_smrecorder.exe!ws!]

Error: (07/07/2014 10:17:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application softonicdownloader_for_smrecorder.exe, version 1.41.1.8, faulting module softonicdownloader_for_smrecorder.exe, version 1.41.1.8, fault address 0x000270c3.
Processing media-specific event for [softonicdownloader_for_smrecorder.exe!ws!]

Error: (07/06/2014 02:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application softonicdownloader_for_smrecorder.exe, version 1.41.1.8, faulting module softonicdownloader_for_smrecorder.exe, version 1.41.1.8, fault address 0x000270c3.
Processing media-specific event for [softonicdownloader_for_smrecorder.exe!ws!]


System errors:
=============
Error: (07/30/2014 08:07:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/30/2014 08:06:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (07/30/2014 08:06:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (07/30/2014 08:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (07/30/2014 08:06:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (07/30/2014 08:04:43 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.8 for the Network Card with network address 001500384ECC has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/30/2014 06:58:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/30/2014 06:54:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (07/30/2014 06:54:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (07/30/2014 06:54:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (07/30/2014 06:42:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe31.7.2014.0hungapp0.0.0.000000000

Error: (07/28/2014 11:07:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe25.7.2014.0hungapp0.0.0.000000000

Error: (07/13/2014 04:15:37 PM) (Source: ZAPrivacyService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/12/2014 07:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.0unknown0.0.0.00003001f

Error: (07/12/2014 01:44:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532hungapp0.0.0.000000000

Error: (07/07/2014 10:25:28 AM) (Source: MsiInstaller) (EventID: 11704) (User: MOMSCOMPUTER)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 -- Error 1704.An installation for Java 7 Update 60 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (07/07/2014 10:19:12 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: 358086517

Error: (07/07/2014 10:19:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: softonicdownloader_for_smrecorder.exe1.41.1.8softonicdownloader_for_smrecorder.exe1.41.1.8000270c3

Error: (07/07/2014 10:17:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: softonicdownloader_for_smrecorder.exe1.41.1.8softonicdownloader_for_smrecorder.exe1.41.1.8000270c3

Error: (07/06/2014 02:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: softonicdownloader_for_smrecorder.exe1.41.1.8softonicdownloader_for_smrecorder.exe1.41.1.8000270c3


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 1014.42 MB
Available physical RAM: 766.79 MB
Total Pagefile: 2441.77 MB
Available Pagefile: 2093.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.33 GB) (Free:48.97 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=204 MB) - (Type=88)

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014
Ran by Mom at 2014-07-30 20:36:32
Running from C:\Documents and Settings\Mom\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version:  - )
Conexant AC-Link Audio (HKLM\...\Conexant PCI Audio) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
gc-browser-plugin-client (HKLM\...\{D589CDD1-93A0-47AC-B508-13AC6ED9BBBD}) (Version: 2.1.3.2 - GeoComply)
GeoComply Browser Plugin (HKLM\...\{31575B33-1F39-46C6-970F-3E2C45EF9DA8}) (Version: 2.1.7.1 - GeoComply)
GeoComply Browser Plugin-C (HKLM\...\{B38BD46F-7280-49C7-8AC0-099F96B01EFD}) (Version: 2.1.4.2 - GeoComply)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1399.3742 - Google Inc.)
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 3.200.16.1 - HPQ)
HP Software Update (HKLM\...\{15EE79F4-4ED1-4267-9B0F-351009325D7D}) (Version: 3.0.5.001 - HEWLET~1|Hewlett-Packard)
HP User Guides 0001 (HKLM\...\{06ECCCF4-9295-468E-851C-9529A7C181E8}) (Version: 1.00.0003 - HPQ)
HP Wireless Assistant (HKLM\...\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}) (Version: 1.0.0.31 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.637 - InterVideo Inc.)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 4.0 - SE (HKLM\...\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}) (Version: 4.00.050 - muvee Technologies)
NJ.WSOP.com (HKLM\...\NJ.WSOP.com) (Version:  - )
Quick Launch Buttons 5.10 B2 (HKLM\...\{CEB326EC-8F40-47B2-BA22-BB092565D66F}) (Version: 5.10 B2 - Hewlett-Packard Company)
QuickTime (HKLM\...\QuickTime) (Version:  - )
REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.60 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SMRecorder 1.3.2 (HKLM\...\SMRecorder) (Version: 1.3.2 - SMRecorder)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C) (Version:  - )
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.12.7.0 - )
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}) (Version: 1.08.0000 - Texas Instruments Inc.)
TIxx21 (Version: 1.08.0000 - Texas Instruments Inc.) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
ZoneAlarm Firewall (Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 12.0.121.000 - Check Point)
ZoneAlarm Security (Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{926ca321-67df-47d6-910e-22c203d78f23}\InprocServer32 -> C:\WINDOWS\mark_32.dll No File
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32 -> C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{a179efa6-7339-439d-b902-51603a945d25}\InprocServer32 -> C:\WINDOWS\batmeter16.dll No File
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Mom\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-606747145-725345543-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No (the data entry has 5 more characters).

==================== Restore Points  =========================

26-04-2014 00:01:59 Software Distribution Service 3.0
26-04-2014 01:17:17 avast! antivirus system restore point
26-04-2014 02:18:09 Installed Java 7 Update 55
17-05-2014 00:21:39 avast! antivirus system restore point
25-05-2014 07:00:22 Software Distribution Service 3.0
26-05-2014 12:01:11 Software Distribution Service 3.0
11-06-2014 22:07:11 Software Distribution Service 3.0
06-07-2014 15:53:08 avast! antivirus system restore point
09-07-2014 12:30:02 Software Distribution Service 3.0
23-07-2014 23:48:06 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 08:00 - 2013-12-17 13:51 - 00450543 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{94908923-392F-4184-88CC-D486E0F19ED0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-02-16 21:13 - 2014-07-06 11:55 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-30 18:10 - 2014-07-30 18:10 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073002\algo.dll
2013-12-12 22:52 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-12 22:52 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-16 21:13 - 2014-07-06 11:55 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Mom^Start Menu^Programs^Startup^E-mail.lnk => C:\WINDOWS\pss\E-mail.lnkStartup
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: WINZIPDUDriverUpdater => C:\Program Files\WinZip Driver Updater\winzipdu.exe -rem

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 06:42:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 31.7.2014.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/28/2014 11:07:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 25.7.2014.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/13/2014 04:15:37 PM) (Source: ZAPrivacyService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/12/2014 07:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamscheduler.exe, version 3.0.2.0, faulting module unknown, version 0.0.0.0, fault address 0x0003001f.
Processing media-specific event for [mbamscheduler.exe!ws!]

Error: (07/12/2014 01:44:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/07/2014 10:25:28 AM) (Source: MsiInstaller) (EventID: 11704) (User: MOMSCOMPUTER)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 -- Error 1704.An installation for Java 7 Update 60 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (07/07/2014 10:19:12 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 358086517.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/07/2014 10:19:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application softonicdownloader_for_smrecorder.exe, version 1.41.1.8, faulting module softonicdownloader_for_smrecorder.exe, version 1.41.1.8, fault address 0x000270c3.
Processing media-specific event for [softonicdownloader_for_smrecorder.exe!ws!]

Error: (07/07/2014 10:17:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application softonicdownloader_for_smrecorder.exe, version 1.41.1.8, faulting module softonicdownloader_for_smrecorder.exe, version 1.41.1.8, fault address 0x000270c3.
Processing media-specific event for [softonicdownloader_for_smrecorder.exe!ws!]

Error: (07/06/2014 02:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application softonicdownloader_for_smrecorder.exe, version 1.41.1.8, faulting module softonicdownloader_for_smrecorder.exe, version 1.41.1.8, fault address 0x000270c3.
Processing media-specific event for [softonicdownloader_for_smrecorder.exe!ws!]


System errors:
=============
Error: (07/30/2014 08:07:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/30/2014 08:06:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (07/30/2014 08:06:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (07/30/2014 08:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (07/30/2014 08:06:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (07/30/2014 08:04:43 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.8 for the Network Card with network address 001500384ECC has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/30/2014 06:58:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/30/2014 06:54:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (07/30/2014 06:54:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (07/30/2014 06:54:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (07/30/2014 06:42:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe31.7.2014.0hungapp0.0.0.000000000

Error: (07/28/2014 11:07:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe25.7.2014.0hungapp0.0.0.000000000

Error: (07/13/2014 04:15:37 PM) (Source: ZAPrivacyService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/12/2014 07:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.0unknown0.0.0.00003001f

Error: (07/12/2014 01:44:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532hungapp0.0.0.000000000

Error: (07/07/2014 10:25:28 AM) (Source: MsiInstaller) (EventID: 11704) (User: MOMSCOMPUTER)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 -- Error 1704.An installation for Java 7 Update 60 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (07/07/2014 10:19:12 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: 358086517

Error: (07/07/2014 10:19:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: softonicdownloader_for_smrecorder.exe1.41.1.8softonicdownloader_for_smrecorder.exe1.41.1.8000270c3

Error: (07/07/2014 10:17:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: softonicdownloader_for_smrecorder.exe1.41.1.8softonicdownloader_for_smrecorder.exe1.41.1.8000270c3

Error: (07/06/2014 02:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: softonicdownloader_for_smrecorder.exe1.41.1.8softonicdownloader_for_smrecorder.exe1.41.1.8000270c3


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 1014.42 MB
Available physical RAM: 766.79 MB
Total Pagefile: 2441.77 MB
Available Pagefile: 2093.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.33 GB) (Free:48.97 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=204 MB) - (Type=88)

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:39 AM

Posted 02 August 2014 - 02:28 AM

I need the other Log (FRST.txt)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:39 AM

Posted 06 August 2014 - 06:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users