Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected--please help


  • This topic is locked This topic is locked
18 replies to this topic

#1 Kananu Reeves

Kananu Reeves

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 26 October 2014 - 06:42 PM

to whom it may concern,

 

I think my computer is infected. it's been acting strangely. When I first got the computer a few months ago, the desktop wallpaper consisted of a derogatory slogan in big letters which could not be removed no matter what I tried (it was removed a few days ago after I ran several scans), Chrome Internet browser suddenly stopped working for two or three days and then suddenly started working again, I couldn't get on any type of secured connections for several days (that definitely could've been due to my Internet provider, Metro PCS), one of the IRC chats that I frequent keeps banning me saying that my computer is infected with some type of Trojan, etc, and when I try to run combo fix in safe mode, it gives me a message that a root kit has been detected and must restart the computer. it just seems like there's something fishy going on when to, but most of the scans I run comeback negative, except, of course, when the desktop wallpaper changed; that was a big red flag. one last thing, I have tried to completely delete a zone alarm several times, but I think there are still remnants of it hanging around.

 

thank you,

 

here's my DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 16:27:07 on 2014-10-26
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1534.885 [GMT -7:00]
.
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A8BAE2E3-96B6-41A6-A04F-B56C4734B3C0} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Authentication Packages =  msv1_0 nwprovau
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.104\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ftymebti.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.conquerclub.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('network.proxy.type', 5);
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2013-6-12 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2013-6-12 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2013-6-12 14184]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-4-16 55224]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2014-8-6 99248]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-9-21 19688]
S3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys --> c:\windows\system32\drivers\easytthr.sys [?]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2014-5-21 13440]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-10-26 22:19:19    98816    ----a-w-    c:\windows\sed.exe
2014-10-26 22:19:19    256000    ----a-w-    c:\windows\PEV.exe
2014-10-26 22:19:19    208896    ----a-w-    c:\windows\MBR.exe
2014-10-17 01:06:54    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-10-17 01:06:54    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-10-14 21:34:14    89088    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-10-14 21:33:00    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2014-10-14 21:33:00    117760    ------w-    c:\windows\system32\prntvpt.dll
2014-10-14 21:32:59    597504    -c----w-    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2014-10-14 21:32:59    597504    ------w-    c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-10-14 21:32:59    575488    -c----w-    c:\windows\system32\dllcache\xpsshhdr.dll
2014-10-14 21:32:59    575488    ------w-    c:\windows\system32\xpsshhdr.dll
2014-10-14 21:32:59    1676288    -c----w-    c:\windows\system32\dllcache\xpssvcs.dll
2014-10-14 21:32:59    1676288    ------w-    c:\windows\system32\xpssvcs.dll
2014-10-14 21:32:57    --------    d-----w-    C:\8c5b834f4555684ac6eb386559
2014-10-14 21:25:56    --------    d-----w-    C:\61ddd73d3f816c4eda50
2014-10-14 21:18:40    --------    d-----w-    c:\documents and settings\all users\application data\CheckPoint
2014-10-14 07:34:42    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-10-14 03:25:04    --------    d-----w-    c:\documents and settings\all users\application data\Norton
2014-10-14 03:25:04    --------    d-----w-    c:\documents and settings\administrator\local settings\application data\NPE
2014-10-07 23:46:05    --------    d-----w-    c:\program files\common files\Scansoft Shared
.
==================== Find3M  ====================
.
2014-10-26 18:20:12    113880    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-26 18:19:52    54232    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-20 11:00:06    21361    ----a-w-    c:\windows\system32\drivers\AegisP.sys
.
============= FINISH: 16:27:26.12 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 PM

Posted 31 October 2014 - 06:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553455 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 01 November 2014 - 01:02 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 10:55:13 on 2014-11-01
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1534.787 [GMT -7:00]
.
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\OpenOffice 4\program\scalc.exe
C:\Program Files\OpenOffice 4\program\soffice.exe
C:\Program Files\OpenOffice 4\program\soffice.bin
C:\WINDOWS\system32\calc.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A8BAE2E3-96B6-41A6-A04F-B56C4734B3C0} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Authentication Packages =  msv1_0 nwprovau
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ftymebti.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.conquerclub.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('network.proxy.type', 5);
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2013-6-12 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2013-6-12 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2013-6-12 14184]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-4-16 55224]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2014-8-6 99248]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-9-21 19688]
S3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys --> c:\windows\system32\drivers\easytthr.sys [?]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2014-5-21 13440]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-10-28 01:36:52 -------- d-----w- c:\program files\common files\Jasc Software Inc
2014-10-28 01:36:26 -------- d-----w- c:\program files\Jasc Software Inc
2014-10-26 22:19:19 98816 ----a-w- c:\windows\sed.exe
2014-10-26 22:19:19 256000 ----a-w- c:\windows\PEV.exe
2014-10-26 22:19:19 208896 ----a-w- c:\windows\MBR.exe
2014-10-17 01:06:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-10-17 01:06:54 -------- d-----w- c:\windows\system32\wbem\Repository
2014-10-14 21:34:14 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-10-14 21:33:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2014-10-14 21:33:00 117760 ------w- c:\windows\system32\prntvpt.dll
2014-10-14 21:32:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2014-10-14 21:32:59 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-10-14 21:32:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2014-10-14 21:32:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2014-10-14 21:32:59 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2014-10-14 21:32:59 1676288 ------w- c:\windows\system32\xpssvcs.dll
2014-10-14 21:32:57 -------- d-----w- C:\8c5b834f4555684ac6eb386559
2014-10-14 21:25:56 -------- d-----w- C:\61ddd73d3f816c4eda50
2014-10-14 21:18:40 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2014-10-14 07:34:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-10-14 03:25:04 -------- d-----w- c:\documents and settings\all users\application data\Norton
2014-10-14 03:25:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\NPE
2014-10-07 23:46:05 -------- d-----w- c:\program files\common files\Scansoft Shared
.
==================== Find3M  ====================
.
2014-10-26 18:20:12 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-26 18:19:52 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-20 11:00:06 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
.
============= FINISH: 10:55:46.26 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\Harddisk0\DP(2)0x1f60800-0x86d2a6000+2
Install Date: 7/9/2013 5:58:02 AM
System Uptime: 10/26/2014 3:23:12 PM (140 hours ago)
.
Motherboard: Dell Computer Corp. | | 0K5148
Processor: Intel® Celeron® CPU 2.60GHz | Microprocessor | 2591/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 9.858 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 4 GiB total, 1.158 GiB free.
F: is CDROM (CDFS)
G: is FIXED (FAT) - 0 GiB total, 0.024 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: MPU-401 Compatible MIDI Device
Device ID: ROOT\MEDIA\0000
Manufacturer: Microsoft
Name: MPU-401 Compatible MIDI Device
PNP Device ID: ROOT\MEDIA\0000
Service: ms_mpu401
.
==== System Restore Points ===================
.
RP4: 10/14/2014 3:02:27 PM - System Checkpoint
RP5: 10/14/2014 3:03:12 PM - 10/14/14
RP6: 10/15/2014 4:52:37 PM - System Checkpoint
RP7: 10/16/2014 5:06:35 PM - System Checkpoint
RP8: 10/16/2014 5:41:39 PM - Restore Operation
RP9: 10/16/2014 6:05:36 PM - Restore Operation
RP10: 10/16/2014 9:45:26 PM - Unsigned driver install
RP11: 10/17/2014 11:42:51 PM - System Checkpoint
RP12: 10/19/2014 12:25:37 AM - System Checkpoint
RP13: 10/20/2014 1:25:37 AM - System Checkpoint
RP14: 10/21/2014 2:25:37 AM - System Checkpoint
RP15: 10/22/2014 3:25:37 AM - System Checkpoint
RP16: 10/23/2014 3:26:42 AM - System Checkpoint
RP17: 10/24/2014 4:22:09 AM - System Checkpoint
RP18: 10/25/2014 5:22:09 AM - System Checkpoint
RP19: 10/26/2014 6:21:33 AM - System Checkpoint
RP20: 10/26/2014 9:18:02 AM - Removed GimpShop 2.8
RP21: 10/27/2014 6:36:20 PM - Installed Jasc Paint Shop Pro 9
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.08)
Apple Application Support
Audacity 2.0.5
Broadcom 440x 10/100 Integrated Controller
CameraHelperMsi
CCleaner
Dell System Detect Bootstrapper
Dragon NaturallySpeaking 8
erLT
Google Chrome
Google Update Helper
Hotfix for Windows XP (KB954550-v5)
ImgBurn
Intel® Extreme Graphics Driver
Jasc Paint Shop Pro 9
LAME v3.99.3 (for Windows)
Lexmark 2500 Series
Lexmark Fax Solutions
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 2.0
Mozilla Firefox 29.0.1 (x86 en-US)
NETGEAR WG111v3 wireless USB 2.0 adapter
OpenOffice 4.0.1
RMPrepUSB
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
SoundMAX
TrustWorthy Toolbar
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
WebFldrs XP
weDownload
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/26/2014 9:32:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService service to connect.
10/26/2014 9:32:32 AM, error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2014 3:12:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6 tStLibG WS2IFSL
10/26/2014 3:12:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2014 3:12:51 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2014 3:12:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2014 3:12:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2014 3:12:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2014 3:11:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/26/2014 11:34:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/26/2014 11:10:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
10/26/2014 11:09:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 01 November 2014 - 10:23 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:32 PM

Posted 01 November 2014 - 06:14 PM

Greetings Kananu Reeves and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 01 November 2014 - 10:29 PM

Hello Gary, thanks for helping me.

 

FRST froze and didn't finish, so I couldn't include addition.txt. As per your instructions, I didn't try to run it again.

 

thanks,

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by Administrator (administrator) on BONUS-B5420A32E on 01-11-2014 18:53:30
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

( ) C:\WINDOWS\system32\lxddcoms.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ScanSoft) C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\calc.exe
() C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-299502267-261903793-1177238915-500\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe [814984 2013-07-12] (Adobe Systems Incorporated)
Lsa: [Authentication Packages] msv1_0 nwprovau
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xADC4671FA97CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {6D384B48-0DE7-4B47-B546-D86222EC922A} URL =
SearchScopes: HKCU - DefaultScope {6D384B48-0DE7-4B47-B546-D86222EC922A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309758&CUI=UN35103092433157156&UM=2&UP=SP68A3C616-A065-4492-AD02-46C246D45834&SSPV=
SearchScopes: HKCU - {6D384B48-0DE7-4B47-B546-D86222EC922A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309758&CUI=UN35103092433157156&UM=2&UP=SP68A3C616-A065-4492-AD02-46C246D45834&SSPV=
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.conquerclub.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\user.js
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\searchplugins\askcom.xml
FF Extension: BrowserPlus2  - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\Extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}(2) [2013-09-11]
FF Extension: TrustWorthy  - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\Extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}(2) [2013-09-11]
FF Extension: ScreenShot Link - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\Extensions\screenshotlink@screenshotlink.ru.xpi [2014-04-04]
FF Extension: Zoom Page - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\Extensions\zoompage@DW-dev.xpi [2014-04-04]
FF Extension: Googlebar Lite - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-16]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-10-16]
CHR Extension: (TrustWorthy) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil [2014-05-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-16]
CHR HKLM\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-07-23]
CHR HKCU\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-07-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2013-06-12] (Microsoft Corporation)
S2 lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
R2 lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [537520 2007-05-25] ( )
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-09-20] (Cisco Systems, Inc.) [File not signed]
S3 BCM42RLY; C:\WINDOWS\System32\BCM42RLY.SYS [17992 2005-02-01] (Broadcom Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CompFilter; C:\WINDOWS\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek) [File not signed]
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation) [File not signed]
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-06-12] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-06-12] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-06-12] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R3 RTL8187B; C:\WINDOWS\System32\DRIVERS\wg111v3.sys [341504 2009-07-31] (Realtek Semiconductor Corporation                           )
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) [File not signed]
R3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [260352 2005-01-27] (Analog Devices, Inc.) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2013-03-09] (The OpenVPN Project) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2013-06-12] (Microsoft Corporation)
R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55224 2014-04-16] (StdLib)
S3 BCM43XX; system32\DRIVERS\bcmwl5.sys [X]
R3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S4 IntelIde; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 18:53 - 2014-11-01 18:54 - 00010787 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-11-01 18:53 - 2014-11-01 18:53 - 00000000 ____D () C:\FRST
2014-11-01 18:52 - 2014-11-01 18:52 - 01105920 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-10-27 18:37 - 2014-10-27 18:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software
2014-10-27 18:36 - 2014-10-28 21:41 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\My PSP Files
2014-10-27 18:36 - 2014-10-27 18:37 - 00000000 ____D () C:\Program Files\Common Files\Jasc Software Inc
2014-10-27 18:36 - 2014-10-27 18:36 - 00000000 ____D () C:\Program Files\Jasc Software Inc
2014-10-27 18:36 - 2014-10-27 18:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2014-10-27 09:34 - 2014-10-27 09:37 - 00000162 ____H () C:\Documents and Settings\Administrator\Desktop\.~lock.Tech Deals.ods#
2014-10-26 18:48 - 2014-10-31 16:08 - 00000162 ____H () C:\Documents and Settings\Administrator\Desktop\.~lock.Trade.ods#
2014-10-26 16:27 - 2014-11-01 11:00 - 00008332 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-10-26 16:27 - 2014-11-01 11:00 - 00007524 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-10-26 16:22 - 2014-10-26 16:22 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-10-26 15:34 - 2014-11-01 18:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-10-26 15:34 - 2014-10-26 15:34 - 00013041 _____ () C:\ComboFix.txt
2014-10-26 15:34 - 2014-10-26 15:34 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-10-26 15:34 - 2014-10-26 15:34 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2014-10-26 15:19 - 2011-06-25 23:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-26 15:19 - 2010-11-07 10:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-26 15:19 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-26 15:19 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-26 15:19 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-26 15:19 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-26 15:19 - 2000-08-30 17:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-26 15:19 - 2000-08-30 17:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-26 15:19 - 2000-08-30 17:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-26 15:17 - 2014-10-26 15:09 - 05591695 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\fix.exe
2014-10-26 15:08 - 2014-10-26 15:09 - 05591695 _____ (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2014-10-21 14:04 - 2014-10-31 13:49 - 00002610 _____ () C:\Documents and Settings\Administrator\Desktop\CN Scratchpad.txt
2014-10-18 16:19 - 2014-10-22 08:35 - 00003389 _____ () C:\Documents and Settings\Administrator\Desktop\build2.txt
2014-10-17 08:41 - 2014-10-17 08:41 - 00002682 _____ () C:\Documents and Settings\Administrator\Desktop\Build Plan.txt
2014-10-17 03:30 - 2014-10-17 03:32 - 00000740 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-10-17 03:25 - 2014-10-26 11:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar
2014-10-16 21:40 - 2014-10-27 18:39 - 00018478 _____ () C:\WINDOWS\setupapi.log
2014-10-16 20:59 - 2014-10-16 20:59 - 03255104 _____ (Check Point Software Technologies Ltd.) C:\Documents and Settings\Administrator\Desktop\clean.exe
2014-10-16 17:35 - 2014-10-16 17:35 - 00000732 _____ () C:\WINDOWS\system32\Drivers\etc\Hosts.old.txt
2014-10-16 14:43 - 2014-10-16 14:43 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-14 14:33 - 2008-07-06 05:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2014-10-14 14:33 - 2008-07-06 05:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2014-10-14 14:32 - 2014-10-14 14:34 - 00000000 ____D () C:\8c5b834f4555684ac6eb386559
2014-10-14 14:32 - 2008-07-06 05:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2014-10-14 14:32 - 2008-07-06 05:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2014-10-14 14:32 - 2008-07-06 05:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2014-10-14 14:32 - 2008-07-06 05:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2014-10-14 14:32 - 2008-07-06 03:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2014-10-14 14:25 - 2014-10-14 14:32 - 00000000 ____D () C:\61ddd73d3f816c4eda50
2014-10-14 14:18 - 2014-10-17 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-10-14 08:49 - 2014-10-14 08:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-10-14 02:48 - 2014-10-14 02:48 - 00380416 _____ () C:\Documents and Settings\Administrator\Desktop\3eriypok.exe
2014-10-14 02:46 - 2014-10-14 02:46 - 07268024 _____ (Bitdefender LLC) C:\Documents and Settings\Administrator\Desktop\BootkitRemoval_x86.exe
2014-10-14 00:34 - 2014-10-26 11:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-10-14 00:28 - 2014-10-14 00:30 - 14349744 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1012.exe
2014-10-13 21:37 - 2014-10-13 21:38 - 02348928 _____ () C:\Documents and Settings\Administrator\Desktop\D.exe
2014-10-13 20:25 - 2014-10-13 20:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
2014-10-13 20:25 - 2014-10-13 20:25 - 00020844 ____H () C:\WINDOWS\system32\mlfcache.dat
2014-10-13 20:25 - 2014-10-13 20:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-10-13 19:10 - 2014-10-13 19:10 - 00004276 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
2014-10-11 14:50 - 2014-10-11 14:50 - 00000126 _____ () C:\Documents and Settings\Administrator\Desktop\Trades Round 32 Avengers - Google Sheets.url
2014-10-09 16:56 - 2014-10-24 16:57 - 00000528 _____ () C:\Documents and Settings\Administrator\Desktop\speech practice.txt
2014-10-07 16:46 - 2014-10-07 16:46 - 00000000 ____D () C:\Program Files\Common Files\Scansoft Shared

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 18:26 - 2014-05-10 10:55 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 14:33 - 2014-04-04 13:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\CC
2014-10-31 20:25 - 2014-05-10 10:55 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 18:25 - 2014-06-09 17:50 - 00012816 _____ () C:\Documents and Settings\Administrator\Desktop\CN Notes.txt
2014-10-31 16:08 - 2014-08-03 16:54 - 00015566 _____ () C:\Documents and Settings\Administrator\Desktop\Trade.ods
2014-10-31 06:26 - 2013-07-09 05:59 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-30 09:10 - 2014-08-24 23:11 - 00011144 _____ () C:\Documents and Settings\Administrator\Desktop\CN  War.txt
2014-10-27 19:11 - 2014-09-17 08:32 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-10-27 18:37 - 2013-07-28 08:45 - 00000739 _____ () C:\WINDOWS\wiadebug.log
2014-10-27 09:37 - 2014-06-28 08:48 - 00018698 _____ () C:\Documents and Settings\Administrator\Desktop\Tech Deals.ods
2014-10-26 23:59 - 2013-07-09 05:59 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-10-26 15:34 - 2014-04-03 19:57 - 00000000 ____D () C:\Qoobox
2014-10-26 15:34 - 2013-07-09 05:59 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-26 15:32 - 2008-04-14 05:00 - 00000246 _____ () C:\WINDOWS\system.ini
2014-10-26 15:24 - 2013-07-09 05:52 - 01335944 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-26 15:23 - 2014-04-04 08:03 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-10-26 15:23 - 2013-07-28 08:45 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-26 15:22 - 2013-07-09 05:59 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-10-26 11:20 - 2014-04-03 21:34 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 11:19 - 2014-09-20 04:16 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-26 11:10 - 2014-04-07 14:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Computer Maintenance and Security
2014-10-26 11:09 - 2013-07-31 19:40 - 00000000 __SHD () C:\WINDOWS\CSC
2014-10-26 09:32 - 2008-04-14 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-26 09:20 - 2013-07-09 05:59 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-16 21:00 - 2013-07-29 02:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
2014-10-16 18:07 - 2013-07-09 05:59 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-10-16 18:06 - 2013-07-09 05:49 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-16 17:43 - 2013-07-13 01:49 - 00000000 ____D () C:\Documents and Settings\Guest
2014-10-14 15:02 - 2013-07-09 05:50 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-10-13 20:39 - 2013-07-08 22:41 - 00000327 _____ () C:\boot.ini
2014-10-13 19:12 - 2014-06-01 04:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\fb and Other Forums pics
2014-10-13 19:09 - 2014-04-14 16:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\study paintings 3 7 14
2014-10-13 19:09 - 2014-04-03 22:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Michael
2014-10-13 17:34 - 2014-06-03 11:03 - 00010950 _____ () C:\Documents and Settings\Administrator\Desktop\Bills.txt
2014-10-12 08:15 - 2014-04-09 13:17 - 00012790 _____ () C:\Documents and Settings\Administrator\Desktop\Shopping List.ods
2014-10-08 15:00 - 2014-04-04 08:03 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-07 16:54 - 2014-08-06 17:07 - 00000000 ____D () C:\Program Files\Lx_cats
2014-10-07 16:46 - 2014-04-05 19:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dragon NaturallySpeaking 8.0
2014-10-05 08:57 - 2014-09-02 13:35 - 00000678 _____ () C:\Documents and Settings\Administrator\Desktop\CN TE.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)
 

Attached Files


Edited by Kananu Reeves, 01 November 2014 - 10:31 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:32 PM

Posted 01 November 2014 - 10:50 PM

Greetings,

My pleasure to help.

Lots to do this first post. Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55224 2014-04-16] (StdLib)
C:\WINDOWS\System32\drivers\tStLibG.sys
S3 BCM43XX; system32\DRIVERS\bcmwl5.sys [X]
R3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S4 IntelIde; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]
Folder: C:\8c5b834f4555684ac6eb386559
Folder: C:\61ddd73d3f816c4eda50
File: C:\Documents and Settings\Administrator\Desktop\3eriypok.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Posting Previous TDSSKiller log

--------------------
  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

TDSSKiller_version_date_time_log.txt

  • Copy and paste the contents of that document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • Combofix log
  • TDSSKiller log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 02 November 2014 - 02:08 PM

computer seems to be running fine. it was those weird things mentioned previously that were causing me concern, especially getting booted off the IRC repeatedly and the fact that the derogatory desktop wallpaper that was on the computer when I got it (and which couldn't be removed by me) disappeared after running a couple of different scans.  That seemed like a big red flag.

 

 

here's the logs,

 

 

# AdwCleaner v3.311 - Report created 02/11/2014 at 10:35:59
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - BONUS-B5420A32E
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : tStLibG

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\PCFixSpeed
Folder Deleted : C:\Program Files\weDownload
Folder Deleted : C:\Program Files\TrustWorthy
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\TrustWorthy
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\Smartbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\CT3309350
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\CT3309758
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\Extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}(2)
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\Extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}(2)
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\drivers\tStLibG.sys
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309758
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90F31190-0F53-40D8-9305-4F3DECD4BD96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90F31190-0F53-40D8-9305-4F3DECD4BD96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90F31190-0F53-40D8-9305-4F3DECD4BD96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D72F496-F56D-4E00-802B-7339D9D56344}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77760D07-6D84-432A-BEAB-640E85C03EED}
Key Deleted : HKCU\Software\weDownload
Key Deleted : HKCU\Software\TrustWorthy
Key Deleted : HKLM\SOFTWARE\weDownload
Key Deleted : HKLM\SOFTWARE\TrustWorthy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustWorthy Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\weDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TrustWorthy Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\prefs.js ]

Line Deleted : user_pref("CT3309350.FF19Solved", "true");
Line Deleted : user_pref("CT3309350.FirstTime", "true");
Line Deleted : user_pref("CT3309350.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3309350.UserID", "UN17713426404580169");
Line Deleted : user_pref("CT3309350.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3309350.defaultSearch", "true");
Line Deleted : user_pref("CT3309350.enableAlerts", "true");
Line Deleted : user_pref("CT3309350.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3309350.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3309350.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3309350.fullUserID", "UN17713426404580169.IN.20130907032652");
Line Deleted : user_pref("CT3309350.installDate", "07/09/2013 03:27:08");
Line Deleted : user_pref("CT3309350.installId", "stub.exe");
Line Deleted : user_pref("CT3309350.installSessionId", "{7B9A6672-AC8A-43CC-A558-3719AF6C4AA2}");
Line Deleted : user_pref("CT3309350.installSp", "TRUE");
Line Deleted : user_pref("CT3309350.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3309350.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3309350.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3309350.keyword", "true");
Line Deleted : user_pref("CT3309350.lastVersion", "10.19.2.505");
Line Deleted : user_pref("CT3309350.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3309350.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.pcrx.com%2Fredirect.aspx%3Fa%3Dad_advert_tp_pcfs%26cfg%3D273\",\"EB_MAIN_FRAME_TITLE\":\"Problem%20loading%20pag[...]
Line Deleted : user_pref("CT3309350.openThankYouPage", "false");
Line Deleted : user_pref("CT3309350.openUninstallPage", "true");
Line Deleted : user_pref("CT3309350.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3309758&octid=CT3309758&SearchSource=61&CUI=UN18124608510189314&UM=2&UP=SP7D431C1E-FD33-43E4-985F-5A3E4D380BA4");
Line Deleted : user_pref("CT3309350.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN18124608510189314&UM=2&q=");
Line Deleted : user_pref("CT3309350.originalSearchEngine", "TrustWorthy Customized Web Search");
Line Deleted : user_pref("CT3309350.originalSearchEngineName", "TrustWorthy Customized Web Search");
Line Deleted : user_pref("CT3309350.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3309350.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3309350.searchRevert", "false");
Line Deleted : user_pref("CT3309350.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3309350.searchUserMode", "2");
Line Deleted : user_pref("CT3309350.settingsINI", true);
Line Deleted : user_pref("CT3309350.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3309350.smartbar.CTID", "CT3309350");
Line Deleted : user_pref("CT3309350.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3309350.smartbar.homepage", "true");
Line Deleted : user_pref("CT3309350.smartbar.isHidden", false);
Line Deleted : user_pref("CT3309350.smartbar.toolbarName", "BrowserPlus2 ");
Line Deleted : user_pref("CT3309350.startPage", "true");
Line Deleted : user_pref("CT3309350.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3309350.xpeMode", "0");
Line Deleted : user_pref("CT3309350_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381850849800,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3309758.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3309758.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3309758.1000234.TWC_TMP_city", "SALEM");
Line Deleted : user_pref("CT3309758.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3309758.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3309758.1000234.TWC_locId", "USOR0304");
Line Deleted : user_pref("CT3309758.1000234.TWC_location", "Salem, OR");
Line Deleted : user_pref("CT3309758.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3309758.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3309758.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3309758.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3309758.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3309758.FF19Solved", "true");
Line Deleted : user_pref("CT3309758.FirstTime", "true");
Line Deleted : user_pref("CT3309758.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3309758.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NTA5MDE5OA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3ODU1MDA4Mg==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Deleted : user_pref("CT3309758.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3ODU1MDA4Mg==");
Line Deleted : user_pref("CT3309758.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3309758.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3309758.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3309758.SF_USER_ID.enc", "Y2lkXzI5NzIwMTMyMjk1MTMxODI2NTg=");
Line Deleted : user_pref("CT3309758.UserID", "UN18124608510189314");
Line Deleted : user_pref("CT3309758.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3309758.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3309758.autoDisableScopes", -1);
Line Deleted : user_pref("CT3309758.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3309758.cbfirsttime.enc", "TW9uIEp1bCAyOSAyMDEzIDAyOjI5OjQ4IEdNVC0wNzAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3309758.countryCode", "US");
Line Deleted : user_pref("CT3309758.defaultSearch", "true");
Line Deleted : user_pref("CT3309758.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AwIiwidmVyc2lvbiI6MTB9");
Line Deleted : user_pref("CT3309758.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc1MjI0MTE4MjI1LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3309758.discover-user-id.enc", "ImJmYWM3MDZiLTU4MDItNDkyZi05ZWI3LWZhYjQ2MTgzODY0MiI=");
Line Deleted : user_pref("CT3309758.embeddedsData", "[{\"appId\":\"130189639317126526\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3309758.enableAlerts", "true");
Line Deleted : user_pref("CT3309758.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3309758.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3309758.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3309758.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3309758.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3309758.fixUrls", true);
Line Deleted : user_pref("CT3309758.fullUserID", "UN18124608510189314.IN.20130729020536");
Line Deleted : user_pref("CT3309758.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3309758.impression_counter.enc", "NQ==");
Line Deleted : user_pref("CT3309758.installDate", "29/07/2013 02:05:36");
Line Deleted : user_pref("CT3309758.installId", "cidoc");
Line Deleted : user_pref("CT3309758.installSessionId", "{711C96DC-2DBE-4EFA-8E4B-411028719A7E}");
Line Deleted : user_pref("CT3309758.installSp", "TRUE");
Line Deleted : user_pref("CT3309758.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3309758.installUsage", "2013-08-01T05:38:25.1957458+03:00");
Line Deleted : user_pref("CT3309758.installUsageEarly", "2013-07-29T12:08:15.01028+03:00");
Line Deleted : user_pref("CT3309758.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3309758.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3309758.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3309758.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3309758.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3309758.keyword", "true");
Line Deleted : user_pref("CT3309758.lastVersion", "10.19.2.505");
Line Deleted : user_pref("CT3309758.mam_gk_appStateReportTime.enc", "MTM3ODg5OTk5ODYyOQ==");
Line Deleted : user_pref("CT3309758.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appState_Piclickuitest1.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3309758.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3309758.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3309758.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3309758.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkRpc2NvdmVyIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiZmMxNDEyM2UtNDk0Yi00ZDhhLWJjYzQtNjk2ZGU2MzJiNmIzIiwiZG9tYWlucyI6WyI[...]
Line Deleted : user_pref("CT3309758.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3309758.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3309758.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3309758.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3309758.mam_gk_lastLoginTime.enc", "MTM3ODg5OTk5NTU1Ng==");
Line Deleted : user_pref("CT3309758.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3309758.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3309758.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTU1XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Deleted : user_pref("CT3309758.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTU1XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Deleted : user_pref("CT3309758.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTE2XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhwZ[...]
Line Deleted : user_pref("CT3309758.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3309758.mam_gk_userId.enc", "YzEzN2JkYmMtNzU1ZS00NTE1LWFkMDktZTc5MjE0NjRlOTZj");
Line Deleted : user_pref("CT3309758.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3309758.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3309758.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3309758.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://TrustWorthyToolbar.OurToolbar.com/\",\[...]
Line Deleted : user_pref("CT3309758.openThankYouPage", "false");
Line Deleted : user_pref("CT3309758.openUninstallPage", "true");
Line Deleted : user_pref("CT3309758.originalHomepage", "about:home");
Line Deleted : user_pref("CT3309758.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3309758.originalSearchEngine", "");
Line Deleted : user_pref("CT3309758.originalSearchEngineName", "");
Line Deleted : user_pref("CT3309758.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3309758.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3309758.search.searchAppId", "130189639317126526");
Line Deleted : user_pref("CT3309758.search.searchCount", "0");
Line Deleted : user_pref("CT3309758.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3309758.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3309758.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3309758.searchRevert", "true");
Line Deleted : user_pref("CT3309758.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3309758.searchUserMode", "2");
Line Deleted : user_pref("CT3309758.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3309758.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3309758.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3309758\"}");
Line Deleted : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://TrustWorthyToolbar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"TrustWorthy \"}");
Line Deleted : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3309758.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3309758.serviceLayer_services_Configuration_lastUpdate", "1375088891129");
Line Deleted : user_pref("CT3309758.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375088895963");
Line Deleted : user_pref("CT3309758.serviceLayer_services_appsMetadata_lastUpdate", "1377680051401");
Line Deleted : user_pref("CT3309758.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375088895910");
Line Deleted : user_pref("CT3309758.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1375088892485");
Line Deleted : user_pref("CT3309758.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1375324687557");
Line Deleted : user_pref("CT3309758.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375088895883");
Line Deleted : user_pref("CT3309758.serviceLayer_services_searchAPI_lastUpdate", "1375088891941");
Line Deleted : user_pref("CT3309758.serviceLayer_services_serviceMap_lastUpdate", "1375088890732");
Line Deleted : user_pref("CT3309758.serviceLayer_services_setupAPI_lastUpdate", "1375324686722");
Line Deleted : user_pref("CT3309758.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375088895865");
Line Deleted : user_pref("CT3309758.serviceLayer_services_toolbarSettings_lastUpdate", "1377680050855");
Line Deleted : user_pref("CT3309758.serviceLayer_services_translation_lastUpdate", "1375088895988");
Line Deleted : user_pref("CT3309758.settingsINI", true);
Line Deleted : user_pref("CT3309758.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3309758.showToolbarPermission", "false");
Line Deleted : user_pref("CT3309758.smartbar.CTID", "CT3309758");
Line Deleted : user_pref("CT3309758.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3309758.smartbar.homepage", "true");
Line Deleted : user_pref("CT3309758.smartbar.toolbarName", "TrustWorthy ");
Line Deleted : user_pref("CT3309758.startPage", "true");
Line Deleted : user_pref("CT3309758.toolbarBornServerTime", "1-8-2013");
Line Deleted : user_pref("CT3309758.toolbarCurrentServerTime", "28-8-2013");
Line Deleted : user_pref("CT3309758.toolbarLoginClientTime", "Fri Aug 02 2013 16:20:55 GMT-0700 (Pacific Standard Time)");
Line Deleted : user_pref("CT3309758.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3309758.url_history0001.enc", "aHR0cDovL3d3dy5hbnktZGF0YS1yZWNvdmVyeS5jb20vZG93bmxvYWRzL3Rlbm9yc2hhcmUtaXBob25lLTRzLWRhdGEtcmVjb3ZlcnktdHJpYWwuZXhlOjo6Y2xpY2toYW5kbGVyOjo6MTM3NTA5MTA1Njk5[...]
Line Deleted : user_pref("CT3309758.versionFromInstaller", "10.16.70.5");
Line Deleted : user_pref("CT3309758.xpeMode", "3");
Line Deleted : user_pref("CT3309758_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381850850554,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN17713426404580169&UM=2&UP=SP7D431C1E-FD33-43E4-985F-5A3E4D380BA4");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN18124608510189314&UM=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3309758");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "BrowserPlus2 Customized Web Search");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.LinkSwift.aul", "1381899333276");
Line Deleted : user_pref("extensions.LinkSwift.irl", true);
Line Deleted : user_pref("extensions.LinkSwift.is", "trlsus");
Line Deleted : user_pref("extensions.LinkSwift.ug", "DECEE8C3-B8AC-49B2-A7F3-7E48DEDBB56F");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3309758");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN18124608510189314&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3309758&octid=CT3309758&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN18124608510189314&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309758");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3309350");
Line Deleted : user_pref("smartbar.machineId", "CISYX+3U8QGJNT9XMRQ/0+0/QLRAGFPLIUAFKJPYVWGCWXVGYSPML4FIHRRNA8F/L+SKIEQJUPTBMV7LPGNJ4W");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN18124608510189314&UM=2&SearchSource=13");

[ File : C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gxhbga1m.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NDV&o=15765&locale=en_US&apn_uid=994CA56F-9E8F-42AE-A573-DEB8B089D433&apn_ptnrs=%5ENY&apn_sauid=51958828-03BE-4C40-8BCF-[...]

-\\ Google Chrome v38.0.2125.111

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [25029 octets] - [02/11/2014 10:33:48]
AdwCleaner[S0].txt - [25485 octets] - [02/11/2014 10:35:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25546 octets] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Sun 11/02/2014 at 10:46:00.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6D384B48-0DE7-4B47-B546-D86222EC922A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\cre"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/02/2014 at 10:53:57.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014
Ran by Administrator at 2014-11-02 10:57:29 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55224 2014-04-16] (StdLib)
C:\WINDOWS\System32\drivers\tStLibG.sys
S3 BCM43XX; system32\DRIVERS\bcmwl5.sys [X]
R3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S4 IntelIde; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]
Folder: C:\8c5b834f4555684ac6eb386559
Folder: C:\61ddd73d3f816c4eda50
File: C:\Documents and Settings\Administrator\Desktop\3eriypok.exe
*****************

tStLibG => Service not found.
"C:\WINDOWS\System32\drivers\tStLibG.sys" => File/Directory not found.
BCM43XX => Service deleted successfully.
catchme => Service deleted successfully.
easytether => Service deleted successfully.
IntelIde => Service deleted successfully.
USBAAPL => Service deleted successfully.
mbr => Service not found.

========================= Folder: C:\8c5b834f4555684ac6eb386559 ========================

2014-10-14 13:33 - 2014-10-14 13:33 - 0000000 ____D () C:\8c5b834f4555684ac6eb386559\amd64
2014-10-14 13:33 - 2008-07-06 04:06 - 0147456 ____N (Microsoft Corporation) C:\8c5b834f4555684ac6eb386559\amd64\filterpipelineprintproc.dll
2014-10-14 13:33 - 2008-07-06 04:06 - 0010929 ____N () C:\8c5b834f4555684ac6eb386559\amd64\msxpsdrv.cat
2014-10-14 13:33 - 2008-06-18 21:33 - 0002204 ____N () C:\8c5b834f4555684ac6eb386559\amd64\msxpsdrv.inf
2008-06-19 10:03 - 2008-06-19 10:03 - 0000073 ____N () C:\8c5b834f4555684ac6eb386559\amd64\msxpsinc.gpd
2014-10-14 13:33 - 2008-06-18 21:33 - 0000072 ____N () C:\8c5b834f4555684ac6eb386559\amd64\msxpsinc.ppd
2014-10-14 13:32 - 2008-07-06 04:06 - 0748032 ____N (Microsoft Corporation) C:\8c5b834f4555684ac6eb386559\amd64\mxdwdrv.dll
2008-07-06 16:36 - 2008-07-06 16:36 - 2936832 ____N (Microsoft Corporation) C:\8c5b834f4555684ac6eb386559\amd64\xpssvcs.dll
2014-10-14 13:33 - 2014-10-14 13:33 - 0000000 ____D () C:\8c5b834f4555684ac6eb386559\i386
2014-10-14 13:33 - 2008-07-06 04:06 - 0089088 ____N (Microsoft Corporation) C:\8c5b834f4555684ac6eb386559\i386\filterpipelineprintproc.dll
2014-10-14 13:33 - 2008-07-06 04:06 - 0010929 ____N () C:\8c5b834f4555684ac6eb386559\i386\msxpsdrv.cat
2014-10-14 13:33 - 2008-06-18 21:33 - 0002204 ____N () C:\8c5b834f4555684ac6eb386559\i386\msxpsdrv.inf
2014-10-14 13:33 - 2008-06-19 10:03 - 0000073 ____N () C:\8c5b834f4555684ac6eb386559\i386\msxpsinc.gpd
2014-10-14 13:33 - 2008-06-18 21:33 - 0000072 ____N () C:\8c5b834f4555684ac6eb386559\i386\msxpsinc.ppd
2014-10-14 13:32 - 2008-07-06 04:06 - 0765440 ____N (Microsoft Corporation) C:\8c5b834f4555684ac6eb386559\i386\mxdwdrv.dll
2014-10-14 13:32 - 2008-07-06 04:06 - 1676288 ____N (Microsoft Corporation) C:\8c5b834f4555684ac6eb386559\i386\xpssvcs.dll

====== End of Folder: ======


========================= Folder: C:\61ddd73d3f816c4eda50 ========================

2008-07-29 22:15 - 2008-07-29 22:15 - 0225490 _____ () C:\61ddd73d3f816c4eda50\baseline.dat
2008-07-29 22:15 - 2008-07-29 22:15 - 0000796 _____ () C:\61ddd73d3f816c4eda50\deffactory.dat
2008-07-29 17:47 - 2008-07-29 17:47 - 0097280 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\DeleteTemp.exe
2008-07-29 17:47 - 2008-07-29 17:47 - 0276984 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\dlmgr.dll
2008-07-29 23:23 - 2008-07-29 23:23 - 0633848 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\DW20.EXE
2008-07-29 23:23 - 2008-07-29 23:23 - 0111616 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\DWINTL20.DLL
2008-07-29 22:15 - 2008-07-29 22:15 - 0046893 _____ () C:\61ddd73d3f816c4eda50\eula.1025.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0053519 _____ () C:\61ddd73d3f816c4eda50\eula.1028.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0043814 _____ () C:\61ddd73d3f816c4eda50\eula.1029.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0041822 _____ () C:\61ddd73d3f816c4eda50\eula.1030.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0041798 _____ () C:\61ddd73d3f816c4eda50\eula.1031.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0053977 _____ () C:\61ddd73d3f816c4eda50\eula.1032.rtf
2008-07-29 15:03 - 2008-07-29 15:03 - 0110130 _____ () C:\61ddd73d3f816c4eda50\eula.1033.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0043216 _____ () C:\61ddd73d3f816c4eda50\eula.1035.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0042457 _____ () C:\61ddd73d3f816c4eda50\eula.1036.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0077913 _____ () C:\61ddd73d3f816c4eda50\eula.1037.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0044918 _____ () C:\61ddd73d3f816c4eda50\eula.1038.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0041708 _____ () C:\61ddd73d3f816c4eda50\eula.1040.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0061595 _____ () C:\61ddd73d3f816c4eda50\eula.1041.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0127418 _____ () C:\61ddd73d3f816c4eda50\eula.1042.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0040763 _____ () C:\61ddd73d3f816c4eda50\eula.1043.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0040854 _____ () C:\61ddd73d3f816c4eda50\eula.1044.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0045015 _____ () C:\61ddd73d3f816c4eda50\eula.1045.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0040995 _____ () C:\61ddd73d3f816c4eda50\eula.1046.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0074626 _____ () C:\61ddd73d3f816c4eda50\eula.1049.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0041314 _____ () C:\61ddd73d3f816c4eda50\eula.1053.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0046870 _____ () C:\61ddd73d3f816c4eda50\eula.1055.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0051680 _____ () C:\61ddd73d3f816c4eda50\eula.2052.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0043434 _____ () C:\61ddd73d3f816c4eda50\eula.2070.rtf
2008-07-29 22:15 - 2008-07-29 22:15 - 0041495 _____ () C:\61ddd73d3f816c4eda50\eula.3082.rtf
2008-07-29 17:47 - 2008-07-29 17:47 - 1064448 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\gencomp.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0177152 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\HtmlLite.dll
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1025.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1028.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1029.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1030.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1031.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1032.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1035.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1036.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1037.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1038.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1040.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1041.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1042.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1043.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1044.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1045.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1046.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1049.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1053.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.1055.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.2052.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.2070.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.3082.ini
2008-07-29 22:15 - 2008-07-29 22:15 - 0016978 _____ () C:\61ddd73d3f816c4eda50\locdata.ini
2008-07-29 17:43 - 2008-07-29 17:43 - 0005208 _____ () C:\61ddd73d3f816c4eda50\logo.bmp
2008-07-29 17:47 - 2008-07-29 17:47 - 0269304 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setup.exe
2008-07-29 22:15 - 2008-07-29 22:15 - 0076356 _____ () C:\61ddd73d3f816c4eda50\setup.sdb
2008-07-29 17:47 - 2008-07-29 17:47 - 0113152 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1025.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0084992 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1028.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0125440 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1029.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0126464 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1030.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0130048 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1031.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0137728 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1032.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0122368 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1035.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0133120 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1036.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0111104 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1037.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0132096 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1038.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0128512 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1040.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0097792 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1041.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0094720 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1042.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0129024 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1043.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0121856 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1044.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0128512 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1045.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0122880 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1046.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0123904 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1049.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0121344 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1053.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0121344 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.1055.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0084480 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.2052.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0131072 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.2070.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0131584 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.3082.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0110080 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\setupres.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 1364992 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\SITSetup.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 1054208 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\vs_setup.dll
2008-07-29 23:23 - 2008-07-29 23:23 - 0626688 _____ () C:\61ddd73d3f816c4eda50\vs_setup.MS_
2008-07-29 22:15 - 2008-07-29 22:15 - 0021744 _____ () C:\61ddd73d3f816c4eda50\vs_setup.pdi
2008-07-29 17:47 - 2008-07-29 17:47 - 0632320 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\vs70uimgr.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0413184 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\vsbasereqs.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0689152 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\vsscenario.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0102904 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1025.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0089592 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1028.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0108536 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1029.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0108536 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1030.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0111608 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1031.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0113656 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1032.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0106488 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1035.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0112120 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1036.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0101368 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1037.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0111096 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1038.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0110072 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1040.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0095224 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1041.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0092664 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1042.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0108536 _____ (Setup) C:\61ddd73d3f816c4eda50\WapRes.1043.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0106488 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1044.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0109048 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1045.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0107512 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1046.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0107000 _____ (Корпорация Майкрософт) C:\61ddd73d3f816c4eda50\WapRes.1049.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0105976 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1053.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0106488 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.1055.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0089080 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.2052.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0110072 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.2070.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0111096 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.3082.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0107512 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapRes.dll
2008-07-29 17:47 - 2008-07-29 17:47 - 0984056 _____ (Microsoft Corporation) C:\61ddd73d3f816c4eda50\WapUI.dll

====== End of Folder: ======


========================= File: C:\Documents and Settings\Administrator\Desktop\3eriypok.exe ========================

"C:\Documents and Settings\Administrator\Desktop\3eriypok.exe" not found.
====== End Of File: ======


==== End of Fixlog ====

 

 

ComboFix 14-10-27.01 - Administrator 10/26/2014  15:25:02.5.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1534.1253 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\fix.exe
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-299502267-261903793-1177238915-500(2)\INFO2
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-26 to 2014-10-26  )))))))))))))))))))))))))))))))
.
.
2014-10-17 01:06 . 2014-10-17 01:06    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-10-14 21:34 . 2008-07-06 12:06    89088    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-10-14 21:33 . 2008-07-06 12:06    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2014-10-14 21:33 . 2008-07-06 12:06    117760    ------w-    c:\windows\system32\prntvpt.dll
2014-10-14 21:32 . 2008-07-06 12:06    575488    -c----w-    c:\windows\system32\dllcache\xpsshhdr.dll
2014-10-14 21:32 . 2008-07-06 12:06    575488    ------w-    c:\windows\system32\xpsshhdr.dll
2014-10-14 21:32 . 2008-07-06 12:06    1676288    -c----w-    c:\windows\system32\dllcache\xpssvcs.dll
2014-10-14 21:32 . 2008-07-06 12:06    1676288    ------w-    c:\windows\system32\xpssvcs.dll
2014-10-14 21:32 . 2008-07-06 10:50    597504    -c----w-    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2014-10-14 21:32 . 2008-07-06 10:50    597504    ------w-    c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-10-14 21:32 . 2014-10-14 21:34    --------    d-----w-    C:\8c5b834f4555684ac6eb386559
2014-10-14 21:25 . 2014-10-14 21:32    --------    d-----w-    C:\61ddd73d3f816c4eda50
2014-10-14 21:18 . 2014-10-18 02:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\CheckPoint
2014-10-14 07:34 . 2014-10-26 18:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-10-14 03:25 . 2014-10-14 03:39    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\NPE
2014-10-14 03:25 . 2014-10-14 03:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
2014-10-07 23:46 . 2014-10-07 23:46    --------    d-----w-    c:\program files\Common Files\Scansoft Shared
2014-10-01 00:23 . 2014-10-01 00:23    --------    d-----w-    c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-26 18:20 . 2014-04-04 04:34    113880    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-26 18:19 . 2014-09-20 11:16    54232    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-20 11:00 . 2014-09-20 05:34    21361    ----a-w-    c:\windows\system32\drivers\AegisP.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-06-12 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ       msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
2014-05-08 13:48    746376    ----a-w-    c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-06-11 19:28    312240    ----a-w-    c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2012-09-13 07:38    204136    ----a-w-    c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-04-30 08:19    20480    ----a-w-    c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-06-11 19:27    291760    ----a-w-    c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 23:00    155648    ----a-w-    c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [6/12/2013 8:53 AM 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [6/12/2013 8:53 AM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [6/12/2013 8:53 AM 14184]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [4/16/2014 5:40 PM 55224]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [8/6/2014 5:06 PM 99248]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [9/21/2012 12:08 PM 19688]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [5/21/2014 11:15 PM 13440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-21 21:25    1089352    ----a-w-    c:\program files\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-10 17:55]
.
2014-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-10 17:55]
.
2014-10-26 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-04 01:59]
.
2014-10-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-04 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftymebti.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.conquerclub.com
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('network.proxy.type', 5);
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,41,61,81,40,86,6f,4e,bf,ca,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,41,61,81,40,86,6f,4e,bf,ca,3b,\
.
[HKEY_USERS\S-1-5-21-299502267-261903793-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,18,55,17,01,51,e0,4c,b3,12,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,18,55,17,01,51,e0,4c,b3,12,c1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-10-26  15:34:12
ComboFix-quarantined-files.txt  2014-10-26 22:34
ComboFix2.txt  2014-10-16 21:43
ComboFix3.txt  2014-10-14 05:19
ComboFix4.txt  2014-10-14 04:20
ComboFix5.txt  2014-10-26 22:19
.
Pre-Run: 11,041,222,656 bytes free
Post-Run: 11,091,873,792 bytes free
.
- - End Of File - - 21212320FEF0545E8230372E46E2DE61
8F558EB6672622401DA993E1E865C861
 

 

 

09:30:43.0053 0x1364  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:30:47.0709 0x1364  ============================================================
09:30:47.0709 0x1364  Current date / time: 2014/10/26 09:30:47.0709
09:30:47.0709 0x1364  SystemInfo:
09:30:47.0709 0x1364  
09:30:47.0709 0x1364  OS Version: 5.1.2600 ServicePack: 3.0
09:30:47.0709 0x1364  Product type: Workstation
09:30:47.0709 0x1364  ComputerName: BONUS-B5420A32E
09:30:47.0709 0x1364  UserName: Administrator
09:30:47.0709 0x1364  Windows directory: C:\WINDOWS
09:30:47.0709 0x1364  System windows directory: C:\WINDOWS
09:30:47.0709 0x1364  Processor architecture: Intel x86
09:30:47.0709 0x1364  Number of processors: 1
09:30:47.0709 0x1364  Page size: 0x1000
09:30:47.0709 0x1364  Boot type: Normal boot
09:30:47.0709 0x1364  ============================================================
09:30:50.0272 0x1364  KLMD registered as C:\WINDOWS\system32\drivers\16464813.sys
09:30:50.0459 0x1364  System UUID: {32A7AF56-8C7A-A32D-21BB-BFE947032125}
09:30:51.0287 0x1364  Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 ( 37.25 Gb ), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:30:51.0287 0x1364  ============================================================
09:30:51.0287 0x1364  \Device\Harddisk0\DR0:
09:30:51.0287 0x1364  MBR partitions:
09:30:51.0287 0x1364  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4369530
09:30:51.0287 0x1364  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4379034, BlocksNum 0x70454A
09:30:51.0287 0x1364  ============================================================
09:30:51.0287 0x1364  Initialize success
09:30:51.0287 0x1364  ============================================================
09:30:52.0834 0x0fc8  ============================================================
09:30:52.0834 0x0fc8  Scan started
09:30:52.0834 0x0fc8  Mode: Manual;
09:30:52.0834 0x0fc8  ============================================================
09:30:52.0834 0x0fc8  KSN ping started
09:30:55.0975 0x0fc8  KSN ping finished: true
09:30:56.0334 0x0fc8  ================ Scan system memory ========================
09:30:56.0334 0x0fc8  System memory - ok
09:30:56.0350 0x0fc8  ================ Scan services =============================
09:30:56.0443 0x0fc8  6to4 - ok
09:30:56.0459 0x0fc8  Abiosdsk - ok
09:30:56.0490 0x0fc8  abp480n5 - ok
09:30:56.0506 0x0fc8  ACPI - ok
09:30:56.0537 0x0fc8  ACPIEC - ok
09:30:56.0553 0x0fc8  adpu160m - ok
09:30:56.0584 0x0fc8  aec - ok
09:30:56.0615 0x0fc8  AegisP - ok
09:30:56.0647 0x0fc8  AFD - ok
09:30:56.0662 0x0fc8  Aha154x - ok
09:30:56.0693 0x0fc8  aic78u2 - ok
09:30:56.0725 0x0fc8  aic78xx - ok
09:30:56.0740 0x0fc8  Alerter - ok
09:30:56.0772 0x0fc8  ALG - ok
09:30:56.0787 0x0fc8  AliIde - ok
09:30:56.0818 0x0fc8  amsint - ok
09:30:56.0834 0x0fc8  AppMgmt - ok
09:30:56.0865 0x0fc8  Arp1394 - ok
09:30:56.0897 0x0fc8  asc - ok
09:30:56.0912 0x0fc8  asc3350p - ok
09:30:56.0943 0x0fc8  asc3550 - ok
09:30:57.0006 0x0fc8  aspnet_state - ok
09:30:57.0022 0x0fc8  AsyncMac - ok
09:30:57.0053 0x0fc8  atapi - ok
09:30:57.0068 0x0fc8  Atdisk - ok
09:30:57.0115 0x0fc8  Atmarpc - ok
09:30:57.0147 0x0fc8  AudioSrv - ok
09:30:57.0162 0x0fc8  audstub - ok
09:30:57.0209 0x0fc8  BCM42RLY - ok
09:30:57.0225 0x0fc8  BCM43XX - ok
09:30:57.0256 0x0fc8  bcm4sbxp - ok
09:30:57.0272 0x0fc8  Beep - ok
09:30:57.0303 0x0fc8  BITS - ok
09:30:57.0318 0x0fc8  Browser - ok
09:30:57.0350 0x0fc8  catchme - ok
09:30:57.0365 0x0fc8  cbidf2k - ok
09:30:57.0397 0x0fc8  CCDECODE - ok
09:30:57.0428 0x0fc8  cd20xrnt - ok
09:30:57.0443 0x0fc8  Cdaudio - ok
09:30:57.0459 0x0fc8  Cdfs - ok
09:30:57.0490 0x0fc8  Cdrom - ok
09:30:57.0506 0x0fc8  Changer - ok
09:30:57.0537 0x0fc8  CiSvc - ok
09:30:57.0553 0x0fc8  ClipSrv - ok
09:30:57.0568 0x0fc8  clr_optimization_v2.0.50727_32 - ok
09:30:57.0600 0x0fc8  clr_optimization_v4.0.30319_32 - ok
09:30:57.0615 0x0fc8  CmdIde - ok
09:30:57.0647 0x0fc8  CompFilter - ok
09:30:57.0662 0x0fc8  COMSysApp - ok
09:30:57.0693 0x0fc8  Cpqarray - ok
09:30:57.0725 0x0fc8  CryptSvc - ok
09:30:57.0740 0x0fc8  dac2w2k - ok
09:30:57.0756 0x0fc8  dac960nt - ok
09:30:57.0787 0x0fc8  DcomLaunch - ok
09:30:57.0803 0x0fc8  Dhcp - ok
09:30:57.0834 0x0fc8  Disk - ok
09:30:57.0850 0x0fc8  dmadmin - ok
09:30:57.0865 0x0fc8  dmboot - ok
09:30:57.0897 0x0fc8  dmio - ok
09:30:57.0912 0x0fc8  dmload - ok
09:30:57.0928 0x0fc8  dmserver - ok
09:30:57.0959 0x0fc8  DMusic - ok
09:30:57.0975 0x0fc8  Dnscache - ok
09:30:58.0006 0x0fc8  Dot3svc - ok
09:30:58.0022 0x0fc8  dpti2o - ok
09:30:58.0037 0x0fc8  drmkaud - ok
09:30:58.0068 0x0fc8  EapHost - ok
09:30:58.0084 0x0fc8  EAPPkt - ok
09:30:58.0115 0x0fc8  easytether - ok
09:30:58.0131 0x0fc8  ERSvc - ok
09:30:58.0162 0x0fc8  Eventlog - ok
09:30:58.0178 0x0fc8  EventSystem - ok
09:30:58.0193 0x0fc8  exFat - ok
09:30:58.0209 0x0fc8  Fastfat - ok
09:30:58.0240 0x0fc8  FastUserSwitchingCompatibility - ok
09:30:58.0272 0x0fc8  Fdc - ok
09:30:58.0287 0x0fc8  Fips - ok
09:30:58.0318 0x0fc8  Flpydisk - ok
09:30:58.0334 0x0fc8  FltMgr - ok
09:30:58.0350 0x0fc8  Fs_Rec - ok
09:30:58.0381 0x0fc8  Ftdisk - ok
09:30:58.0397 0x0fc8  GEARAspiWDM - ok
09:30:58.0412 0x0fc8  Gpc - ok
09:30:58.0428 0x0fc8  GTNDIS5 - ok
09:30:58.0459 0x0fc8  gupdate - ok
09:30:58.0475 0x0fc8  gupdatem - ok
09:30:58.0490 0x0fc8  helpsvc - ok
09:30:58.0522 0x0fc8  HidServ - ok
09:30:58.0537 0x0fc8  hidusb - ok
09:30:58.0553 0x0fc8  hkmsvc - ok
09:30:58.0584 0x0fc8  hpn - ok
09:30:58.0600 0x0fc8  HTTP - ok
09:30:58.0615 0x0fc8  HTTPFilter - ok
09:30:58.0647 0x0fc8  i2omgmt - ok
09:30:58.0662 0x0fc8  i2omp - ok
09:30:58.0678 0x0fc8  i8042prt - ok
09:30:58.0709 0x0fc8  ialm - ok
09:30:58.0725 0x0fc8  Imapi - ok
09:30:58.0740 0x0fc8  ImapiService - ok
09:30:58.0772 0x0fc8  ini910u - ok
09:30:58.0803 0x0fc8  IntelIde - ok
09:30:58.0834 0x0fc8  intelppm - ok
09:30:58.0850 0x0fc8  Ip6Fw - ok
09:30:58.0881 0x0fc8  IpFilterDriver - ok
09:30:58.0897 0x0fc8  IpInIp - ok
09:30:58.0912 0x0fc8  IpNat - ok
09:30:58.0928 0x0fc8  IPSec - ok
09:30:58.0959 0x0fc8  IRENUM - ok
09:30:58.0990 0x0fc8  isapnp - ok
09:30:59.0006 0x0fc8  Kbdclass - ok
09:30:59.0022 0x0fc8  kbdhid - ok
09:30:59.0053 0x0fc8  kmixer - ok
09:30:59.0068 0x0fc8  KSecDD - ok
09:30:59.0100 0x0fc8  LanmanServer - ok
09:30:59.0115 0x0fc8  lanmanworkstation - ok
09:30:59.0147 0x0fc8  lbrtfdc - ok
09:30:59.0178 0x0fc8  LmHosts - ok
09:30:59.0209 0x0fc8  LVRS - ok
09:30:59.0225 0x0fc8  LVUVC - ok
09:30:59.0240 0x0fc8  lxddCATSCustConnectService - ok
09:30:59.0272 0x0fc8  lxdd_device - ok
09:30:59.0287 0x0fc8  Messenger - ok
09:30:59.0318 0x0fc8  mnmdd - ok
09:30:59.0334 0x0fc8  mnmsrvc - ok
09:30:59.0350 0x0fc8  Modem - ok
09:30:59.0381 0x0fc8  Mouclass - ok
09:30:59.0397 0x0fc8  mouhid - ok
09:30:59.0412 0x0fc8  MountMgr - ok
09:30:59.0428 0x0fc8  mraid35x - ok
09:30:59.0459 0x0fc8  MRxDAV - ok
09:30:59.0475 0x0fc8  MRxSmb - ok
09:30:59.0490 0x0fc8  MSDTC - ok
09:30:59.0522 0x0fc8  Msfs - ok
09:30:59.0553 0x0fc8  MSIServer - ok
09:30:59.0568 0x0fc8  MSKSSRV - ok
09:30:59.0584 0x0fc8  MSPCLOCK - ok
09:30:59.0615 0x0fc8  MSPQM - ok
09:30:59.0631 0x0fc8  mssmbios - ok
09:30:59.0662 0x0fc8  MSTEE - ok
09:30:59.0678 0x0fc8  ms_mpu401 - ok
09:30:59.0693 0x0fc8  Mup - ok
09:30:59.0709 0x0fc8  mv61xxmm - ok
09:30:59.0740 0x0fc8  mv64xxmm - ok
09:30:59.0756 0x0fc8  mvxxmm - ok
09:30:59.0772 0x0fc8  NABTSFEC - ok
09:30:59.0803 0x0fc8  napagent - ok
09:30:59.0818 0x0fc8  NDIS - ok
09:30:59.0850 0x0fc8  NdisIP - ok
09:30:59.0865 0x0fc8  NdisTapi - ok
09:30:59.0881 0x0fc8  Ndisuio - ok
09:30:59.0912 0x0fc8  NdisWan - ok
09:30:59.0928 0x0fc8  NDProxy - ok
09:30:59.0943 0x0fc8  NetBIOS - ok
09:30:59.0959 0x0fc8  NetBT - ok
09:30:59.0990 0x0fc8  NetDDE - ok
09:31:00.0006 0x0fc8  NetDDEdsdm - ok
09:31:00.0037 0x0fc8  Netlogon - ok
09:31:00.0053 0x0fc8  Netman - ok
09:31:00.0084 0x0fc8  NetTcpPortSharing - ok
09:31:00.0100 0x0fc8  NIC1394 - ok
09:31:00.0131 0x0fc8  Nla - ok
09:31:00.0162 0x0fc8  Npfs - ok
09:31:00.0178 0x0fc8  Ntfs - ok
09:31:00.0193 0x0fc8  NtLmSsp - ok
09:31:00.0225 0x0fc8  NtmsSvc - ok
09:31:00.0240 0x0fc8  Null - ok
09:31:00.0272 0x0fc8  NWCWorkstation - ok
09:31:00.0287 0x0fc8  NwlnkFlt - ok
09:31:00.0318 0x0fc8  NwlnkFwd - ok
09:31:00.0334 0x0fc8  NwlnkIpx - ok
09:31:00.0365 0x0fc8  NwlnkNb - ok
09:31:00.0381 0x0fc8  NwlnkSpx - ok
09:31:00.0412 0x0fc8  NWRDR - ok
09:31:00.0428 0x0fc8  ohci1394 - ok
09:31:00.0443 0x0fc8  Parport - ok
09:31:00.0459 0x0fc8  PartMgr - ok
09:31:00.0490 0x0fc8  ParVdm - ok
09:31:00.0522 0x0fc8  PCI - ok
09:31:00.0537 0x0fc8  PCIDump - ok
09:31:00.0553 0x0fc8  PCIIde - ok
09:31:00.0584 0x0fc8  Pcmcia - ok
09:31:00.0600 0x0fc8  PDCOMP - ok
09:31:00.0631 0x0fc8  PDFRAME - ok
09:31:00.0647 0x0fc8  PDRELI - ok
09:31:00.0678 0x0fc8  PDRFRAME - ok
09:31:00.0693 0x0fc8  perc2 - ok
09:31:00.0725 0x0fc8  perc2hib - ok
09:31:00.0803 0x0fc8  PlugPlay - ok
09:31:00.0818 0x0fc8  pneteth - ok
09:31:00.0834 0x0fc8  PolicyAgent - ok
09:31:00.0865 0x0fc8  PptpMiniport - ok
09:31:00.0897 0x0fc8  ProtectedStorage - ok
09:31:00.0912 0x0fc8  PSched - ok
09:31:00.0928 0x0fc8  Ptilink - ok
09:31:00.0959 0x0fc8  ql1080 - ok
09:31:00.0975 0x0fc8  Ql10wnt - ok
09:31:01.0006 0x0fc8  ql12160 - ok
09:31:01.0022 0x0fc8  ql1240 - ok
09:31:01.0037 0x0fc8  ql1280 - ok
09:31:01.0084 0x0fc8  RasAcd - ok
09:31:01.0115 0x0fc8  RasAuto - ok
09:31:01.0131 0x0fc8  Rasl2tp - ok
09:31:01.0147 0x0fc8  RasMan - ok
09:31:01.0178 0x0fc8  RasPppoe - ok
09:31:01.0209 0x0fc8  Raspti - ok
09:31:01.0225 0x0fc8  Rdbss - ok
09:31:01.0240 0x0fc8  RDPCDD - ok
09:31:01.0272 0x0fc8  rdpdr - ok
09:31:01.0303 0x0fc8  RDPWD - ok
09:31:01.0334 0x0fc8  RDSessMgr - ok
09:31:01.0350 0x0fc8  redbook - ok
09:31:01.0381 0x0fc8  RemoteAccess - ok
09:31:01.0397 0x0fc8  RemoteRegistry - ok
09:31:01.0412 0x0fc8  RpcLocator - ok
09:31:01.0443 0x0fc8  RpcSs - ok
09:31:01.0459 0x0fc8  rspndr - ok
09:31:01.0475 0x0fc8  RSVP - ok
09:31:01.0506 0x0fc8  RTL8187B - ok
09:31:01.0522 0x0fc8  SamSs - ok
09:31:01.0537 0x0fc8  SCardSvr - ok
09:31:01.0568 0x0fc8  Schedule - ok
09:31:01.0584 0x0fc8  Secdrv - ok
09:31:01.0615 0x0fc8  seclogon - ok
09:31:01.0631 0x0fc8  senfilt - ok
09:31:01.0647 0x0fc8  SENS - ok
09:31:01.0678 0x0fc8  serenum - ok
09:31:01.0693 0x0fc8  Serial - ok
09:31:01.0740 0x0fc8  Sfloppy - ok
09:31:01.0772 0x0fc8  SharedAccess - ok
09:31:01.0787 0x0fc8  ShellHWDetection - ok
09:31:01.0803 0x0fc8  Simbad - ok
09:31:01.0834 0x0fc8  SLIP - ok
09:31:01.0865 0x0fc8  smwdm - ok
09:31:01.0881 0x0fc8  Sparrow - ok
09:31:01.0897 0x0fc8  splitter - ok
09:31:01.0928 0x0fc8  Spooler - ok
09:31:01.0943 0x0fc8  sr - ok
09:31:01.0959 0x0fc8  srservice - ok
09:31:01.0990 0x0fc8  Srv - ok
09:31:02.0006 0x0fc8  SSDPSRV - ok
09:31:02.0022 0x0fc8  stisvc - ok
09:31:02.0053 0x0fc8  streamip - ok
09:31:02.0068 0x0fc8  swenum - ok
09:31:02.0084 0x0fc8  swmidi - ok
09:31:02.0115 0x0fc8  SwPrv - ok
09:31:02.0147 0x0fc8  symc810 - ok
09:31:02.0178 0x0fc8  symc8xx - ok
09:31:02.0193 0x0fc8  sym_hi - ok
09:31:02.0209 0x0fc8  sym_u3 - ok
09:31:02.0225 0x0fc8  sysaudio - ok
09:31:02.0256 0x0fc8  SysmonLog - ok
09:31:02.0287 0x0fc8  tap0901 - ok
09:31:02.0303 0x0fc8  TapiSrv - ok
09:31:02.0318 0x0fc8  Tcpip - ok
09:31:02.0350 0x0fc8  Tcpip6 - ok
09:31:02.0365 0x0fc8  TDPIPE - ok
09:31:02.0381 0x0fc8  TDTCP - ok
09:31:02.0412 0x0fc8  TermDD - ok
09:31:02.0428 0x0fc8  TermService - ok
09:31:02.0443 0x0fc8  Themes - ok
09:31:02.0459 0x0fc8  TlntSvr - ok
09:31:02.0490 0x0fc8  TosIde - ok
09:31:02.0506 0x0fc8  TrkWks - ok
09:31:02.0537 0x0fc8  tStLibG - ok
09:31:02.0553 0x0fc8  tunmp - ok
09:31:02.0584 0x0fc8  Udfs - ok
09:31:02.0600 0x0fc8  ultra - ok
09:31:02.0631 0x0fc8  Update - ok
09:31:02.0647 0x0fc8  upnphost - ok
09:31:02.0662 0x0fc8  UPS - ok
09:31:02.0693 0x0fc8  USBAAPL - ok
09:31:02.0709 0x0fc8  usbaudio - ok
09:31:02.0725 0x0fc8  usbccgp - ok
09:31:02.0740 0x0fc8  usbehci - ok
09:31:02.0772 0x0fc8  usbhub - ok
09:31:02.0787 0x0fc8  usbprint - ok
09:31:02.0803 0x0fc8  usbscan - ok
09:31:02.0834 0x0fc8  USBSTOR - ok
09:31:02.0850 0x0fc8  usbuhci - ok
09:31:02.0881 0x0fc8  usbvideo - ok
09:31:02.0897 0x0fc8  VgaSave - ok
09:31:02.0928 0x0fc8  ViaIde - ok
09:31:02.0943 0x0fc8  VolSnap - ok
09:31:02.0959 0x0fc8  VSS - ok
09:31:02.0975 0x0fc8  W32Time - ok
09:31:03.0006 0x0fc8  Wanarp - ok
09:31:03.0037 0x0fc8  Wdf01000 - ok
09:31:03.0053 0x0fc8  WDICA - ok
09:31:03.0068 0x0fc8  wdmaud - ok
09:31:03.0100 0x0fc8  WebClient - ok
09:31:03.0147 0x0fc8  winmgmt - ok
09:31:03.0193 0x0fc8  WinUsb - ok
09:31:03.0209 0x0fc8  WmdmPmSN - ok
09:31:03.0225 0x0fc8  Wmi - ok
09:31:03.0272 0x0fc8  WmiApSrv - ok
09:31:03.0287 0x0fc8  WPFFontCache_v0400 - ok
09:31:03.0303 0x0fc8  WS2IFSL - ok
09:31:03.0334 0x0fc8  wscsvc - ok
09:31:03.0350 0x0fc8  WSTCODEC - ok
09:31:03.0365 0x0fc8  wuauserv - ok
09:31:03.0397 0x0fc8  WZCSVC - ok
09:31:03.0412 0x0fc8  xmlprov - ok
09:31:03.0459 0x0fc8  ================ Scan global ===============================
09:31:03.0459 0x0fc8  [ Global ] - ok
09:31:03.0475 0x0fc8  ================ Scan MBR ==================================
09:31:03.0490 0x0fc8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:31:03.0772 0x0fc8  \Device\Harddisk0\DR0 - ok
09:31:03.0772 0x0fc8  ================ Scan VBR ==================================
09:31:03.0803 0x0fc8  [ 0005EEEAB788580823335DF4CD24D02D ] \Device\Harddisk0\DR0\Partition1
09:31:03.0803 0x0fc8  \Device\Harddisk0\DR0\Partition1 - ok
09:31:03.0850 0x0fc8  [ E99AFE270FD5C4681D33A2F4DAE40600 ] \Device\Harddisk0\DR0\Partition2
09:31:03.0850 0x0fc8  \Device\Harddisk0\DR0\Partition2 - ok
09:31:03.0865 0x0fc8  ================ Scan generic autorun ======================
09:31:03.0865 0x0fc8  SoundMAXPnP - ok
09:31:03.0881 0x0fc8  IgfxTray - ok
09:31:03.0881 0x0fc8  HotKeysCmds - ok
09:31:03.0897 0x0fc8  ctfmon.exe - ok
09:31:03.0912 0x0fc8  FlashPlayerUpdate - ok
09:31:03.0928 0x0fc8  ctfmon.exe - ok
09:31:04.0256 0x0fc8  FW detected via SS1: ZoneAlarm Free Firewall Firewall, 13.3.209.0, enabled
09:31:08.0178 0x0fc8  ============================================================
09:31:08.0178 0x0fc8  Scan finished
09:31:08.0178 0x0fc8  ============================================================
09:31:08.0209 0x1754  Detected object count: 0
09:31:08.0209 0x1754  Actual detected object count: 0
09:31:13.0584 0x17f8  Deinitialize success
 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:32 PM

Posted 02 November 2014 - 04:55 PM

Thanks,

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 02 November 2014 - 08:55 PM

okay, so when I tried to post the last two logs, I got the following error message:
 
 
"You have posted a message with more emoticons than this community allows. Please reduce the number of emoticons you've added to the message."
 
 
 
I tried refreshing the page twice, and it still wouldn't work; so, I'm going to attach them instead.

Results of screen317's Security Check version 0.99.89
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Please wait while WMIC is being installed.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Adobe Flash Player 11.8.800.94 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 29.0.1 Firefox out of Date!
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Attached Files


Edited by Oh My!, 02 November 2014 - 09:28 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:32 PM

Posted 02 November 2014 - 09:37 PM

Thanks for attaching the files. It is a system issue.

Please do this.

===================================================

No Antivirus Program Installed

-------------------
  • Please download and install an antivirus program, and make sure that you keep it updated.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Two good antivirus programs free for non-commercial home use are avast! Free Antivirus and Avira AntiVir Personal - Free Antivirus. You can also use Microsoft Security Essentials as well, which is also free
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may decrease your overall protection.
===================================================

Update Adobe Flash Player

--------------------

Please update your Adobe Flash Player to the latest version
  • Download Adobe Flash Player here and save it to your desktop. Uncheck "Yes, install McAfee Security Scan Plus - optional"
  • Close any open browsers
  • Double click on the adobeflashplayer.jpg icon to launch the installation
  • If you are presented with a warning popup select "Run"
  • Once the installation is complete click "Finish"
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the install/updates go well?
  • Any current issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 02 November 2014 - 11:47 PM

is an anti-virus program different than a firewall. Should i have a firewall or anti-virus



#12 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 02 November 2014 - 11:59 PM

Also, was my computer infected?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:32 PM

Posted 03 November 2014 - 11:31 AM

Greetings,

Yes an antivirus program is far different than a firewall. A firewall will block some things from coming in or going out. However, there are many things a firewall will not stop, by design, and those things can carry malicious software. In many ways an antivirus program is more critical than a firewall, although you should have both.

I am not sure I would say your computer was infected. There was one file we deleted that was suspect but not confirmed malicious. It was on your desktop and sometimes randomly named files like that are associated with tools that were run. You did have a lot of junk we removed.

It is still important for you to install an antivirus program and update the programs as well. Of course that is up to you but you will not be sufficiently protected if we don't do those things.

Edited by Oh My!, 03 November 2014 - 02:25 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 03 November 2014 - 02:18 PM

okay, thanks for the info. I'll get on it and get back to you later when I'm through.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:32 PM

Posted 06 November 2014 - 03:08 PM

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users