Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep being reinfected according Hitmanpro


  • This topic is locked This topic is locked
16 replies to this topic

#1 novice3

novice3

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 27 October 2014 - 04:07 PM

 
 
Thank you in advance for any assistance. 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Norman at 13:59:49 on 2014-10-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.484 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409
uSearch Page = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ST: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: MSNToolBandBHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: MSN: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"
mRun: [vProt] "c:\program files\avg web tuneup\vprot.exe"
mRun: [TkBellExe] c:\program files\common files\real\update_ob\evntsvc.exe -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374828804281
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1374828796546
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A9927813-1101-44B6-B855-73925451B5CF} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\3.0.0\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.104\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\norman\application data\mozilla\firefox\profiles\34n3kip7.default-1398838125578\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-7-21 192280]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 199448]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-4-8 42272]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2002-1-1 30976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]
S4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
.
=============== Created Last 30 ================
.
2014-10-24 03:18:58 18544 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2014-10-24 03:18:57 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2014-10-24 03:18:56 150128 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2014-10-24 03:18:55 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-10-24 03:18:55 91032 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-10-24 03:18:55 897688 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2014-10-24 03:18:55 273008 ----a-w- c:\program files\mozilla firefox\updater.exe
2014-10-24 03:18:32 25027184 ----a-w- c:\program files\mozilla firefox\xul.dll
2014-10-20 10:44:16 -------- d-----w- c:\documents and settings\norman\application data\AVG2015
2014-10-20 10:27:36 -------- d-----w- c:\documents and settings\all users\application data\AVG2015
2014-10-20 07:29:34 -------- d-----w- c:\documents and settings\norman\local settings\application data\Avg2015
2014-10-15 06:02:32 -------- d-----w- c:\program files\iPod
2014-10-15 06:02:17 -------- d-----w- c:\program files\iTunes
2014-10-15 06:02:17 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-15 05:31:38 -------- d-----w- C:\PageDefrag
2014-10-15 03:54:23 -------- d-----w- c:\program files\HitmanPro
2014-10-15 03:54:11 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2014-10-15 03:06:06 -------- d-----w- c:\documents and settings\norman\application data\FreshDiagnose
.
==================== Find3M  ====================
.
2014-10-22 03:49:30 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-22 03:49:28 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-20 07:10:37 5136 ----a-w- c:\windows\compaq.reg
2014-08-21 04:49:40 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 14:02:17.39 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 AM

Posted 01 November 2014 - 04:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553559 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 novice3

novice3
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 04 November 2014 - 04:31 PM

 
Thank you in advance for any assistance. 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Norman at 23:58:13 on 2014-11-03
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.601 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE
C:\Program Files\LTCM Client\ltcmScheduler.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409
uSearch Page = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ST: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: MSNToolBandBHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: MSN: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihva.exe /ept "epltarget\P0000000000000000" /M "WorkForce 645"
uRun: [ltcmScheduler] c:\program files\ltcm client\ltcmScheduler.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"
mRun: [vProt] "c:\program files\avg web tuneup\vprot.exe"
mRun: [TkBellExe] c:\program files\common files\real\update_ob\evntsvc.exe -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374828804281
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1374828796546
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\3.0.0\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\norman\application data\mozilla\firefox\profiles\34n3kip7.default-1398838125578\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-9-30 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-9 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-7-21 192280]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 199448]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-4-8 42272]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\3.1.0\ToolbarUpdater.exe [2014-9-29 1814040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2002-1-1 30976]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
S4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-7-17 116632]
.
=============== Created Last 30 ================
.
2014-10-29 04:16:42 -------- d-----w- c:\documents and settings\norman\application data\Leader Technologies
2014-10-29 04:05:11 -------- d-----w- c:\program files\LTCM Client
2014-10-29 03:58:34 475410 ----a-w- c:\windows\system32\ensppmon.dll
2014-10-29 03:58:34 475410 ----a-w- c:\windows\system32\enppmon.dll
2014-10-29 03:58:34 458129 ----a-w- c:\windows\system32\ensppui.dll
2014-10-29 03:58:34 458129 ----a-w- c:\windows\system32\enppui.dll
2014-10-29 03:58:34 249344 ----a-w- c:\windows\system32\enspres.dll
2014-10-29 03:58:34 249344 ----a-w- c:\windows\system32\enpres.dll
2014-10-29 03:58:32 -------- d-----w- c:\program files\EpsonNet
2014-10-29 03:57:37 -------- d-----w- c:\program files\common files\EPSON
2014-10-29 03:54:50 -------- d-----w- c:\program files\Epson America Inc
2014-10-29 03:51:53 -------- d-----w- c:\program files\Epson Software
2014-10-29 03:49:50 93696 ----a-w- c:\windows\system32\E_TLBHVA.DLL
2014-10-29 03:49:50 81408 ----a-w- c:\windows\system32\E_TD4BHVA.DLL
2014-10-29 03:49:11 -------- d-----w- c:\documents and settings\all users\application data\EPSON
2014-10-29 03:48:36 132560 ----a-w- c:\windows\system32\esdevapp.exe
2014-10-29 03:48:36 12800 ----a-w- c:\windows\system32\escdev.dll
2014-10-29 03:48:33 342016 ----a-w- c:\windows\system32\eswiaud.dll
2014-10-29 03:47:48 -------- d-----w- c:\program files\epson
2014-10-24 03:18:58 18544 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2014-10-24 03:18:57 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2014-10-24 03:18:56 150128 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2014-10-24 03:18:55 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-10-24 03:18:55 91032 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-10-24 03:18:55 897688 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2014-10-24 03:18:55 273008 ----a-w- c:\program files\mozilla firefox\updater.exe
2014-10-24 03:18:32 25027184 ----a-w- c:\program files\mozilla firefox\xul.dll
2014-10-20 10:44:16 -------- d-----w- c:\documents and settings\norman\application data\AVG2015
2014-10-20 10:27:36 -------- d-----w- c:\documents and settings\all users\application data\AVG2015
2014-10-20 07:29:34 -------- d-----w- c:\documents and settings\norman\local settings\application data\Avg2015
2014-10-15 06:02:32 -------- d-----w- c:\program files\iPod
2014-10-15 06:02:17 -------- d-----w- c:\program files\iTunes
2014-10-15 06:02:17 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-15 05:31:38 -------- d-----w- C:\PageDefrag
2014-10-15 03:54:23 -------- d-----w- c:\program files\HitmanPro
2014-10-15 03:54:11 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2014-10-15 03:06:06 -------- d-----w- c:\documents and settings\norman\application data\FreshDiagnose
.
==================== Find3M  ====================
.
2014-10-22 03:49:30 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-22 03:49:28 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-20 07:10:37 5136 ----a-w- c:\windows\compaq.reg
2014-08-21 04:49:40 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH:  0:00:06.70 ===============
 
 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 05 November 2014 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

What problem remains on this computer?

Wait for further instructions.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 11 November 2014 - 10:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:05:06 AM

Posted 13 November 2014 - 12:58 PM

This topic has been re-opened at the request of the person who originally posted.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 13 November 2014 - 01:21 PM

I'm listening.

#8 novice3

novice3
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 13 November 2014 - 07:05 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/18/2014
Scan Time: 11:59:34 PM
Logfile: mbam log.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.19.02
Rootkit Database: v2014.10.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Norman
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374102
Time Elapsed: 34 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.VOPackage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE, , [a7e76caa9ce09b9b591360cadb282ad6], 
PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MediaPlayerEnhance, , [9fef6caa23592f077ef2f558c340d927], 
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3723271197-429115175-1203367206-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, , [424cd93d49335cda6a3bbb8f996a7789], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3723271197-429115175-1203367206-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [f599080e205c1b1b8bc669e99b6832ce], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3723271197-429115175-1203367206-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [0589db3b2d4f8caaa1f70e5ac93b738d], 
 
Registry Values: 2
PUP.Optional.VOPackage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Documents and Settings\Norman\Application Data\VOPackage\uninstall.exe", , [a7e76caa9ce09b9b591360cadb282ad6]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3723271197-429115175-1203367206-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Q1O2W1R1D0D1S1J, , [0589db3b2d4f8caaa1f70e5ac93b738d]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.AdPeak.A, C:\Temp, , [b9d5a2745e1e1026102cdc5825dec43c], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0, , [424c32e4522ac571c605589bee14d62a], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
 
Files: 36
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nsa1F.tmp, , [612d59bde09ca096992a0e78808120e0], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nsd1B.tmp, , [2c621ef8e7950d29e4dfdfa7c23f8080], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nsk1C.tmp, , [2f5f37df502c50e6754ec9bdcd3410f0], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nsl1E.tmp, , [b1dda4727c00d56102c10482e41d1be5], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nso12.tmp, , [3757d93d8af2340212b190f64bb645bb], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nso13.tmp, , [3856b264bcc00630883bee9831d00af6], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nso20.tmp, , [3e507c9ac9b344f25b68f78f877aa35d], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nss1A.tmp, , [216d6bab7507aa8cd6ede99dd52c6799], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nsv16.tmp, , [eba3e234f18b21153e85355122df60a0], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nsx15.tmp, , [85097f97087493a3329199ed23de36ca], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nsx1A.tmp, , [434b39ddf983003608bb51359d6441bf], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\ICReinstall_nsz28.tmp, , [92fce82eb3c94fe7299a6f17e71afa06], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nsa1F.tmp, , [abe30313007c3204e8db7f073bc62cd4], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nsd1B.tmp, , [840a6fa7116bba7c853eb0d6d42d6b95], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nsk1C.tmp, , [523c0f07c9b337fffcc77214c73ac43c], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nsl1E.tmp, , [711d1cfa99e34ceac5fe20661be6669a], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nso12.tmp, , [b0dee82e64185adcb90ac2c47c85f60a], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nso13.tmp, , [4d418690611b9b9b4d7695f1b24fdc24], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nso20.tmp, , [bcd2ec2ae19bc96d2c9734526c95d729], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nss1A.tmp, , [7c12070f116bd165a81b3551000118e8], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nsv16.tmp, , [a0eeb660a1dbc2741fa41d69de2356aa], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nsx15.tmp, , [9ef0fe188def3bfb0fb44046f809ba46], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nsx1A.tmp, , [810da5718bf182b4fdc670162cd5cd33], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\Norman\Local Settings\Temp\nsz28.tmp, , [078723f30874c175eed51f679c65ec14], 
PUP.Optional.AdPeak.A, C:\Temp\lsp2.log, , [b9d5a2745e1e1026102cdc5825dec43c], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage, , [721c76a03e3e39fdfa0c52f329da827e], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage-journal, , [e1ad9a7ce597082ed036d96ce41f8d73], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0\1, , [424c32e4522ac571c605589bee14d62a], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000005.ldb, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000008.ldb, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000012.log, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\CURRENT, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOCK, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOG, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOG.old, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\MANIFEST-000010, , [bad4aa6ceb91989e9a3d32c1b2502cd4], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

# AdwCleaner v4.101 - Report created 12/11/2014 at 22:14:41
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Norman - HOME
# Running from : C:\Documents and Settings\Norman\Desktop\adwcleaner_4.101.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\WINDOWS\system32\drivers\netfilter.sys
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Uninstaller
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DMUninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://findwide.com/serp?guid={C93C258D-EAF7-41F6-8DE1-C5D066E2AAD0}&action=default_search&serpv=22&k={searchTerms}
[C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo
[C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [4349 octets] - [12/11/2014 22:14:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4409 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by Norman (administrator) on HOME on 13-11-2014 01:15:39
Running from C:\Documents and Settings\Norman\Desktop
Loaded Profiles: Norman & Administrator (Available profiles: Norman & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(VERITAS Software, Inc.) C:\WINDOWS\system32\dla\tfswctrl.exe
(Compaq Computer Corporation) C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(Compaq Computer Corporation) C:\Program Files\compaq\Easy Access Button Support\CPQEADM.exe
(Compaq) C:\Compaq\EAKDRV\EAUSBKBD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Compaq Computer Corporation) C:\PROGRA~1\compaq\EASYAC~1\BttnServ.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHVA.EXE
(Leader Technologies Inc.) C:\Program Files\LTCM Client\ltcmScheduler.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WCOLOREAL] => C:\Program Files\COMPAQ\Coloreal\coloreal.exe [143360 2002-02-20] ()
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2575896 2014-09-29] ()
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe [146432 2002-08-01] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [StorageGuard] => C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [155648 2002-05-09] (VERITAS Software, Inc.)
HKLM\...\Run: [srmclean] => C:\Cpqs\Scom\srmclean.exe [36864 2001-07-24] ()
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-07-04] ()
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [106549 2002-07-16] (VERITAS Software, Inc.)
HKLM\...\Run: [CPQEASYACC] => C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [32768 2001-12-14] (Compaq Computer Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3723271197-429115175-1203367206-1007\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3723271197-429115175-1203367206-1007\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE [219008 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3723271197-429115175-1203367206-1007\...\Run: [ltcmScheduler] => C:\Program Files\LTCM Client\ltcmScheduler.exe [105664 2009-08-05] (Leader Technologies Inc.)
HKU\S-1-5-21-3723271197-429115175-1203367206-1007\...\Run: [Microsoft Works Update Detection] => c:\Program Files\Microsoft Works\WkDetect.exe
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ST -> {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -> C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: MSNToolBandBHO -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.0.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\34n3kip7.default-1398838125578
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.0.0\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-08]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=hp
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=3.1.0.7&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com_
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&pr=fr&d=2014-04-08 21:14:34&v=3.1.0.7&pid=wtu&sg=
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14]
CHR Extension: (Google Drive) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14]
CHR Extension: (Google Search) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14]
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-04-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Gmail) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S4 Compaq_RBA; C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe [262144 2002-05-16] (NeoPlanet) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-07] (Oracle Corporation)
S4 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
R2 vToolbarUpdater3.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-09-29] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2279424 2004-10-01] (Realtek Semiconductor Corp.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [192280 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42272 2014-04-18] (AVG Technologies)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [81552 2002-06-05] (VERITAS Software, Inc.) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40368 2002-06-06] (VERITAS Software, Inc.) [File not signed]
R3 eaps2kbd; C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [24035 2001-12-28] (Compaq Computer Corp.)
R1 EAWDMFD; C:\WINDOWS\System32\DRIVERS\eawdmfd.sys [24348 1999-10-29] (Compaq Computer Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2002-01-01] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-10-27] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-27] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-27] (HP)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [158140 2001-08-08] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12479 2001-08-08] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12031 2001-08-08] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11679 2001-08-08] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [11999 2001-08-08] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19359 2001-08-08] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29215 2001-08-08] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19199 2001-08-08] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33503 2001-08-08] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23519 2001-08-08] (Intel® Corporation)
R3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [625537 2003-03-31] (LT)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [155008 2002-07-13] (S3 Graphics, Inc.)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5589 2002-06-19] (VERITAS Software, Inc.) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [22995 2002-06-19] (VERITAS Software, Inc.) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [23701 2002-07-16] (VERITAS Software, Inc.) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34805 2002-07-16] (VERITAS Software, Inc.) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2002-07-16] (VERITAS Software, Inc.) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2201 2002-07-16] (VERITAS Software, Inc.) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [54900 2002-07-16] (VERITAS Software, Inc.) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14421 2002-07-16] (VERITAS Software, Inc.) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6325 2002-07-16] (VERITAS Software, Inc.) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [91156 2002-07-16] (VERITAS Software, Inc.) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [95125 2002-07-16] (VERITAS Software, Inc.) [File not signed]
S0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27648 2002-03-04] (VIA Technologies, Inc.)
S3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22608 2001-08-10] (America Online, Inc.)
R1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [90336 2002-05-22] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [69504 2002-05-22] (Intel Corporation)
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S4 hpt3xx; No ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; No ImagePath
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-13 00:29 - 2014-11-13 01:16 - 00020854 _____ () C:\Documents and Settings\Norman\Desktop\FRST.txt
2014-11-13 00:29 - 2014-11-13 01:15 - 00000000 ____D () C:\FRST
2014-11-13 00:27 - 2014-11-13 00:27 - 00004489 _____ () C:\Documents and Settings\Norman\Desktop\AdwCleaner[R0].txt
2014-11-12 22:14 - 2014-11-12 22:18 - 00000000 ____D () C:\AdwCleaner
2014-11-12 22:12 - 2014-11-12 20:02 - 00023622 _____ () C:\Documents and Settings\Norman\Desktop\mbam-log-2014-11-12 (19-06-46).xml
2014-11-12 19:04 - 2014-11-12 22:09 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 19:03 - 2014-11-12 19:03 - 00000785 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 19:03 - 2014-11-12 19:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-12 19:03 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-12 19:03 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-12 19:01 - 2014-11-13 01:14 - 00000474 _____ () C:\Documents and Settings\Norman\Desktop\defogger_disable.log
2014-11-12 19:01 - 2014-11-12 19:01 - 00000000 _____ () C:\Documents and Settings\Norman\defogger_reenable
2014-11-12 18:54 - 2014-11-12 18:54 - 02140160 _____ () C:\Documents and Settings\Norman\Desktop\adwcleaner_4.101.exe
2014-11-12 18:54 - 2014-11-12 18:54 - 00003474 _____ () C:\Documents and Settings\Norman\Desktop\bleeingcomputer instructions.txt
2014-11-12 18:51 - 2014-11-12 18:51 - 01107968 _____ (Farbar) C:\Documents and Settings\Norman\Desktop\FRST.exe
2014-11-12 18:50 - 2014-11-12 18:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Norman\Desktop\mbam-setup-2.0.3.1025 (1).exe
2014-11-04 00:00 - 2014-11-04 00:00 - 00019613 _____ () C:\Documents and Settings\Norman\Desktop\attach.txt
2014-11-04 00:00 - 2014-11-04 00:00 - 00014464 _____ () C:\Documents and Settings\Norman\Desktop\dds.txt
2014-11-03 23:55 - 2014-02-08 11:35 - 00050477 _____ () C:\Documents and Settings\Norman\Desktop\Defogger.exe
2014-10-29 17:52 - 2014-10-29 17:52 - 00000000 ____D () C:\WINDOWS\Sun
2014-10-29 00:08 - 2014-10-29 00:08 - 00000000 _____ () C:\WINDOWS\EEventManager.INI
2014-10-28 20:16 - 2014-10-28 20:16 - 00000000 ____D () C:\Documents and Settings\Norman\Application Data\Leader Technologies
2014-10-28 20:05 - 2014-10-28 20:05 - 00001627 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LTCM Client.lnk
2014-10-28 20:05 - 2014-10-28 20:05 - 00000000 ____D () C:\Program Files\LTCM Client
2014-10-28 20:05 - 2014-10-28 20:05 - 00000000 ____D () C:\Documents and Settings\Norman\Application Data\Leadertech
2014-10-28 20:02 - 2014-10-28 20:02 - 00001707 _____ () C:\Documents and Settings\All Users\Desktop\WorkForce 545_645 User's Guide.lnk
2014-10-28 19:59 - 2014-10-28 19:59 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Epson
2014-10-28 19:58 - 2014-10-28 19:58 - 00000000 ____D () C:\Program Files\EpsonNet
2014-10-28 19:58 - 2014-10-28 19:58 - 00000000 ____D () C:\Documents and Settings\Norman\Application Data\InstallShield
2014-10-28 19:58 - 2010-09-13 14:01 - 00458129 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll
2014-10-28 19:58 - 2010-09-13 14:01 - 00458129 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll
2014-10-28 19:58 - 2010-09-13 14:00 - 00475410 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll
2014-10-28 19:58 - 2010-09-13 14:00 - 00475410 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2014-10-28 19:58 - 2008-06-18 10:49 - 00249344 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll
2014-10-28 19:58 - 2008-06-18 10:49 - 00249344 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2014-10-28 19:57 - 2014-10-28 20:01 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-10-28 19:56 - 2014-10-28 20:15 - 00000000 ____D () C:\Documents and Settings\Norman\Application Data\Epson
2014-10-28 19:55 - 2014-10-28 19:55 - 00000000 ____D () C:\Documents and Settings\Norman\Start Menu\Programs\EPSON Software
2014-10-28 19:54 - 2014-10-28 19:54 - 00000000 ____D () C:\Program Files\Epson America Inc
2014-10-28 19:53 - 2014-10-28 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
2014-10-28 19:51 - 2014-10-28 19:56 - 00000000 ____D () C:\Program Files\Epson Software
2014-10-28 19:49 - 2014-10-28 20:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-10-28 19:49 - 2010-09-28 06:01 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_TLBHVA.DLL
2014-10-28 19:49 - 2010-08-09 06:02 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_TD4BHVA.DLL
2014-10-28 19:48 - 2014-10-28 20:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2014-10-28 19:48 - 2014-10-28 19:48 - 00000673 _____ () C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
2014-10-28 19:48 - 2009-10-15 23:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2014-10-28 19:48 - 2009-10-15 23:00 - 00012800 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escdev.dll
2014-10-28 19:48 - 2009-09-16 23:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll
2014-10-28 19:47 - 2014-10-28 20:02 - 00000000 ____D () C:\Program Files\epson
2014-10-28 19:45 - 2014-10-28 20:05 - 00000079 _____ () C:\WINDOWS\EWF645.ini
2014-10-27 12:56 - 2014-10-27 12:56 - 00688992 ____R (Swearware) C:\Documents and Settings\Norman\Desktop\dds.com
2014-10-23 19:15 - 2014-10-23 19:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-21 14:43 - 2014-10-22 02:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-10-21 14:42 - 2014-10-22 17:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-20 02:44 - 2014-10-20 02:44 - 00000000 ____D () C:\Documents and Settings\Norman\Application Data\AVG2015
2014-10-20 02:27 - 2014-10-20 02:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-10-20 02:16 - 2014-10-20 02:16 - 00007183 _____ () C:\Documents and Settings\Norman\My Documents\regtweak.reg
2014-10-19 23:29 - 2014-10-23 18:04 - 00000000 ____D () C:\Documents and Settings\Norman\Local Settings\Application Data\Avg2015
2014-10-19 18:39 - 2014-10-19 22:42 - 00005085 _____ () C:\WINDOWS\.compaq.bak
2014-10-18 20:22 - 2014-10-18 20:22 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-10-15 14:58 - 2014-10-15 14:58 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Norman\My Documents\tdsskiller.exe
2014-10-14 22:04 - 2014-10-14 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-10-14 22:02 - 2014-10-14 22:03 - 00000000 ____D () C:\Program Files\iTunes
2014-10-14 22:02 - 2014-10-14 22:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-14 22:02 - 2014-10-14 22:02 - 00000000 ____D () C:\Program Files\iPod
2014-10-14 21:31 - 2014-10-14 21:31 - 00000000 ____D () C:\PageDefrag
2014-10-14 20:31 - 2014-10-14 20:31 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2014-10-14 19:54 - 2014-10-14 19:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-14 19:54 - 2002-01-01 02:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-10-14 19:53 - 2014-10-14 19:54 - 10280824 _____ (SurfRight B.V.) C:\Documents and Settings\Norman\My Documents\HitmanPro.exe
2014-10-14 19:26 - 2014-10-19 23:10 - 00000210 ____H () C:\boot.ini
2014-10-14 19:07 - 2014-10-14 21:36 - 00000000 ____D () C:\Documents and Settings\Norman\My Documents\System Report
2014-10-14 19:06 - 2014-10-14 19:06 - 00000000 ____D () C:\Documents and Settings\Norman\Application Data\FreshDiagnose
2014-10-14 16:34 - 2014-10-14 16:34 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-10-14 16:33 - 2014-10-14 16:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-10-14 16:32 - 2014-10-19 18:24 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-10-14 16:32 - 2014-10-14 17:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-10-14 16:32 - 2014-10-14 16:34 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-14 16:32 - 2014-04-13 07:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-10-14 16:32 - 2014-01-15 23:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-10-14 16:32 - 2002-08-12 21:31 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-10-14 16:32 - 2002-08-02 01:15 - 00000000 ____D () C:\Documents and Settings\Administrator\WINDOWS
2014-10-14 16:32 - 2002-08-02 01:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Quicken Financial Center
2014-10-14 16:32 - 2002-08-02 01:15 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\My eBooks
2014-10-14 16:32 - 2002-08-02 01:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\VERITAS
2014-10-14 16:32 - 2002-08-02 01:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Symantec
2014-10-14 16:32 - 2002-08-02 01:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Real
2014-10-14 16:32 - 2002-08-02 01:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InterTrust
2014-10-14 16:32 - 2002-08-02 01:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-10-14 16:32 - 2002-08-01 21:01 - 00000809 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-10-14 16:32 - 2002-08-01 19:04 - 00006905 _____ () C:\Documents and Settings\Administrator\ml2.srt
2014-10-14 16:32 - 2002-08-01 19:04 - 00006892 _____ () C:\Documents and Settings\Administrator\ml1.srt
2014-10-14 16:32 - 2002-08-01 19:04 - 00003318 _____ () C:\Documents and Settings\Administrator\tempdiff.txt
2014-10-14 16:32 - 2002-08-01 18:51 - 00000780 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-10-14 16:32 - 2002-08-01 18:47 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-10-14 16:32 - 2002-03-22 21:47 - 00053248 _____ () C:\Documents and Settings\Administrator\Desktop\Hot Deals from Compaq.exe
2014-10-14 16:32 - 2002-02-21 01:05 - 00000173 _____ () C:\Documents and Settings\Administrator\oobecmt.ini
2014-10-14 16:32 - 2001-11-13 02:49 - 00000205 _____ () C:\Documents and Settings\Administrator\My Documents\Yahoo! Briefcase.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-13 01:16 - 2003-02-02 21:04 - 00000000 ____D () C:\Documents and Settings\Norman\Local Settings\Temp
2014-11-13 01:15 - 2014-01-14 19:26 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 00:47 - 2013-07-26 07:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-12 22:01 - 2014-04-06 21:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-12 21:39 - 2002-08-01 11:39 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-12 21:38 - 2014-04-14 07:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-12 21:38 - 2003-02-02 20:08 - 00000190 _____ () C:\WINDOWS\system\hpsysdrv.DAT
2014-11-12 21:37 - 2014-03-25 13:18 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-12 21:37 - 2014-01-14 19:26 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 21:37 - 2002-08-01 18:32 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-12 20:11 - 2004-10-30 13:48 - 01814184 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-12 20:05 - 2002-08-01 18:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-12 20:03 - 2002-08-01 18:51 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-12 20:02 - 2013-07-26 04:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-11-12 20:02 - 2003-02-02 21:04 - 00000178 ___SH () C:\Documents and Settings\Norman\ntuser.ini
2014-11-12 19:06 - 2014-04-27 10:41 - 00090051 _____ () C:\WINDOWS\setupapi.log
2014-11-12 19:01 - 2003-02-02 21:04 - 00000000 ____D () C:\Documents and Settings\Norman
2014-11-12 17:52 - 2002-08-01 11:36 - 00286904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-12 17:48 - 2013-10-08 19:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 17:34 - 2014-01-15 23:29 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 17:19 - 2005-06-03 17:01 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 17:02 - 2013-07-26 02:34 - 00000424 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{AFE64E21-2990-4F5B-AAD7-C66D88C9CEEB}.job
2014-11-08 15:00 - 2014-03-25 13:18 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-04 13:34 - 2013-10-08 20:03 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-11-03 11:21 - 2002-08-01 11:37 - 00579142 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-28 20:31 - 2014-06-12 01:54 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-28 19:58 - 2002-08-01 20:07 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-28 19:47 - 2002-08-01 11:34 - 00000000 ____D () C:\WINDOWS\twain_32
2014-10-27 13:19 - 2014-01-14 19:28 - 00001821 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-25 22:57 - 2014-02-05 21:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-21 19:49 - 2013-07-26 07:10 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-21 19:49 - 2013-07-26 07:10 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-20 02:54 - 2014-04-06 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-10-20 02:44 - 2014-04-06 21:27 - 00000000 ____D () C:\Program Files\AVG
2014-10-20 02:43 - 2014-04-06 21:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-10-20 02:43 - 2014-04-06 21:28 - 00000000 ___HD () C:\$AVG
2014-10-19 23:10 - 2007-09-17 14:36 - 00000000 ____D () C:\WINDOWS\pss
2014-10-19 23:10 - 2002-08-01 20:57 - 00005136 _____ () C:\WINDOWS\compaq.reg
2014-10-19 23:10 - 2002-08-01 18:32 - 00000608 _____ () C:\WINDOWS\win.ini
2014-10-19 23:10 - 2002-08-01 18:32 - 00000227 _____ () C:\WINDOWS\system.ini
2014-10-19 22:52 - 2002-01-01 01:16 - 439222272 _____ () C:\LogFile.Etl
2014-10-19 22:46 - 2002-08-01 18:44 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-10-19 19:07 - 2012-05-15 23:02 - 00077104 ____C () C:\Documents and Settings\Norman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-18 23:59 - 2014-02-23 11:17 - 00000000 ____D () C:\Documents and Settings\Norman\My Documents\Backups
2014-10-18 22:07 - 2014-02-07 20:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-14 22:28 - 2002-08-02 00:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-14 22:02 - 2014-06-12 02:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2014-10-14 22:02 - 2014-06-12 01:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-14 17:26 - 2013-07-25 03:19 - 00001945 ____C () C:\WINDOWS\epplauncher.mif
2014-10-14 16:36 - 2002-08-01 18:51 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
 
Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-677322f1.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-802b79c2.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by Norman at 2014-11-13 01:17:39
Running from C:\Documents and Settings\Norman\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.0.0.2 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Coloreal (HKLM\...\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}) (Version:  - )
Compaq Advisor (HKLM\...\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}) (Version:  - )
CP_AtenaShokunin1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CueTour (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeepBurner v1.9.0.228 (HKLM\...\{2ADE2157-7A5E-122C-B51D-EB8A01B15943}) (Version:  - )
Destinations (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
dj_taplugin (Version: 60.0.196.000 - Hewlett-Packard) Hidden
dj6940 (Version: 60.0.196.000 - Hewlett-Packard) Hidden
DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 3.50 - VERITAS Software)
DMUninstaller (HKLM\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Easy Access Button Support (HKLM\...\{93539D60-1817-11D1-9504-00805F26A89C}) (Version:  - )
Easy Family Tree (HKLM\...\Easy Family Tree) (Version:  - )
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HP Deskjet 6900 series (HKLM\...\{7ADE9F27-A175-447F-A4B4-B05FA82735E1}) (Version: 6.0 - HP)
HP Extended Capabilities 6.0 (HKLM\...\HPExtendedCapabilities) (Version: 6.0 - HP)
HP Imaging Device Functions 6.0 (HKLM\...\HP Imaging Device Functions) (Version: 6.0 - HP)
HP Photosmart Premier Software 6.0 (HKLM\...\HP Photo & Imaging) (Version: 6.0 - HP)
HP Solution Center and Imaging Support Tools 6.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 6.0 - HP)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
hpf_ProductContext (Version: 60.0.196.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Inactive HP Printer Drivers (Remove only) (HKLM\...\Inactive HP Printer Drivers (Remove only)) (Version:  - )
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Intel® 845G Chipset Graphics Driver Software (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
InterVideo WinDVD (HKLM\...\{C1939820-A945-11D4-86F6-0001031E5712}) (Version:  - InterVideo Inc.)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 2 Runtime Environment Standard Edition v1.3.1 (HKLM\...\JRE 1.3.1) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
LP6940_Help (Version: 60.0.196.000 - Hewlett-Packard) Hidden
LP6940Trb (Version: 60.0.196.000 - Hewlett-Packard) Hidden
LTCM Client (HKLM\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Masque Slots II (HKLM\...\Masque Slots II) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version:  - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6.0 (HKLM\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}) (Version: 06.00.0000 - Microsoft Corporation)
Microsoft Works and Money 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version:  - )
Monopoly Casino (HKLM\...\Monopoly Casino) (Version:  - )
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN Toolbar (HKLM\...\MSN Toolbar) (Version:  - )
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PhotoGallery (Version: 60.0.155.000 - Hewlett-Packard) Hidden
RandMap (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Readme (Version: 60.0.196.000 - Hewlett-Packard) Hidden
RealOne Player (HKLM\...\RealPlayer 6.0) (Version:  - )
RecordNow (HKLM\...\{8214CC02-6271-4DC8-B8DD-779933450264}) (Version: 4.10 - VERITAS Software)
RecordNow Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.70 - VERITAS Software)
S3Display (HKLM\...\S3Display) (Version:  - )
S3Gamma2 (HKLM\...\S3Gamma2) (Version:  - )
S3Info2 (HKLM\...\S3Info2) (Version:  - )
S3Overlay (HKLM\...\S3Overlay) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
SkinsHP1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Sonic_PrimoSDK (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Status (Version: 60.0.155.000 - Hewlett-Packard) Hidden
TrayApp (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Unload (Version: 6.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WebReg (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Yahoo! Companion (HKLM\...\Yahoo! Companion) (Version:  - )
Yahoo! Essentials (HKLM\...\Yahoo! Essentials) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Yahoo! Login (HKLM\...\Yahoo! Login) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - )
Yahoo! Messenger Explorer Bar (HKLM\...\Yahoo! Messenger Explorer Bar) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
20-10-2014 06:49:08 System Checkpoint
20-10-2014 10:25:30 Installed AVG 2015
20-10-2014 10:29:35 Installed AVG 2015
21-10-2014 22:26:18 System Checkpoint
22-10-2014 10:00:36 Software Distribution Service 3.0
23-10-2014 10:10:20 System Checkpoint
01-01-2002 07:31:38 System Checkpoint
01-01-2002 10:09:52 Checkpoint by HitmanPro
01-01-2002 10:10:42 Checkpoint by HitmanPro
27-10-2014 22:17:35 System Checkpoint
29-10-2014 02:51:21 System Checkpoint
29-10-2014 03:51:39 Installed Epson Event Manager
29-10-2014 03:54:49 Installed Epson Connect
29-10-2014 03:56:08 Installed FAX Utility
29-10-2014 03:58:31 Installed EpsonNet Print
30-10-2014 22:23:07 System Checkpoint
02-11-2014 03:23:40 System Checkpoint
04-11-2014 06:12:17 System Checkpoint
08-11-2014 05:54:45 System Checkpoint
09-11-2014 07:05:11 System Checkpoint
10-11-2014 07:19:47 System Checkpoint
13-11-2014 01:18:01 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2002-08-01 18:32 - 2001-08-18 11:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\windows\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\windows\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{AFE64E21-2990-4F5B-AAD7-C66D88C9CEEB}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-29 16:41 - 2014-09-29 16:22 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
2014-09-29 16:41 - 2014-09-29 16:22 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\log4cplusU.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-08 20:13 - 2014-09-29 16:22 - 02575896 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2002-08-01 21:19 - 1998-12-21 00:35 - 00024576 _____ () C:\Program Files\Compaq\Easy Access Button Support\BttnSeps.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk => C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Norman^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_554B278B35F6D349FD0AE505024691BB => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3723271197-429115175-1203367206-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-3723271197-429115175-1203367206-1010 - Limited - Enabled)
Guest (S-1-5-21-3723271197-429115175-1203367206-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3723271197-429115175-1203367206-1005 - Limited - Disabled)
Norman (S-1-5-21-3723271197-429115175-1203367206-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Norman
SUPPORT_388945a0 (S-1-5-21-3723271197-429115175-1203367206-1002 - Limited - Disabled)
SUPPORT_b326ad0c (S-1-5-21-3723271197-429115175-1203367206-1004 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Compaq Easy Access PS2 Internet Keyboard
Description: Compaq Easy Access PS2 Internet Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: Compaq Computer Corporation
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2014 00:29:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 10.11.2014.0, faulting module frst.exe, version 10.11.2014.0, fault address 0x0001f3d4.
Processing media-specific event for [frst.exe!ws!]
 
Error: (11/03/2014 11:47:31 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=38.0.2125.111;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\242aebdc-59d7-46c0-b8ba-f65eef2fe9a8.dmp
 
Error: (01/01/2002 02:51:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:34 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:34 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:33 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:32 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
System errors:
=============
Error: (11/13/2014 01:14:56 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (11/13/2014 00:14:27 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (11/12/2014 11:14:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (11/12/2014 10:14:52 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (11/12/2014 08:07:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
IntelIde
viaagp1
ViaIde
 
Error: (11/12/2014 08:06:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error: 
%%2
 
Error: (11/12/2014 05:56:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The AVGIDSAgent service hung on starting.
 
Error: (11/12/2014 05:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error: 
%%2
 
Error: (11/12/2014 05:14:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (11/12/2014 04:57:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (11/13/2014 00:29:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe10.11.2014.0frst.exe10.11.2014.00001f3d4
 
Error: (11/03/2014 11:47:31 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=38.0.2125.111;lang=;guid=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\242aebdc-59d7-46c0-b8ba-f65eef2fe9a8.dmp
 
Error: (01/01/2002 02:51:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:34 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:34 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:33 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (01/01/2002 02:51:32 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 2.00GHz
Percentage of memory in use: 38%
Total physical RAM: 1022.52 MB
Available physical RAM: 633.42 MB
Total Pagefile: 2458.73 MB
Available Pagefile: 1989.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.46 MB
 
==================== Drives ================================
 
Drive c: (PRESARIO) (Fixed) (Total:55.93 GB) (Free:33.92 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: FCB1EC06)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 14 November 2014 - 09:36 AM

Please run the AdwCleaner tool one more time and clean everyting that is found.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2575896 2014-09-29] ()
HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.0.0\\npsitesafety.dll No File
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=hp
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=3.1.0.7&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com_
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&pr=fr&d=2014-04-08 21:14:34&v=3.1.0.7&pid=wtu&sg=
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-04-08]
R2 vToolbarUpdater3.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-09-29] (AVG Secure Search)
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S4 hpt3xx; No ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S2 StarOpen; No ImagePath
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-677322f1.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-802b79c2.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#10 novice3

novice3
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 15 November 2014 - 08:22 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by Norman at 2014-11-15 15:33:21 Run:1
Running from C:\Documents and Settings\Norman\Desktop\frst
Loaded Profiles: Norman & Administrator (Available profiles: Norman & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2575896 2014-09-29] ()
HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.0.0\\npsitesafety.dll No File
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=hp
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=3.1.0.7&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com_
CHR DefaultSearchURL: Default -> http://mysearch.avg.com/search?cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-08 21:14:34&v=2.1.0.3&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&pr=fr&d=2014-04-08 21:14:34&v=3.1.0.7&pid=wtu&sg=
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-04-08]
R2 vToolbarUpdater3.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-09-29] (AVG Secure Search)
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S4 hpt3xx; No ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S2 StarOpen; No ImagePath
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-677322f1.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-802b79c2.exe
 
End
*****************
 
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe => No running process found
C:\Program Files\AVG Web TuneUp\vprot.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={42E6CE59-5ED4-4F78-8E0C-E2131400F41B}&mid=0059d44cf02f47d2bc77d1a95e4be2b2-4458f724ee0abdcaf9106aca6010958bef3b3286&lang=en&ds=AVG&pr=fr&d=2014-04-08 21:14:34&v=3.1.0.7&pid=wtu&sg= => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL deleted successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully.
vToolbarUpdater3.1.0 => Service stopped successfully.
vToolbarUpdater3.1.0 => Service deleted successfully.
FreshIO => Service deleted successfully.
hpt3xx => Service deleted successfully.
iAimTV2 => Service deleted successfully.
StarOpen => Service deleted successfully.
wanatw => Service deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-677322f1.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-802b79c2.exe => Moved successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.89  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 AVG 2015     
 AVG Web TuneUp    
 AVG 2015     
`````````Anti-malware/Other Utilities Check:````````` 
 AVG Web TuneUp   
 CCleaner     
 Java 2 Runtime Environment Standard Edition v1.3.1 
 Java 7 Update 51  
 Java version out of Date! 
  Adobe Flash Player 12.0.0.77 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 8% 
````````````````````End of Log`````````````````````` 
 


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 16 November 2014 - 09:27 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 8 Update 25.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 2 Runtime Environment Standard Edition v1.3.1
Java 7 Update 51


===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 novice3

novice3
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 16 November 2014 - 05:58 PM

Attached to this post, are the error messages received while installing Java.  I was not able to attached the screen picture of the update error 1603.  Thank you for any assistance. 

Attached Files



#13 novice3

novice3
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 16 November 2014 - 07:54 PM

After uninstalling flash player and java through appwiz.cpl, I installed Java™ Platform SE 7 U71 and adobe flash player, with no errors.

 

According to SecurityCheck, Java is out of date.  I am running Windows XP Home Edition SP3.

 

 Results of screen317's Security Check version 0.99.89  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 AVG 2015     
 AVG Web TuneUp    
 AVG 2015     
`````````Anti-malware/Other Utilities Check:````````` 
 AVG Web TuneUp   
 CCleaner     
 Java 7 Update 71  
 Java version out of Date! 
 Adobe Reader XI  
 Mozilla Firefox (33.1.1) 
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 9% 
````````````````````End of Log`````````````````````` 


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 17 November 2014 - 09:11 AM

Just curious.

Check your present version again.

https://www.java.com/en/download/installed.jsp

#15 novice3

novice3
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 17 November 2014 - 07:43 PM

According to the Java applet at https://www.java.com/en/download/installed.jsp , Java is up to date version 7 update 71,

 

Thank you again for all the help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users