Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slooow computer... I think I may have a virus.


  • This topic is locked This topic is locked
15 replies to this topic

#1 PD!

PD!

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 31 July 2014 - 11:52 PM

Running XP. I downloaded some sketchy stuff the other day and now I can't remember if my computer was running this slowly before that or not. I'd love some help doing a virus check! I have Avira Free, but I know it doesn't catch everything. 



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:59 AM

Posted 04 August 2014 - 12:03 PM

Hello PD!,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:59 AM

Posted 07 August 2014 - 10:04 PM

It has been at least 3 days since my last post.

Are you still with me? If you need more time please just let me know.

This thread will close after 48 hours of inactivity from the time of this post.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:59 PM

Posted 11 August 2014 - 10:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:59 PM

Posted 13 August 2014 - 02:24 PM

This topic has been re-opened at the request of the person who originally posted.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:59 AM

Posted 13 August 2014 - 03:50 PM

Hello,

 

Please complete my instructions in post #2. 


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 PD!

PD!
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 13 August 2014 - 06:09 PM

First off I'd like to say a Big thank you to you guys for still helping me even though I took so long to get back. Really appreciate it. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 01
Ran by user1 (administrator) on BING1 on 13-08-2014 16:04:33
Running from C:\Documents and Settings\user1\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Infineon Technologies AG) C:\WINDOWS\system32\IFXSPMGT.exe
(Infineon Technologies AG) C:\WINDOWS\system32\IFXTCS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Infineon Technologies AG) C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\DeviceNP: C:\WINDOWS\system32\DeviceNP.dll (Hewlett-Packard Limited)
Winlogon\Notify\OneCard: C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\RunOnce: [*NPE[1]] => "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EHA515BY\NPE[1].exe" /POSTADVSCAN
HKU\S-1-5-21-73586283-1606980848-839522115-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-73586283-1606980848-839522115-1003\...\MountPoints2: {0804a88f-2b05-11e0-8ebf-806d6172696f} - D:\Autorun.exe
HKU\S-1-5-21-73586283-1606980848-839522115-1003\...\MountPoints2: {1c9b51e5-12c9-11e4-8fc3-0016d4ec6218} - E:\Setup.exe
AppInit_DLLs: APSHook.dll => C:\WINDOWS\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.att.net
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{FEE51F52-93B2-40B9-B3D4-8D7121AFA1B3}: [NameServer]192.168.2.1,75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\y5rythmd.default
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: hopster.com/CouponPrinterPlugin -> C:\Documents and Settings\user1\Application Data\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user1\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user1\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user1\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Adblock Plus - C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\y5rythmd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-24]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Gmail) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [258103 2006-02-15] (Broadcom Corporation.) [File not signed]
S3 FLCDLOCK; C:\WINDOWS\system32\flcdlock.exe [172131 2007-06-08] (Hewlett-Packard Ltd) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IFXSpMgtSrv; C:\WINDOWS\system32\ifxspmgt.exe [677144 2008-01-25] (Infineon Technologies AG)
R2 IFXTCS; C:\WINDOWS\system32\IFXTCS.exe [886040 2008-01-25] (Infineon Technologies AG)
S3 ImapiService; C:\WINDOWS\system32\imapihp.exe [155136 2010-05-12] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-30] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-05-12] (Lexmark International, Inc.)
S4 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
S4 PersonalSecureDriveService; C:\WINDOWS\system32\IfxPsdSv.exe [140568 2007-07-24] (Infineon Technologies AG)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [152960 2005-06-07] (Andrea Electronics Corporation)
S3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342570 2006-02-15] (Broadcom Corporation.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57096 2006-02-15] (Broadcom Corporation.) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 DAMDrv; C:\WINDOWS\System32\DRIVERS\DAMDrv.sys [30008 2007-06-08] (Hewlett-Packard Development Company L.P.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [97280 2007-05-09] (Texas Instruments)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2007-07-24] (Infineon Technologies AG)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [6608512 2010-05-31] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 o1394bul; C:\Documents and Settings\user1\Local Settings\temp\o1394bul.sys [29696 2004-06-25] () [File not signed]
R1 PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [38816 2007-07-24] (Infineon Technologies AG)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-03-20] (Avira GmbH)
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
U2 CertPropSvc; 
U1 eabfiltr; 
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 16:04 - 2014-08-13 16:04 - 00000000 ____D () C:\FRST
2014-08-12 17:52 - 2014-08-12 17:52 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-07-31 22:09 - 2009-06-25 11:36 - 00661504 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD82.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00517120 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD8E.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD9D.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00225280 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD7F.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00186880 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD97.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00177152 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD85.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00138240 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD73.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD88.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD8B.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00048640 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD9A.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00047104 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD79.tmp
2014-07-31 22:09 - 2009-06-25 11:36 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD7C.tmp
2014-07-31 22:09 - 2009-06-22 04:49 - 00117248 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD94.tmp
2014-07-31 22:09 - 2009-06-22 04:49 - 00019968 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD76.tmp
2014-07-31 22:09 - 2009-06-22 04:49 - 00004608 ____C (Microsoft Corporation) C:\WINDOWS\system32\OLDD91.tmp
2014-07-31 18:51 - 2014-07-31 18:51 - 00001740 _____ () C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
2014-07-31 18:37 - 2014-07-31 18:37 - 00000903 _____ () C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
2014-07-31 18:35 - 2014-07-31 22:17 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-31 18:34 - 2014-07-31 18:34 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2014-07-31 18:34 - 2014-07-31 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
2014-07-22 12:04 - 2014-07-22 12:14 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\My pics
2014-07-21 19:16 - 2014-08-13 14:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-07-21 19:16 - 2014-07-21 19:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-07-15 00:22 - 2014-07-15 00:22 - 00000000 ____D () C:\Program Files\GOG.com
2014-07-15 00:20 - 2014-07-15 00:20 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\GOG.com
2014-07-15 00:18 - 2014-07-15 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 16:05 - 2013-05-10 12:28 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\temp
2014-08-13 16:04 - 2014-08-13 16:04 - 00000000 ____D () C:\FRST
2014-08-13 16:00 - 2013-03-29 00:19 - 00000300 _____ () C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job
2014-08-13 15:17 - 2013-01-29 23:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-13 15:12 - 2011-01-28 10:39 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 14:22 - 2014-07-21 19:16 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-13 10:26 - 2010-04-13 18:57 - 01599050 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-12 23:20 - 2013-05-02 18:10 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-12 23:12 - 2011-01-28 10:39 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 22:13 - 2013-10-06 20:40 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-12 20:17 - 2010-04-13 19:04 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-12 17:52 - 2014-08-12 17:52 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-08-12 17:52 - 2013-05-29 17:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-08-12 17:52 - 2013-03-20 22:48 - 00000000 ____D () C:\Program Files\Avira
2014-08-12 17:52 - 2013-03-20 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-08-12 17:52 - 2013-03-20 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-08-09 19:06 - 2014-01-27 22:32 - 00075162 _____ () C:\WINDOWS\setupapi.log
2014-08-01 23:55 - 2011-10-01 14:04 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\vlc
2014-08-01 23:54 - 2011-02-22 00:35 - 00047616 ____C () C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-31 22:17 - 2014-07-31 18:35 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-31 21:49 - 2010-04-13 11:42 - 00000327 __RSH () C:\boot.ini
2014-07-31 21:49 - 2004-08-04 03:00 - 00000528 _____ () C:\WINDOWS\win.ini
2014-07-31 21:49 - 2004-08-04 03:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-07-31 21:44 - 2014-02-12 04:03 - 00000360 _____ () C:\WINDOWS\setupact.log
2014-07-31 18:51 - 2014-07-31 18:51 - 00001740 _____ () C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
2014-07-31 18:51 - 2013-04-27 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EA Games
2014-07-31 18:40 - 2004-08-04 03:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-31 18:37 - 2014-07-31 18:37 - 00000903 _____ () C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
2014-07-31 18:34 - 2014-07-31 18:34 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2014-07-31 18:34 - 2014-07-31 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
2014-07-30 15:25 - 2013-09-14 14:59 - 00000705 _____ () C:\Documents and Settings\user1\My Documents\ax_files.xml
2014-07-26 10:21 - 2013-12-02 01:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-26 10:20 - 2013-12-02 01:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 17:26 - 2014-06-03 15:11 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-07-23 17:20 - 2011-11-04 19:41 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\BitTorrent
2014-07-23 17:19 - 2014-03-12 07:33 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-23 17:19 - 2013-08-26 20:01 - 00000428 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_AUG2013_TB_rmv.job
2014-07-23 17:19 - 2013-03-29 00:19 - 00000300 _____ () C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job
2014-07-23 17:19 - 2010-04-13 19:04 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-23 17:19 - 2010-04-13 11:46 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-07-23 17:19 - 2010-04-13 11:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-22 12:14 - 2014-07-22 12:04 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\My pics
2014-07-21 19:16 - 2014-07-21 19:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-07-21 19:16 - 2011-01-28 10:39 - 00000000 ____D () C:\Program Files\Google
2014-07-21 19:12 - 2011-01-28 10:39 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\Google
2014-07-21 19:09 - 2011-11-09 15:48 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-21 19:08 - 2010-04-13 18:55 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-18 19:49 - 2010-04-13 20:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-18 19:48 - 2013-10-07 00:13 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-07-18 19:48 - 2010-04-13 19:04 - 00000178 ___SH () C:\Documents and Settings\user1\ntuser.ini
2014-07-18 19:48 - 2010-04-13 19:04 - 00000000 ____D () C:\Documents and Settings\user1
2014-07-18 16:27 - 2011-03-04 19:14 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\pd
2014-07-16 12:10 - 2011-02-02 19:50 - 00000342 _____ () C:\WINDOWS\dellstat.ini
2014-07-15 00:22 - 2014-07-15 00:22 - 00000000 ____D () C:\Program Files\GOG.com
2014-07-15 00:22 - 2013-06-25 15:28 - 00000000 ____D () C:\Program Files\DOSBox-0.74
2014-07-15 00:20 - 2014-07-15 00:20 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\GOG.com
2014-07-15 00:18 - 2014-07-15 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com
 
Some content of TEMP:
====================
C:\Documents and Settings\user1\Local Settings\temp\AutoRun.exe
C:\Documents and Settings\user1\Local Settings\temp\AutoRunGUI.dll
C:\Documents and Settings\user1\Local Settings\temp\avgnt.exe
C:\Documents and Settings\user1\Local Settings\temp\First15.exe
C:\Documents and Settings\user1\Local Settings\temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\user1\Local Settings\temp\VP6Install.exe
C:\Documents and Settings\user1\Local Settings\temp\VP6VFW.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014 01
Ran by user1 at 2014-08-13 16:05:54
Running from C:\Documents and Settings\user1\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (HKLM\...\{7F362F06-A9A3-440F-8B19-6A01A72723C4}) (Version: 7.9 - AuthenTec)
Avira (HKLM\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.22.12 - Broadcom Corporation)
Command & Conquer The First Decade (HKLM\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
CouponPrinterPlugin (HKLM\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
Credential Manager for HP ProtectTools (HKLM\...\{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}) (Version: 2.5.0.880.13 - Hewlett-Packard )
Dell AIO Printer A920 (HKLM\...\Dell AIO Printer A920) (Version:  - )
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 2.0.0.0 - Hewlett-Packard)
Diablo II (HKCU\...\Diablo II) (Version:  - )
Diablo II (HKLM\...\Diablo II) (Version:  - )
Duke Nukem 3D (HKLM\...\Duke Nukem 3D_is1) (Version:  - GOG.com)
Embedded Security for HP ProtectTools (HKLM\...\{7B73C666-BEFF-4F97-997A-9F995A4C0879}) (Version: 5.0.301 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FYZip 1.00 (HKLM\...\FYZip) (Version: 1.00 - TightRope Interactive)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 6.6.1124.846 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 4.0.1.3301 - HP)
HP Java Card Security for ProtectTools 1.00 B4 (HKLM\...\{C97DE62E-31E2-4146-AD23-4C6B0C028BCE}) (Version: 1.00 B4 - Hewlett-Packard Company)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\{2DB165DC-DDB4-403F-B985-19F3EC7D0357}) (Version: 3.00 A10 - Hewlett-Packard)
HP Quick Launch Buttons 6.30 J1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 J1 - Hewlett-Packard)
HP Smart Card Security for ProtectTools 5.00 D4 (HKLM\...\{0515803B-5068-4599-8666-963E143C7381}) (Version: 5.00 D4 - Hewlett-Packard Company)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.676 - InterVideo Inc.)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Quest III (remove only) (HKLM\...\Jewel Quest III) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Master of Olympus & Master of Atlantis (HKLM\...\{8043219B-D2C0-4561-90AB-3F1113ED5A87}) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 20.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 20.0.1 (x86 en-US)) (Version: 20.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 20.0.1 - Mozilla)
Mplayer.com (HKLM\...\Mplayer.com) (Version:  - )
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
P@H-Protocol (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PCFriendly (HKLM\...\PCFriendly) (Version:  - )
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealMUD T4C 1.71 (HKLM\...\RealMUD T4C 1.71) (Version:  - )
Shattered Galaxy (HKLM\...\Shattered Galaxy) (Version: 1.85 - KRU Interactive)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4310 - Analog Devices)
Star Wars™: Knights of the Old Republic ™ (HKLM\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
StarCraft (HKLM\...\StarCraft) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}) (Version: 4.4.16.0 - Husdawg, LLC)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}) (Version: 2.00.0004 - Texas Instruments Inc.)
The Sims 2 (HKLM\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Tinker (HKLM\...\GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}) (Version: 1.0.0000.131 - Microsoft Corporation)
Tinker (Version: 1.0.0000.131 - Microsoft Corporation) Hidden
Tinker (Version: 1.0.0001.131 - Microsoft Corporation) Hidden
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TIPCI (Version: 2.00.0004 - Texas Instruments Inc.) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.6.0 - Tweaking.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980302) (HKLM\...\KB980302-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.61  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{5700330B-D97E-5600-959F-2C33DC75C7F0}\InprocServer32 -> C:\Documents and Settings\user1\Application Data\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-73586283-1606980848-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 5 more characters).
 
==================== Restore Points  =========================
 
15-05-2014 05:39:25 Software Distribution Service 3.0
17-05-2014 22:19:42 System Checkpoint
19-05-2014 01:54:28 System Checkpoint
20-05-2014 08:18:50 System Checkpoint
22-05-2014 23:50:27 System Checkpoint
24-05-2014 07:50:24 System Checkpoint
26-05-2014 02:26:58 System Checkpoint
27-05-2014 06:35:16 System Checkpoint
28-05-2014 23:27:20 System Checkpoint
30-05-2014 20:05:43 System Checkpoint
01-06-2014 03:11:56 System Checkpoint
03-06-2014 01:11:49 System Checkpoint
05-06-2014 07:16:32 System Checkpoint
07-06-2014 23:09:32 System Checkpoint
09-06-2014 07:19:31 System Checkpoint
11-06-2014 06:27:13 Software Distribution Service 3.0
12-06-2014 15:55:07 System Checkpoint
14-06-2014 11:25:08 System Checkpoint
15-06-2014 20:36:18 System Checkpoint
17-06-2014 00:33:18 System Checkpoint
18-06-2014 06:28:08 System Checkpoint
18-06-2014 21:44:39 Installed P@H-Protocol
20-06-2014 05:54:09 System Checkpoint
21-06-2014 22:43:19 System Checkpoint
25-06-2014 04:30:08 System Checkpoint
26-06-2014 13:21:33 System Checkpoint
27-06-2014 20:09:25 System Checkpoint
28-06-2014 20:45:43 System Checkpoint
29-06-2014 23:42:32 System Checkpoint
30-06-2014 20:38:21 Installed Java 7 Update 60
02-07-2014 08:40:06 System Checkpoint
05-07-2014 02:49:36 Configured Command & Conquer The First Decade
07-07-2014 20:33:27 System Checkpoint
08-07-2014 05:13:48 Installed CouponPrinterPlugin
09-07-2014 06:27:49 System Checkpoint
09-07-2014 19:14:19 Software Distribution Service 3.0
10-07-2014 07:02:58 Configured Command & Conquer The First Decade
12-07-2014 01:29:57 Configured Command & Conquer The First Decade
12-07-2014 01:30:41 Installed DirectX 9.0
12-07-2014 23:55:11 Removed Star Wars® Knights of the Old Republic® II: The Sith
13-07-2014 00:09:39 Configured Command & Conquer The First Decade
13-07-2014 00:10:17 Configured Command & Conquer The First Decade
13-07-2014 00:11:25 Configured Command & Conquer The First Decade
14-07-2014 04:55:59 System Checkpoint
15-07-2014 07:39:42 System Checkpoint
17-07-2014 04:53:27 System Checkpoint
18-07-2014 23:46:58 System Checkpoint
21-07-2014 05:20:04 System Checkpoint
22-07-2014 22:03:52 System Checkpoint
24-07-2014 00:45:37 System Checkpoint
26-07-2014 17:20:41 Software Distribution Service 3.0
27-07-2014 17:30:36 System Checkpoint
28-07-2014 20:46:22 System Checkpoint
30-07-2014 00:31:10 System Checkpoint
31-07-2014 02:06:09 System Checkpoint
01-08-2014 14:25:22 System Checkpoint
02-08-2014 18:45:12 System Checkpoint
03-08-2014 23:51:10 System Checkpoint
05-08-2014 06:25:40 System Checkpoint
06-08-2014 06:59:05 System Checkpoint
07-08-2014 17:57:58 System Checkpoint
08-08-2014 18:04:27 System Checkpoint
09-08-2014 23:51:54 System Checkpoint
11-08-2014 00:01:51 System Checkpoint
12-08-2014 17:30:36 System Checkpoint
13-08-2014 21:39:55 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 03:00 - 2013-05-10 12:22 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job => C:\WINDOWS\system32\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job => C:\WINDOWS\system32\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_AUG2013_TB_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_AUG2013_TB.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-02 19:50 - 2003-05-12 16:02 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBKPP5C.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-12 17:52 - 2014-07-14 16:49 - 00049744 _____ () C:\Documents and Settings\user1\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2004-08-04 03:00 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 03:00 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-07-21 19:16 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-21 19:16 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-21 19:16 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-04-09 16:23 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-09 16:23 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-07-21 19:16 - 2014-07-15 02:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55545105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55545105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322.SYS => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^user1^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: CognizanceTS => rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Dell AIO Printer A920 => "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
MSCONFIG\startupreg: DriverScanner => "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000 
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: PTHOSTTR => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SoundMAX => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: XboxStat => "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== Faulty Device Manager Devices =============
 
Name:  AuthenTec Inc. AES2501A
Description:  AuthenTec Inc. AES2501A
Class Guid: {53D29EF7-377C-4D14-864B-EB3A85769359}
Manufacturer: AuthenTec, Inc.
Service: ATSWPDRV
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2014 11:53:18 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=042465B75A97402EB649A79BAF0C8C74;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\73609c51-c2d0-43b3-8905-6a13442a446c.dmp
 
Error: (07/15/2014 00:10:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application gogwrap.exe, version 1.0.47.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/15/2014 00:10:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application gogwrap.exe, version 1.0.47.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/15/2014 00:10:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application gogwrap.exe, version 1.0.47.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/15/2014 00:10:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application gogwrap.exe, version 1.0.47.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/15/2014 00:09:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application gogwrap.exe, version 1.0.47.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/15/2014 00:08:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application gogwrap.exe, version 1.0.47.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/14/2014 05:49:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RA95.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/11/2014 10:13:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application C&C95.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/11/2014 06:45:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RA95.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (08/09/2014 07:05:24 PM) (Source: 0) (EventID: 4198) (User: )
Description: 192.168.2.3E8:61:7E:04:93:35
 
Error: (08/09/2014 07:02:13 PM) (Source: 0) (EventID: 4198) (User: )
Description: 192.168.2.3E8:61:7E:04:93:35
 
 
Microsoft Office Sessions:
=========================
Error: (08/10/2014 11:53:18 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=042465B75A97402EB649A79BAF0C8C74;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\73609c51-c2d0-43b3-8905-6a13442a446c.dmp
 
Error: (07/15/2014 00:10:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gogwrap.exe1.0.47.6hungapp0.0.0.000000000
 
Error: (07/15/2014 00:10:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gogwrap.exe1.0.47.6hungapp0.0.0.000000000
 
Error: (07/15/2014 00:10:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gogwrap.exe1.0.47.6hungapp0.0.0.000000000
 
Error: (07/15/2014 00:10:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gogwrap.exe1.0.47.6hungapp0.0.0.000000000
 
Error: (07/15/2014 00:09:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gogwrap.exe1.0.47.6hungapp0.0.0.000000000
 
Error: (07/15/2014 00:08:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gogwrap.exe1.0.47.6hungapp0.0.0.000000000
 
Error: (07/14/2014 05:49:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RA95.EXE0.0.0.0hungapp0.0.0.000000000
 
Error: (07/11/2014 10:13:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: C&C95.EXE0.0.0.0hungapp0.0.0.000000000
 
Error: (07/11/2014 06:45:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RA95.EXE0.0.0.0hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 56%
Total physical RAM: 2039.36 MB
Available physical RAM: 891.84 MB
Total Pagefile: 4588.73 MB
Available Pagefile: 1912.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:291 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (CNCTFD) (CDROM) (Total:7.7 GB) (Free:0 GB) UDF
Drive e: (Sims2_1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 86F786F7)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:59 AM

Posted 14 August 2014 - 12:35 PM

Hello PD!,

Please do the following.

ComboFix Download and Scan

  • Please go to the download page for ComboFix by sUBs.
  • Click the Download Now button pictured below and save the file to your desktop:
  • download.png
  • Disable any anti-virus and/or firewall software you have installed.
  • instructions can be found here if needed
  • Close all open windows including your web browser
  • as mentioned in the first post, you may want to print out all instructions before starting
  • Double-click on the ComboFix icon on your desktop. cf-icon.jpg
  • Read the Disclaimer and click I Agree if you want to run the software, then you should see a window like the one below:

cf-preparing.jpg

  • DO NOT use your computer while ComboFix is running. There are a lot of things going on behind the scenes and a single mouse click can cause the program to stall.
  • However, if you see the prompt below, please click Yes to download the Microsoft Windows Recovery Console.

recovery-console-prompt.jpg

If an Internet connection is not available or you choose not to install the recovery console, ComboFix will run in Reduced Functionality mode

  • Allow ComboFix to reboot the computer if necessary, it will run again after you log back in.
  • When complete, a log file will be displayed, please copy and paste the contents of this file into your next post.

cf-log.jpg

More information about downloading and using ComboFix can be found here if needed.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 PD!

PD!
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 14 August 2014 - 06:44 PM

I'm pretty sure combofix ran just fine regardless, but just to let you know, it was warning me that my Avira real time scanner was running, even though I did disable it before starting combofix. Also, when combofix went to restart my computer, it crashed during boot, and I had to manually turn it back on. once it was up and running combfix seemed to resume as normal.
 
ComboFix 14-08-15.01 - user1 08/14/2014  16:15:06.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2039.1234 [GMT -7:00]
Running from: c:\documents and settings\user1\My Documents\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\user1\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\user1\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\user1\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\1c724ca995c3c84f.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\4a8d1d64f4db4599.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\d341ab2dc91cc5bc.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\OLDD73.tmp
c:\windows\system32\OLDD76.tmp
c:\windows\system32\OLDD79.tmp
c:\windows\system32\OLDD7C.tmp
c:\windows\system32\OLDD7F.tmp
c:\windows\system32\OLDD82.tmp
c:\windows\system32\OLDD85.tmp
c:\windows\system32\OLDD88.tmp
c:\windows\system32\OLDD8B.tmp
c:\windows\system32\OLDD8E.tmp
c:\windows\system32\OLDD91.tmp
c:\windows\system32\OLDD94.tmp
c:\windows\system32\OLDD97.tmp
c:\windows\system32\OLDD9A.tmp
c:\windows\system32\OLDD9D.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-14 to 2014-08-14  )))))))))))))))))))))))))))))))
.
.
2014-08-13 23:04 . 2014-08-13 23:06 -------- d-----w- C:\FRST
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2014-08-01 01:34 . 2014-08-01 01:34 -------- d-----w- c:\program files\Elaborate Bytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 21:18 . 2013-01-30 06:38 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 21:18 . 2011-06-24 02:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 22:16 . 2013-03-21 05:48 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-30 20:38 . 2013-07-08 21:28 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-30 20:38 . 2013-07-08 21:28 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-18 21:22 . 2013-06-08 22:45 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid
2014-06-03 21:25 . 2013-03-21 05:48 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-26 677144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-13 751184]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-14 190032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 08:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^user1^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\user1\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-14 02:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2014-07-05 04:27 1267032 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-23 00:12 17920 ----a-r- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-12 23:02 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-20 17:05 166424 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-20 17:06 141848 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 08:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-20 17:06 137752 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 22:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-05-06 21:06 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-05-07 21:44 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-28 17:39 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2013-03-10 17:08 88984 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2 (0x2)
"PersonalSecureDriveService"=2 (0x2)
"McciCMService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/20/2013 10:48 PM 37352]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [7/24/2007 8:21 AM 38816]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/20/2013 10:48 PM 430160]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/13/2010 8:07 PM 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/24/2007 8:21 AM 41216]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [10/27/2010 12:44 PM 6609920]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [7/14/2014 4:49 PM 141392]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [5/12/2010 6:04 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 9:06 AM 172131]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 o1394bul;o1394bul;\??\c:\docume~1\user1\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\user1\LOCALS~1\Temp\o1394bul.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ   ASBroker ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 21:13 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-14 21:18]
.
2014-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 17:39]
.
2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 17:39]
.
2014-08-14 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2014-08-14 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: $talisma_url$
TCP: Interfaces\{FEE51F52-93B2-40B9-B3D4-8D7121AFA1B3}: NameServer = 192.168.2.1,75.75.75.75
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\y5rythmd.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-*NPE[1] - c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EHA515BY\NPE[1].exe
SafeBoot-55545105.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-InterActual Player - c:\program files\InterActual\InterActual Player\inuninst.exe
AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe
AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe
AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-14 16:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\DeviceNP.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
.
- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\AGRSMMSG.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2014-08-14  16:40:01 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-14 23:39
.
Pre-Run: 312,331,522,048 bytes free
Post-Run: 313,679,101,952 bytes free
.
- - End Of File - - 0352DD8C25B79411949A6B9AD0782001
8F558EB6672622401DA993E1E865C861


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:59 PM

Posted 16 August 2014 - 03:01 PM

Hi PD!,

TheShooter is not available at the moment, so I will work with you from now on :).


GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.
  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then click Finish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt




    Also please post back with a fresh FRST logfile and tell me how the system is running.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:59 AM

Posted 19 August 2014 - 01:56 PM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#12 PD!

PD!
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 19 August 2014 - 06:47 PM

I was in the process of doing the eset scan, but someone else restarted the computer before I could get back to it.

I couldn't get the malwarebytes log to open in anything but xml (keeps crashing when I try to save as txt)... so hopefully this still has the info you need:

<?xml version="1.0" encoding="UTF-16" ?>
- <mbam-log>
- <header>
  <date>2014/08/17 13:23:18 -0700</date>
  <logfile>mbam-log-2014-08-17 (13-23-16).xml</logfile>
  <isadmin>yes</isadmin>
  </header>
- <engine>
  <version>2.00.2.1012</version>
  <malware-database>v2014.08.17.05</malware-database>
  <rootkit-database>v2014.08.16.01</rootkit-database>
  <license>free</license>
  <file-protection>disabled</file-protection>
  <web-protection>disabled</web-protection>
  <self-protection>disabled</self-protection>
  </engine>
- <system>
  <osversion>Windows XP Service Pack 3</osversion>
  <arch>x86</arch>
  <username>user1</username>
  <filesys>NTFS</filesys>
  </system>
- <summary>
  <type>threat</type>
  <result>completed</result>
  <objects>349422</objects>
  <time>819</time>
  <processes>0</processes>
  <modules>0</modules>
  <keys>0</keys>
  <values>2</values>
  <datas>0</datas>
  <folders>2</folders>
  <files>17</files>
  <sectors>0</sectors>
  </summary>
- <options>
  <memory>enabled</memory>
  <startup>enabled</startup>
  <filesystem>enabled</filesystem>
  <archives>enabled</archives>
  <rootkits>disabled</rootkits>
  <deeprootkit>disabled</deeprootkit>
  <heuristics>enabled</heuristics>
  <pup>warn</pup>
  <pum>enabled</pum>
  </options>
- <items>
- <value>
  <path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}</path>
  <valuename />
  <vendor>PUP.Optional.Iminent.A</vendor>
  <action>success</action>
  <valuedata />
  <hash>b8f1f4d3f4875adc6c3dcada8b7756aa</hash>
  </value>
- <value>
  <path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path>
  <valuename>{977AE9CC-AF83-45E8-9E03-E2798216E2D5}</valuename>
  <vendor>PUP.Optional.Iminent.A</vendor>
  <action>delete-on-reboot</action>
  <valuedata>Ìéz—ƒ¯èEžây‚âÕ</valuedata>
  <hash>b8f1f4d3f4875adc6c3dcada8b7756aa</hash>
  </value>
- <folder>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </folder>
- <folder>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </folder>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\HttpHandle302.dll</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>c5e4c502c6b5d95df4483b303dc451af</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>adfcf9ce47349e982517e289bf42d52b</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\install.log</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\alert.html</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\basis_plain.xml</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\Exec.exe</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\logo.png</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\merchants.xml</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\postinstallurl.txt</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\postuninstallurl.txt</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\Prefs.xml</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\PrefsInstall.xml</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\SAH_serialize.bin</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\uninst.exe</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
- <file>
  <path>C:\Documents and Settings\user1\Application Data\ShopAtHome\ShopAtHomeHelper\version.txt</path>
  <vendor>PUP.Optional.ShopAtHome.A</vendor>
  <action>success</action>
  <hash>8b1ebb0c2f4cc4726c029472e61dae52</hash>
  </file>
  </items>
  </mbam-log>
 
I'll restart the eset scan when I get a chance.


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:59 AM

Posted 20 August 2014 - 02:46 PM

Hello PD!,

Please see if you can find the text log here: C:\Users\(Your Profile Name)\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 
In order to access the aforementioned folder you may need to un-hide hidden folders. If this needs to be done, please see the following.

View Hidden Files/Folders
  • Press and hold the Windows key + R on your keyboad.
  • In the Run box type Control and hit Enter.
  • In Control Panel select Folder Options.
  • In Folder Options, click the View tab.
  • Select the radio button next to Show hidden files, folders, and drives.
  • Click OK.
=================================================

As for the ESET scan, yes, please let me know when it is complete. :)

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 PD!

PD!
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 20 August 2014 - 04:48 PM

The text log isn't there, only an xml one...

 

Eset returned no threats found.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2014
Ran by user1 (administrator) on BING1 on 20-08-2014 14:45:37
Running from C:\Documents and Settings\user1\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Infineon Technologies AG) C:\WINDOWS\system32\IFXSPMGT.exe
(Infineon Technologies AG) C:\WINDOWS\system32\IFXTCS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Infineon Technologies AG) C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2007-10-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-12-12] (Agere Systems)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
HKLM\...\Run: [IFXSPMGT] => C:\WINDOWS\system32\ifxspmgt.exe [677144 2008-01-25] (Infineon Technologies AG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\DeviceNP: C:\WINDOWS\system32\DeviceNP.dll (Hewlett-Packard Limited)
Winlogon\Notify\OneCard: C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
HKU\S-1-5-21-73586283-1606980848-839522115-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-28] (Google Inc.)
HKU\S-1-5-21-73586283-1606980848-839522115-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-07-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-73586283-1606980848-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-28] (Google Inc.)
HKU\S-1-5-21-73586283-1606980848-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-07-08] (Adobe Systems Incorporated)
AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll => C:\WINDOWS\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{FEE51F52-93B2-40B9-B3D4-8D7121AFA1B3}: [NameServer]192.168.2.1,75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\y5rythmd.default
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: hopster.com/CouponPrinterPlugin -> C:\Documents and Settings\user1\Application Data\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user1\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user1\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user1\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Adblock Plus - C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\y5rythmd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-24]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Gmail) - C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [258103 2006-02-15] (Broadcom Corporation.) [File not signed]
S3 FLCDLOCK; C:\WINDOWS\system32\flcdlock.exe [172131 2007-06-08] (Hewlett-Packard Ltd) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IFXSpMgtSrv; C:\WINDOWS\system32\ifxspmgt.exe [677144 2008-01-25] (Infineon Technologies AG)
R2 IFXTCS; C:\WINDOWS\system32\IFXTCS.exe [886040 2008-01-25] (Infineon Technologies AG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-30] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-05-12] (Lexmark International, Inc.)
S4 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
S4 PersonalSecureDriveService; C:\WINDOWS\system32\IfxPsdSv.exe [140568 2007-07-24] (Infineon Technologies AG)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [152960 2005-06-07] (Andrea Electronics Corporation)
S3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342570 2006-02-15] (Broadcom Corporation.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57096 2006-02-15] (Broadcom Corporation.) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 DAMDrv; C:\WINDOWS\System32\DRIVERS\DAMDrv.sys [30008 2007-06-08] (Hewlett-Packard Development Company L.P.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [97280 2007-05-09] (Texas Instruments)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2007-07-24] (Infineon Technologies AG)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-19] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [6608512 2010-05-31] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
U0 pdphf; C:\WINDOWS\System32\drivers\ctguploe.sys [52440 2014-08-17] (Malwarebytes Corporation)
R1 PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [38816 2007-07-24] (Infineon Technologies AG)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-03-20] (Avira GmbH)
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CertPropSvc; 
U1 eabfiltr; 
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 o1394bul; \??\C:\DOCUME~1\user1\LOCALS~1\Temp\o1394bul.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U3 mbr; \??\C:\DOCUME~1\user1\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 13:51 - 2014-08-17 13:51 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-17 13:51 - 2014-08-17 13:51 - 00000000 ____D () C:\Program Files\ESET
2014-08-17 13:38 - 2014-08-17 13:38 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\ctguploe.sys
2014-08-17 13:22 - 2014-08-19 16:42 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 13:22 - 2014-08-17 13:22 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-17 13:22 - 2014-08-17 13:22 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-17 13:22 - 2014-08-17 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-17 13:22 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-14 16:40 - 2014-08-14 16:40 - 00016669 _____ () C:\ComboFix.txt
2014-08-14 16:40 - 2014-08-14 16:40 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-14 16:40 - 2014-08-14 16:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-14 16:40 - 2014-08-14 16:40 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-08-14 16:40 - 2014-08-14 16:40 - 00000000 ____D () C:\Documents and Settings\Administrator.BING1\Local Settings\temp
2014-08-14 16:24 - 2014-08-20 14:47 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\temp
2014-08-14 16:12 - 2011-06-25 23:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-14 16:12 - 2010-11-07 10:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-14 16:12 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-14 16:12 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-14 16:12 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-14 16:12 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-14 16:12 - 2000-08-30 17:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-14 16:12 - 2000-08-30 17:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-14 16:12 - 2000-08-30 17:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-14 16:10 - 2014-08-14 16:40 - 00000000 ____D () C:\Qoobox
2014-08-13 16:04 - 2014-08-20 14:45 - 00000000 ____D () C:\FRST
2014-08-12 17:52 - 2014-08-12 17:52 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-07-31 18:51 - 2014-07-31 18:51 - 00001740 _____ () C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
2014-07-31 18:37 - 2014-07-31 18:37 - 00000903 _____ () C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
2014-07-31 18:34 - 2014-07-31 18:34 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2014-07-31 18:34 - 2014-07-31 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
2014-07-22 12:04 - 2014-07-22 12:14 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\My pics
2014-07-21 19:16 - 2014-08-13 14:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-07-21 19:16 - 2014-07-21 19:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-20 14:47 - 2014-08-14 16:24 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\temp
2014-08-20 14:45 - 2014-08-13 16:04 - 00000000 ____D () C:\FRST
2014-08-20 14:17 - 2013-01-29 23:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-20 14:12 - 2011-01-28 10:39 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 14:12 - 2010-04-13 19:04 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-20 12:05 - 2010-04-13 18:57 - 01696312 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-19 16:43 - 2011-03-04 19:14 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\pd
2014-08-19 16:42 - 2014-08-17 13:22 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 16:50 - 2010-04-13 19:03 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-17 13:51 - 2014-08-17 13:51 - 00000000 ____D () C:\WINDOWS\LastGood
2014-08-17 13:51 - 2014-08-17 13:51 - 00000000 ____D () C:\Program Files\ESET
2014-08-17 13:51 - 2014-01-27 22:32 - 00075640 _____ () C:\WINDOWS\setupapi.log
2014-08-17 13:38 - 2014-08-17 13:38 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\ctguploe.sys
2014-08-17 13:38 - 2011-02-09 04:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2014-08-17 13:22 - 2014-08-17 13:22 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-17 13:22 - 2014-08-17 13:22 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-17 13:22 - 2014-08-17 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-17 13:22 - 2013-04-05 17:51 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\Malwarebytes
2014-08-17 13:22 - 2013-04-05 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-17 13:22 - 2013-04-05 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-14 16:40 - 2014-08-14 16:40 - 00016669 _____ () C:\ComboFix.txt
2014-08-14 16:40 - 2014-08-14 16:40 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-14 16:40 - 2014-08-14 16:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-14 16:40 - 2014-08-14 16:40 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-08-14 16:40 - 2014-08-14 16:40 - 00000000 ____D () C:\Documents and Settings\Administrator.BING1\Local Settings\temp
2014-08-14 16:40 - 2014-08-14 16:10 - 00000000 ____D () C:\Qoobox
2014-08-14 16:34 - 2010-04-13 11:45 - 00684456 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-14 16:31 - 2004-08-04 03:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-14 16:31 - 2004-08-04 03:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-14 16:30 - 2014-03-12 07:33 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-14 16:30 - 2014-03-12 07:33 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-14 16:30 - 2011-01-28 10:39 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 16:30 - 2010-04-13 19:04 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-14 16:30 - 2010-04-13 11:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-14 16:30 - 2010-04-13 11:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-14 16:29 - 2013-12-02 01:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 16:29 - 2013-05-29 17:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-08-14 16:26 - 2013-05-29 17:56 - 00290518 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-1606980848-839522115-1003-0.dat
2014-08-14 16:26 - 2013-05-29 17:56 - 00145398 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-08-14 16:26 - 2010-04-13 19:04 - 00000178 ___SH () C:\Documents and Settings\user1\ntuser.ini
2014-08-14 16:26 - 2010-04-13 11:43 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-08-14 16:26 - 2010-04-13 11:43 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-08-14 16:26 - 2010-04-13 11:42 - 30408704 _____ () C:\WINDOWS\system32\config\software.bak
2014-08-14 16:26 - 2010-04-13 11:42 - 07864320 _____ () C:\WINDOWS\system32\config\system.bak
2014-08-14 16:26 - 2010-04-13 11:42 - 00786432 _____ () C:\WINDOWS\system32\config\default.bak
2014-08-14 16:25 - 2013-05-09 15:01 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-08-14 16:25 - 2013-05-09 15:01 - 00008192 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-08-14 16:25 - 2013-04-07 12:19 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-08-14 16:24 - 2010-04-13 19:04 - 00000000 ____D () C:\Documents and Settings\user1
2014-08-14 07:44 - 2013-07-15 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 07:38 - 2010-04-23 22:17 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 14:22 - 2014-07-21 19:16 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-12 23:20 - 2013-05-02 18:10 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-12 22:13 - 2013-10-06 20:40 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-12 17:52 - 2014-08-12 17:52 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-08-12 17:52 - 2013-03-20 22:48 - 00000000 ____D () C:\Program Files\Avira
2014-08-12 17:52 - 2013-03-20 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-08-12 17:52 - 2013-03-20 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-08-01 23:55 - 2011-10-01 14:04 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\vlc
2014-08-01 23:54 - 2011-02-22 00:35 - 00047616 ____C () C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-31 21:49 - 2010-04-13 11:42 - 00000327 __RSH () C:\boot.ini
2014-07-31 21:49 - 2004-08-04 03:00 - 00000528 _____ () C:\WINDOWS\win.ini
2014-07-31 21:44 - 2014-02-12 04:03 - 00000360 _____ () C:\WINDOWS\setupact.log
2014-07-31 18:51 - 2014-07-31 18:51 - 00001740 _____ () C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
2014-07-31 18:51 - 2013-04-27 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EA Games
2014-07-31 18:37 - 2014-07-31 18:37 - 00000903 _____ () C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
2014-07-31 18:34 - 2014-07-31 18:34 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2014-07-31 18:34 - 2014-07-31 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
2014-07-30 15:25 - 2013-09-14 14:59 - 00000705 _____ () C:\Documents and Settings\user1\My Documents\ax_files.xml
2014-07-26 10:21 - 2013-12-02 01:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-23 17:26 - 2014-06-03 15:11 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-07-23 17:20 - 2011-11-04 19:41 - 00000000 ____D () C:\Documents and Settings\user1\Application Data\BitTorrent
2014-07-22 12:14 - 2014-07-22 12:04 - 00000000 ____D () C:\Documents and Settings\user1\Desktop\My pics
2014-07-21 19:16 - 2014-07-21 19:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-07-21 19:16 - 2011-01-28 10:39 - 00000000 ____D () C:\Program Files\Google
2014-07-21 19:12 - 2011-01-28 10:39 - 00000000 ____D () C:\Documents and Settings\user1\Local Settings\Application Data\Google
2014-07-21 19:09 - 2011-11-09 15:48 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-21 19:08 - 2010-04-13 18:55 - 00000000 ____D () C:\WINDOWS\Registration
 
Some content of TEMP:
====================
C:\Documents and Settings\user1\Local Settings\temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Computer seems pretty normal lately. 


#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:59 AM

Posted 22 August 2014 - 10:58 AM

Hello PD!,

All Clean!

Congratulations on your clean PC!   :thumbup2:
 
For keeping your PC clean, there are a few main things to keep tabs on: 
 
1) Make sure to keep your antivirus software up to date.
 
2) Keep Java, Adobe Flash Player, and Adobe Reader up to date. You can check for updates for these and other commonly used applications using Secunia Software Inspector and Calendar of Updates.
 
3) Run periodic scans using your antivirus software and Malwarebyte's Antimalware
 
4) Most importantly, practice safe browsing. You are the ultimate protection tool.
 
-----------------------------------------------------------------------------
 
Now we will do some cleanup regarding the tools we've used.
 
Please download DelFix by Xplode to your Desktop.
 
Double-click delfix.exe on your Desktop to launch the program.
 
Make sure the following options have a check mark next to them:

  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

Click Run.
 
A text file named delfix.txt should appear. Copy and paste this log into your final reply.
 
-----------------------------------------------------------------------------
 
If everything is working as normal, feel free to enjoy your computer!
 
For further information, see the following links:
 
So How Did I Get Infected?
 
Miekies' Prevention Suggestions
 
Bleeping Computer's Suggestions on Ways to Keep Your Computer Safe
 
Please respond confirming you have read this and the status of your computer.
 
This thread will remain open for 48 hours after the posting of this "all-clean" for any questions you may have.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users