Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No access to admin tools, users folder and i.e.


  • This topic is locked This topic is locked
144 replies to this topic

#1 Urge21

Urge21

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 20 November 2014 - 11:20 AM

A work computer presented this message when trying to open Internet Explorer. 

 

"1 or more parts of this message could not be displayed.  

there was an error opening this message there is not enough memory.

file download
do you want to save this file
google_com.htm"

 

Google was no help.  I put 2 flash drives into the computer to access some info and later took them home and put one of them in my home computer.  Now both computers are infected (and maybe 4 more at work).    I am unable to open most of the administrative tools.  I cannot access the users folder and internet explorer will not open.  Both computers are running Windows XP.  I would greatly appreciate any suggestions.

 

Urge

 

I see that dds.exe has found a rootkit  I want to run it but I will wait for someone to show up.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 11.20.2
Run by Urge at 10:44:39 on 2014-11-20
Microsoft Windows XP Professional  5.1.2600.3.1252.61.1033.18.3062.2043 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mmm.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\VistaSwitcher\vswitch.exe
D:\Program Files\Utilities\HDD Health\HDDHealth.exe
D:\Program Files\Utilities\Core Temp\Core Temp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware.exe
D:\Program Files\SASCORE.EXE
D:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Users\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
D:\Program Files\Utilities\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Savevid\SavevidService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Savevid\SavevidWSServer.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\Savevid\SavevidPluginCore.exe
C:\Program Files\TightVNC\tvnserver.exe
D:\Program Files\Unchecky\bin\unchecky_svc.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Unchecky\bin\unchecky_bg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: SFCDisable = dword:-99
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [VistaSwitcher] "c:\program files\vistaswitcher\vswitch.exe" /startup
uRun: [HDDHealth] d:\program files\utilities\hdd health\HDDHealth.exe -wl
uRun: [Core Temp] "d:\program files\utilities\core temp\Core Temp.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\program files\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\users\urge\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced Uninstaller PRO Installation Monitor] "d:\program files\innovative solutions\advanced uninstaller pro - version 9\monitor.exe"
mRun: [PowerTweaK Menu] c:\windows\system32\mmm.exe
mRun: [TrueImageMonitor.exe] d:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
mRun: [MDS_Menu] "c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AvastUI.exe] "d:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [DAEMON Tools-1033] "d:\program files\d-tools\daemon.exe"  -lang 1033
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [VistaSwitcher] "c:\program files\vistaswitcher\vswitch.exe" /startup
dRunOnce: [SD_1] rundll32 advpack.dll,LaunchINFSectionEx XPSDHPID.inf,L,,4,N
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\users\urge\startm~1\programs\startup\stoicj~1.lnk - d:\program files\utilities\t-clock 2010 (build 95)\t-clock 2010 (build x - release to dc)\win32\Clock.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\what's~1.lnk - d:\program files\what's my computer doing\WhatsMyComputerDoing.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:36
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: StartMenuFavorites = dword:1
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1333636797562
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354118565828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354118550890
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://paychexeservices.webex.com/client/T29L/support/ieatgpc.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B3DDAF63-8AE1-43CB-9BF6-8B4A8EF86FD6} : DHCPNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= prio.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\SASSEH.DLL
SecurityProviders: SecurityProviders = schannel.dll, credssp.dll, digest.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\urge\application data\mozilla\firefox\profiles\jpekglj6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\olympus\ib utilities\firefox plugin\npIbInst.dll
FF - plugin: c:\users\urge\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\urge\local settings\application data\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_189.dll
FF - plugin: d:\program files\mozilla firefox\browser\plugins\npatgpc.dll
FF - plugin: d:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: d:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
FF - ExtSQL: !HIDDEN! 2011-03-03 10:02; {37E4D8EA-8BDA-4831-8EA1-89053939A250}; c:\users\urge\application data\mozilla\firefox\profiles\jpekglj6.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
FF - ExtSQL: !HIDDEN! 2013-09-23 13:41; daplinkchecker@speedbit.com; c:\program files\dap\daplinkchecker
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-10-7 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [2010-10-7 252872]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-27 192352]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-3-18 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-3-18 5248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-3-20 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2010-10-7 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2010-10-7 414520]
R1 Prio;Prio;c:\windows\system32\drivers\prio.sys [2010-10-5 34064]
R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;d:\program files\SASCORE.EXE [2010-6-29 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-27 67824]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-10-7 50344]
R2 avast! Firewall;avast! Firewall;d:\program files\alwil software\avast5\afwServ.exe [2010-10-7 106488]
R2 Freemake Improver;Freemake Improver;c:\users\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-1-2 100864]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;d:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-1-16 198136]
R2 SavevidService;SavevidService;c:\program files\savevid\SavevidService.exe [2014-7-19 796152]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-11-26 659040]
R2 TTFixerService;NST ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2010-10-5 10240]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2013-7-19 1690096]
R2 Unchecky;Unchecky;d:\program files\unchecky\bin\unchecky_svc.exe [2014-11-4 111208]
R3 ALSysIO;ALSysIO;\??\j:\temp\alsysio.sys --> j:\temp\ALSysIO.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-10-8 159400]
R3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2013-8-4 17432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-6 1684736]
S3 cpuz136;cpuz136;\??\j:\temp\cpuz136\cpuz136_x32.sys --> j:\temp\cpuz136\cpuz136_x32.sys [?]
S3 FUTUREX;FUTUREX;d:\program files\utilities\aida32pe_375\aida32.sys [2010-10-6 3907]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-4 114904]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2012-1-22 21648]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-11-26 1225312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-11-18 23:32:38    --------    d-----w-    C:\AdwCleaner
2014-11-18 16:42:00    --------    d-----w-    c:\program files\ESET
2014-11-18 16:39:16    263072    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2014-11-04 20:25:24    --------    d-----w-    c:\users\all users\application data\Unchecky
2014-11-04 19:20:44    --------    d-----w-    c:\users\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-11-04 18:22:30    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-04 18:22:19    54232    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-04 18:22:19    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
==================== Find3M  ====================
.
2014-10-18 16:43:16    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-18 16:43:16    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-25 05:12:59    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-08-25 05:12:57    146432    ----a-w-    c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xFC5505D0]<<
_asm { JMP 0x4;  }
1 nt!IofCallDriver[0xE0B91311] -> \Device\Harddisk0\DR0[0xFC889AB8]
3 CLASSPNP[0xF62D4FD7] -> nt!IofCallDriver[0xE0B91311] -> \Device\0000007c[0xFC844930]
5 ACPI[0xF6114620] -> nt!IofCallDriver[0xE0B91311] -> \Device\Ide\IdeDeviceP4T0L0-14[0xFC886D98]
\Driver\atapi[0xFC973878] -> IRP_MJ_CREATE -> 0xFC5505D0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi -> 0xfc5505d0
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 10:44:54.98 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/05/2010 7:24:59 PM
System Uptime: 11/20/2014 10:19:32 AM (0 hours ago)
.
Motherboard: DFI |  | LP DK P55-T3eH9
Processor: Intel® Core™ i3 CPU         530  @ 2.93GHz | CPU 1 | 2940/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 4.012 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 70.456 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 92.822 GiB free.
F: is FIXED (NTFS) - 176 GiB total, 54.47 GiB free.
G: is FIXED (NTFS) - 206 GiB total, 93.348 GiB free.
H: is CDROM ()
I: is FIXED (FAT32) - 2 GiB total, 0.006 GiB free.
J: is FIXED (NTFS) - 8 GiB total, 1.988 GiB free.
K: is FIXED (NTFS) - 195 GiB total, 32.874 GiB free.
L: is FIXED (NTFS) - 146 GiB total, 34.948 GiB free.
M: is FIXED (NTFS) - 114 GiB total, 29.572 GiB free.
N: is CDROM ()
O: is Removable
P: is Removable
Q: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP695: 11/20/2014 10:13:13 AM - Installed Microsoft Fix it 50267
.
==== Hosts File Hijack ======================
.
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
Hosts: 0.0.0.0 api.opencandy.com
Hosts: 0.0.0.0 installer.betterinstaller.com
Hosts: 0.0.0.0 installer.filebulldog.com
Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
Hosts: 0.0.0.0 inno.bisrv.com
Hosts: 0.0.0.0 nsis.bisrv.com
Hosts: 0.0.0.0 cdn.file2desktop.com
Hosts: 0.0.0.0 cdn.goateastcach.us
Hosts: 0.0.0.0 cdn.guttastatdk.us
Hosts: 0.0.0.0 cdn.inskinmedia.com
Hosts: 0.0.0.0 cdn.insta.oibundles2.com
Hosts: 0.0.0.0 cdn.insta.playbryte.com
Hosts: 0.0.0.0 cdn.llogetfastcach.us
Hosts: 0.0.0.0 cdn.montiera.com
Hosts: 0.0.0.0 cdn.msdwnld.com
Hosts: 0.0.0.0 cdn.mypcbackup.com
Hosts: 0.0.0.0 cdn.ppdownload.com
Hosts: 0.0.0.0 cdn.riceateastcach.us
Hosts: 0.0.0.0 cdn.shyapotato.us
Hosts: 0.0.0.0 cdn.solimba.com
Hosts: 0.0.0.0 cdn.tuto4pc.com
Hosts: 0.0.0.0 cdn.appround.biz
Hosts: 0.0.0.0 cdn.bigspeedpro.com
Hosts: 0.0.0.0 cdn.bispd.com
Hosts: 0.0.0.0 cdn.bisrv.com
Hosts: 0.0.0.0 cdn.cdndp.com
Hosts: 0.0.0.0 cdn.download.sweetpacks.com
Hosts: 0.0.0.0 cdn.dpdownload.com
Hosts: 0.0.0.0 cdn.visualbee.net
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx D4 4.5.1 Decoder (remove only)
7-Zip 9.20
A1
Acronis True Image WD Edition
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.5
Advanced Uninstaller PRO 9.6.0.40
Alarm Clock v1.0
Alchemy and Bejeweled Pack
Any Video Converter 3.5.8
Apple Application Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
Attribute Changer 6.20
Audacity 2.0.3
avast! Internet Security
Belarc Advisor 8.1
BLM 2.7.7
CamStudio 2.7.2
CDex extraction audio
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
ConvertXtoDVD Portable 4.0.12.327
Core Temp version 0.99.7
CPUID CPU-Z 1.55
DAEMON Tools
Data Lifeguard Tools
DVD Audio Extractor 7.1.1
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD2one V2.3.1
DVD43 Plug-in v1.0.0.6
DVD43 v3.7.0
DVDAux 1.0.0
DVDFab 8.1.3.8 (09/12/2011) Qt
DVDFab Inspector version 1.2.0.0
EaseUS Data Recovery Wizard Free Edition 5.5.1
eMule
ESET Online Scanner v3
Everest Ultimate Edition 5.50.2169
eXPander
Family Tree Maker 2012
FFmpeg v0.6.2 for Audacity
FileHippo.com Update Checker
foobar2000 v1.2.9
Free M4a to MP3 Converter 7.2
Freemake Video Converter version 3.2.1
GlobeReader
Google Chrome
Google Earth Plug-in
Google Update Helper
HandBrake 0.9.5
HashCheck Shell Extension (x86-32)
HDD Health v3.3 Beta
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB971276-v3)
ImgBurn
Intel® Network Connections 14.4.0.0
Internet Explorer (Enable DEP)
IrfanView (remove only)
Java 8 Update 20
Java Auto Updater
Kels' CPL Bonus Pack!
LAME v3.99.3 (for Windows)
Layer III Audio Encoder
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 SR-1 Premium
Microsoft SQL Server Desktop Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
Mobipocket Reader 6.2
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 31.2.0 (x86 en-US)
MP3reduce II v3
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nitro Reader 2
Olympus ib
Open Command Prompt Shell Extension (x86-32)
Open Selected URL - IE Extension
PC Wizard 2008 2008.1.8.4
PCWin Speaker Recorder
PDF-Viewer
PerfectDisk 11 Professional
PowerTweaK Menu (mmm)
PrimoPDF -- brought to you by Nitro PDF Software
Prio v1.9.8
QuickTime 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RefreshEM
RegShot
RegTeaks
Relaxing Rhythms
Resource Hacker
REX CRIBBAGE
Savevid
Secunia PSI (3.0.0.6001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SendTo Xtras
Service Tweaker
Silent Hunter Wolves of the Pacific
SIW version 2010.07.14
Spotify
Steam
SUPERAntiSpyware
SysInternals Programs Collection v3.7
System Requirements Lab for Intel
TagScanner 5.1.649
TapinRadio 1.58
The Elder Scrolls V: Skyrim
The Passage
TightVNC
Tomb Raider: Anniversary 1.0
ToolTipFixer 1.0.1
Unchecky v0.3.3
Universal Extractor
Unlocker v1.8.9
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
ViewSonic Monitor Drivers
VistaSwitcher
VLC media player 2.1.3
WebFldrs XP
What's my computer doing 1.xx
WIDCOMM Bluetooth Software
Wild Divine Grapher
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows IP Configuration Manager 2.7.2.80
Windows Media Encoder 9 Series
Windows PowerShell™ 1.0
Wisdom Quest
XBMC
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
11/18/2014 6:53:11 PM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:11 PM, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:11 PM, error: Service Control Manager [7031]  - The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The Unchecky service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The Secunia Update Agent service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The SavevidService service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The PDAgent service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The NST ToolTipFixer service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The NitroPDFReaderDriverCreatorReadSpool2 service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The MSSQLSERVER service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7034]  - The Acronis Scheduler2 Service service terminated unexpectedly.  It has done this 1 time(s).
11/18/2014 6:53:10 PM, error: Service Control Manager [7031]  - The TightVNC Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/18/2014 6:53:10 PM, error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/18/2014 6:53:10 PM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/16/2014 11:02:56 AM, error: Service Control Manager [7022]  - The Freemake Improver service hung on starting.
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 25 November 2014 - 11:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556953 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 25 November 2014 - 11:58 AM

In addition to these symptoms that I posted earlier,  "I am unable to open most of the administrative tools.  I cannot access the users folder and internet explorer will not open."  There is no option to start in safe mode. 

 

UrgeAttached File  dds.zip   5.67KB   0 downloadsAttached File  attach.zip   4.77KB   0 downloads

 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:32 AM

Posted 27 November 2014 - 10:00 AM

Greetings Urge21 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please see if you are able to run these. If you can't run one, simply move on to the next program.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • aswMBR log
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 27 November 2014 - 10:01 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 27 November 2014 - 12:09 PM

Hi Oh My!,  OK, I ran all the tests, here they are.

 

ComboFix 14-11-25.01 - Urge 11/27/2014  10:46:14.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.61.1033.18.3062.2254 [GMT -5:00]
Running from: c:\users\Urge\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\All Users\Application Data\TEMP
c:\users\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
c:\users\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\users\All Users\ntuser.pol
c:\users\Urge\Application Data\dvdae
c:\users\Urge\Application Data\dvdae\dvdae.config
c:\users\Urge\Application Data\dvdae\dvdae.lic
c:\windows\daemon.dll
c:\windows\msdownld.tmp
c:\windows\system32\ReForce-Instruct.htm
c:\windows\system32\ShellExt\clipname.dll
c:\windows\system32\ShellExt\CmdOpen.dll
G:\install.exe
.
c:\windows\system32\midimap.dll . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-27 to 2014-11-27  )))))))))))))))))))))))))))))))
.
.
2014-11-21 16:17 . 2014-11-21 16:17    291352    ----a-w-    c:\windows\system32\aswBoot.exe
2014-11-21 16:17 . 2014-11-21 16:17    43152    ----a-w-    c:\windows\avastSS.scr
2014-11-20 16:40 . 2014-11-20 16:40    89088    ----a-w-    C:\mbr.exe
2014-11-18 23:32 . 2014-11-19 21:24    --------    d-----w-    C:\AdwCleaner
2014-11-18 16:42 . 2014-11-18 16:42    --------    d-----w-    c:\program files\ESET
2014-11-18 16:39 . 2013-09-02 07:58    263072    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2014-11-04 20:25 . 2014-11-04 20:25    --------    d-----w-    c:\users\All Users\Application Data\Unchecky
2014-11-04 19:20 . 2014-11-04 19:55    --------    d-----w-    c:\users\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-04 18:22 . 2014-11-19 21:33    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-04 18:22 . 2014-11-04 19:19    54232    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-04 18:22 . 2014-10-01 16:11    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-22 04:17 . 2010-10-07 19:32    787800    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-11-21 16:17 . 2010-10-07 19:32    423784    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-11-21 16:17 . 2014-05-04 16:35    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-11-21 16:17 . 2013-03-27 14:18    206248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-11-21 16:17 . 2013-03-27 14:18    70384    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-11-21 16:17 . 2013-03-27 14:18    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 16:17 . 2010-10-07 19:32    55240    ----a-w-    c:\windows\system32\drivers\aswrdr.sys
2014-11-21 16:17 . 2010-10-07 19:32    57928    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-11-21 16:17 . 2012-03-20 18:55    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-11-21 16:16 . 2010-10-07 19:32    253640    ----a-w-    c:\windows\system32\drivers\aswndis2.sys
2014-10-18 16:43 . 2012-04-11 13:33    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-18 16:43 . 2011-06-23 15:52    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-06-17 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2010-06-17 11:19 . 403EBA8EE2967BA93E07138400972EE3 . 1443840 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2010-06-17 . 50D6EE240E804F638D88E26200D37670 . 570368 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe
.
[7] 2014-04-30 . 3DB2624CCB1663BF6D62311B2B9E7B55 . 6022144 . . [8.00.6001.23588] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2014-03-06 . 0964EFC80BD54FDF37397A09FDAE8395 . 6021632 . . [8.00.6001.23580] . . c:\windows\ie8updates\KB2964358-IE8\mshtml.dll
[7] 2014-02-24 . 427C63C2075ABF62FAA897BBD3DE44F4 . 6022144 . . [8.00.6001.23569] . . c:\windows\ie8updates\KB2936068-IE8\mshtml.dll
[7] 2014-02-05 . 516E371CC348141277A73EB9D3C25951 . 6021120 . . [8.00.6001.23562] . . c:\windows\ie8updates\KB2925418-IE8\mshtml.dll
[7] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\ie8updates\KB2909921-IE8\mshtml.dll
[7] 2012-11-13 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\ie8updates\KB2799329-IE8\mshtml.dll
[7] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\ie8updates\KB2761465-IE8\mshtml.dll
[7] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\ie8updates\KB2744842-IE8\mshtml.dll
[7] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-06-17 . F850935CE53640BE7AA71D8124578984 . 6093824 . . [8.00.6001.23022] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
.
[-] 2010-06-17 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2010-06-17 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . 200EA506B86F7E9E6C37820D2BB5F39B . 210944 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-06-17 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
.
[-] 2010-06-17 . 448937CF6D5D4A4009532DF67B205F92 . 32256 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
c:\windows\System32\mshtml.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-21 16:17    723976    ----a-w-    d:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch.exe" [2010-01-24 191440]
"HDDHealth"="d:\program files\Utilities\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
"Core Temp"="d:\program files\Utilities\Core Temp\Core Temp.exe" [2010-08-29 439824]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [2014-10-07 6692632]
"Advanced Uninstaller PRO Installation Monitor"="d:\program files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe" [2008-11-26 1340389]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerTweaK Menu"="c:\windows\system32\mmm.exe" [2005-07-04 828416]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-06-07 2605424]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-06-07 362488]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"AvastUI.exe"="d:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-11-21 5226600]
"DAEMON Tools-1033"="d:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2005-12-05 691200]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2014-01-17 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 1690096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2010-06-17 37376]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch.exe" [2010-01-24 191440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SD_1"="advpack.dll" [2009-03-07 128512]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
c:\users\Urge\Start Menu\Programs\Startup\
Stoic Joker's T-Clock 2010.lnk - d:\program files\Utilities\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe [2011-3-15 243200]
.
c:\users\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2005-5-3 81920]
What's my computer doing.lnk - d:\program files\What's my computer doing\WhatsMyComputerDoing.exe /FromAutostart [2011-12-15 275296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SASSEH.DLL" [2011-08-07 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"k:\\Program Files\\Steam.exe"=
"c:\\Users\\Urge\\Application Data\\Spotify\\spotify.exe"=
"k:\\Program Files\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Users\\Urge\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\tvnviewer.exe"=
"d:\\Program Files\\XBMC\\XBMC.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35975:TCP"= 35975:TCP:eMule
"23437:UDP"= 23437:UDP:eMule
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [10/07/2010 2:32 PM 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [10/07/2010 2:32 PM 253640]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [03/27/2013 9:18 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [03/27/2013 9:18 AM 206248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [03/20/2012 1:55 PM 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [10/07/2010 2:32 PM 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [10/07/2010 2:32 PM 423784]
R1 Prio;Prio;c:\windows\system32\drivers\prio.sys [10/05/2010 6:14 PM 34064]
R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [02/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [05/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;d:\program files\SASCORE.EXE [06/29/2010 12:48 PM 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [05/04/2014 11:35 AM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [03/27/2013 9:18 AM 70384]
R2 avast! Firewall;avast! Firewall;d:\program files\Alwil Software\Avast5\afwServ.exe [10/07/2010 2:32 PM 104416]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;d:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [01/16/2012 8:44 AM 198136]
R2 SavevidService;SavevidService;c:\program files\Savevid\SavevidService.exe [07/19/2014 3:09 PM 796152]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [11/26/2012 9:09 AM 659040]
R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [10/05/2010 6:15 PM 10240]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [07/19/2013 11:12 AM 1690096]
R2 Unchecky;Unchecky;d:\program files\Unchecky\bin\unchecky_svc.exe [11/04/2014 3:25 PM 111208]
R3 ALSysIO;ALSysIO;\??\j:\temp\ALSysIO.sys --> j:\temp\ALSysIO.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/08/2010 12:29 PM 159400]
R3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [08/04/2013 4:59 PM 17432]
S2 Freemake Improver;Freemake Improver;c:\users\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [01/02/2013 4:07 PM 100864]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/06/2010 5:01 AM 1684736]
S3 cpuz136;cpuz136;\??\j:\temp\cpuz136\cpuz136_x32.sys --> j:\temp\cpuz136\cpuz136_x32.sys [?]
S3 FUTUREX;FUTUREX;d:\program files\Utilities\aida32pe_375\aida32.sys [10/06/2010 10:26 PM 3907]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [11/04/2014 1:22 PM 114904]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [01/22/2012 11:20 AM 21648]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [09/01/2010 3:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [11/26/2012 9:09 AM 1225312]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [03/18/2011 3:19 PM 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [03/18/2011 3:19 PM 5248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/05/2010 6:23 PM 697328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:43]
.
2014-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-11-27 c:\windows\Tasks\avast! Emergency Update.job
- d:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21 16:17]
.
2014-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-29 03:39]
.
2014-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-29 03:39]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-963894560-1177238915-1004Core1cc20522bb415f2.job
- c:\users\Urge\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-25 21:30]
.
2014-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-963894560-1177238915-1004UA.job
- c:\users\Urge\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-25 21:30]
.
2014-11-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2014-11-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: !HIDDEN! 2011-03-03 10:02; {37E4D8EA-8BDA-4831-8EA1-89053939A250}; c:\users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
FF - ExtSQL: !HIDDEN! 2013-09-23 13:41; daplinkchecker@speedbit.com; c:\program files\DAP\daplinkchecker
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-27 10:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-963894560-1177238915-1004\Software\SecuROM\License information*]
"datasecu"=hex:3f,ed,66,53,93,c2,45,c3,05,67,02,f7,20,bb,8c,fe,4d,29,f6,0b,9c,
   86,f8,a5,fa,54,83,25,9e,c5,56,d9,98,14,03,68,fa,a7,6d,0b,2d,b8,0e,61,c0,c6,\
"rkeysecu"=hex:dd,bb,ab,31,d1,cd,f0,30,a5,16,07,5b,15,34,a0,f0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1396)
c:\windows\system32\SETUPAPI.dll
c:\program files\Prio\prio.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1452)
c:\program files\Prio\prio.dll
c:\windows\system32\setupapi.dll
.
Completion time: 2014-11-27  10:52:02
ComboFix-quarantined-files.txt  2014-11-27 15:52
.
Pre-Run: 4,043,538,432 bytes free
Post-Run: 4,615,675,904 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"  /noexecute=alwaysoff /fastdetect /3gb /noexecute=alwaysoff
.
- - End Of File - - 396F4697AFEC5E25ED19352C265CA7E6
8F558EB6672622401DA993E1E865C861
 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-27 11:04:13
-----------------------------
11:04:13.468    OS Version: Windows 5.1.2600 Service Pack 3
11:04:13.468    Number of processors: 4 586 0x2502
11:04:13.468    ComputerName: SPLURGE  UserName: Urge
11:04:13.656    Initialize success
11:04:13.671    VM: initialized successfully
11:04:13.671    VM: Intel CPU supported
11:04:20.171    VM: supported disk I/O atapi.sys
11:04:23.703    AVAST engine defs: 14112601
11:05:40.343    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14
11:05:40.343    Disk 0 Vendor:   Size: 0MB BusType: 0
11:05:40.343    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-1f
11:05:40.343    Disk 1 Vendor: WDC_WD5000AAKS-22V1A0 05.01D05 Size: 476940MB BusType: 3
11:05:40.437    VM: Disk 0 MBR read successfully
11:05:40.453    Disk 0 MBR scan
11:05:40.453    Disk 0 Windows XP default MBR code
11:05:40.453    Disk 0 MBR hidden
11:05:40.453    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        20002 MB offset 63
11:05:40.453    Disk 0 default boot code
11:05:40.468    Disk 0 Partition - 00     05     Extended            590475 MB offset 40965750
11:05:40.468    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99998 MB offset 40965813
11:05:40.468    Disk 0 Partition - 00     05     Extended             99998 MB offset 245762370
11:05:40.500    Disk 0 scanning C:\WINDOWS\system32\drivers
11:05:44.578    Service scanning
11:05:51.140    Modules scanning
11:05:51.140    Disk 0 trace - called modules:
11:05:51.156    ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll dvd43llh.sys atapi.sys pciide.sys PCIIDEX.SYS
11:05:51.156    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfc839ab8]
11:05:51.156    3 CLASSPNP.SYS[f62d4fd7] -> nt!IofCallDriver -> \Device\0000007a[0xfc972298]
11:05:51.156    5 ACPI.sys[f624b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-14[0xfc8f5d98]
11:05:51.156    \Driver\atapi[0xfc973ac0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> dvd43llh.sys[0xf6645b20]
11:05:51.359    AVAST engine scan C:\WINDOWS
11:05:55.125    AVAST engine scan C:\WINDOWS\system32
11:07:02.234    AVAST engine scan C:\WINDOWS\system32\drivers
11:07:07.734    AVAST engine scan C:\Users\Urge
11:33:14.937    AVAST engine scan C:\Users\All Users
11:48:54.500    Disk 0 statistics 3044979/0/18 @ 0.61 MB/s
11:48:54.515    Scan finished successfully
11:49:55.500    Disk 0 MBR has been saved successfully to "C:\Users\Urge\Desktop\MBR.dat"
11:49:55.515    The log file has been saved successfully to "C:\Users\Urge\Desktop\aswMBR.txt"


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Urge (administrator) on SPLURGE on 27-11-2014 11:51:26
Running from C:\Users\Urge\Desktop
Loaded Profile: Urge (Available profiles: Urge & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) D:\Program Files\Alwil Software\Avast5\afwServ.exe
(Acronis) D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\ib\olycamdetect.exe
(AVAST Software) D:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files\dvd43\DVD43_Tray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(SUPERAntiSpyware.com) D:\Program Files\SASCORE.EXE
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(NTWind Software) C:\Program Files\VistaSwitcher\vswitch.exe
(PANTERASoft) D:\Program Files\Utilities\HDD Health\hddhealth.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() D:\Program Files\Utilities\Core Temp\Core Temp.exe
(SUPERAntiSpyware) D:\Program Files\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Innovative Solutions GRUP SRL) D:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\Monitor.exe
(Broadcom Corporation.) D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Stoic Joker's Network) D:\Program Files\Utilities\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe
(Nitro PDF Software) D:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
() C:\Program Files\Savevid\SavevidService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
() C:\Program Files\Savevid\SavevidWSServer.exe
(Bandoo Media Inc.) C:\Program Files\Savevid\SavevidPluginCore.exe
(NeoSmart Technologies) C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(RaMMicHaeL) D:\Program Files\Unchecky\bin\unchecky_svc.exe
(Broadcom Corporation.) D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(RaMMicHaeL) D:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PowerTweaK Menu] => C:\WINDOWS\system32\mmm.exe [828416 2005-07-04] ()
HKLM\...\Run: [TrueImageMonitor.exe] => D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2605424 2010-06-07] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [362488 2010-06-07] (Acronis)
HKLM\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [96128 2012-02-02] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\Alwil Software\Avast5\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
HKLM\...\Run: [DAEMON Tools-1033] => D:\Program Files\D-Tools\daemon.exe [81920 2004-08-22] (DAEMON'S HOME)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [dvd43] => C:\Program Files\dvd43\dvd43_tray.exe [691200 2005-12-05] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => D:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoft LLC.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [StartMenuFavorites] 1
HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Run: [VistaSwitcher] => C:\Program Files\VistaSwitcher\vswitch.exe [191440 2010-01-24] (NTWind Software)
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Run: [HDDHealth] => D:\Program Files\Utilities\HDD Health\HDDHealth.exe [1692672 2008-06-14] (PANTERASoft)
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Run: [Core Temp] => D:\Program Files\Utilities\Core Temp\Core Temp.exe [439824 2010-08-28] ()
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Run: [SUPERAntiSpyware] => D:\Program Files\SUPERAntiSpyware.exe [6692632 2014-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Run: [Advanced Uninstaller PRO Installation Monitor] => D:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe [1340389 2008-11-26] (Innovative Solutions GRUP SRL)
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [VistaSwitcher] => C:\Program Files\VistaSwitcher\vswitch.exe [191440 2010-01-24] (NTWind Software)
HKU\S-1-5-18\...\RunOnce: [SD_1] => rundll32 advpack.dll,LaunchINFSectionEx XPSDHPID.inf,L,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1
SecurityProviders: schannel.dll, credssp.dll, digest.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> D:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\What's my computer doing.lnk
ShortcutTarget: What's my computer doing.lnk -> D:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe ()
Startup: C:\Users\Urge\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010.lnk -> D:\Program Files\Utilities\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe (Stoic Joker's Network)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPFD564F0D-3F57-49E1-AA8A-947ADE83DE13&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {0DE1540D-8694-4C92-9979-41EC92F4699F} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {13BFC7D1-5097-4DF3-8DB0-DE7DF54EAB58} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {19F1959D-9717-4DE1-B371-E52E8A6DF88C} URL = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {1F2A8B8F-FE53-4C67-A601-FBD49846649A} URL = http://www.expedia.com/daily/exl/search.asp?q={searchTerms}&source=ie7
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {35131AD1-EE23-4CC4-98E6-77DBBEA540B4} URL = http://www.target.com/gp/search.html?field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {497E1CCD-FA6F-4539-8E95-B97C07605DEB} URL = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL =
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {CDFBCF39-CCFB-405F-930E-9BCE4421D778} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {E85C5EAA-D024-4D9A-A871-4977606CB4BF} URL = http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {EE26FBD1-2F5F-493A-8CA1-6426632536E5} URL = http://www.weather.com/search/enhanced?where={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {F1F06197-D83A-4232-933F-D7325B23A566} URL = http://search.espn.go.com/keyword/search?searchString={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {F203491B-27E3-463D-B1E9-62A6C65D094D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1844237615-963894560-1177238915-1004 -> {F6C461B6-B34D-414D-A9FD-607E6452D474} URL = http://search.about.com/fullsearch.htm?terms={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll No File
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1333636797562
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://paychexeservices.webex.com/client/T29L/support/ieatgpc.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SASSEH.DLL [113024 2011-08-07] (SuperAdBlocker.com)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> D:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin: @olympus-imaging.jp/npIbInst -> C:\Program Files\OLYMPUS\ib Utilities\Firefox Plugin\npIbInst.dll (OLYMPUS IMAGING CORP.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1844237615-963894560-1177238915-1004: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1844237615-963894560-1177238915-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-963894560-1177238915-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Urge\Application Data\mozilla\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Urge\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\searchplugins\not-as-cool-as-it-seems.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: DoNotTrackMe - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\donottrackplus@abine.com [2013-08-14]
FF Extension: HTTPS-Everywhere - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\https-everywhere@eff.org [2014-10-15]
FF Extension: Toolbar Buttons - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2014-11-23]
FF Extension: ColorfulTabs - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-11-27]
FF Extension: WOT - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: DownloadHelper - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: CSHelper - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2013-07-10]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-10-22]
FF Extension: NoScript - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-24]
FF Extension: Adblock Plus - C:\Users\Urge\Application Data\Mozilla\Firefox\Profiles\jpekglj6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - D:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-10]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - D:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - D:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-01-02]
FF Extension: No Name - fmconverter@gmail.com [Not Found]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Urge\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Entanglement) - C:\Users\Urge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-25]
CHR Extension: (Poppit) - C:\Users\Urge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Urge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Urge\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; D:\Program Files\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [817264 2010-06-07] (Acronis)
R2 avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R2 avast! Firewall; D:\Program Files\Alwil Software\Avast5\afwServ.exe [104416 2014-11-21] (AVAST Software)
R2 btwdins; D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [349528 2009-08-14] (Broadcom Corporation.)
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [55296 2010-06-17] (Microsoft Corporation) [File not signed]
S2 Freemake Improver; C:\Users\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-09-07] (Freemake) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [53248 2010-06-17] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [113664 2010-06-17] (Microsoft Corporation) [File not signed]
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool2; D:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [198136 2012-01-16] (Nitro PDF Software)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1570056 2011-03-15] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [1475848 2011-03-15] (Raxco Software, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SavevidService; C:\Program Files\Savevid\SavevidService.exe [796152 2014-02-05] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) [File not signed]
R2 TTFixerService; C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [10240 2007-06-26] (NeoSmart Technologies) [File not signed]
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoft LLC.)
R2 Unchecky; D:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-11-23] (RaMMicHaeL)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-11-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2014-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533152 2009-08-17] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991264 2009-07-09] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [56992 2009-05-11] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [45984 2009-06-21] (Broadcom Corporation.)
S4 d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [155136 2004-08-22] ( ) [File not signed]
S4 d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [5248 2004-08-22] ( ) [File not signed]
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [135184 2010-04-07] (Raxco Software, Inc.)
R3 dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [18816 2013-11-22] (RIF) [File not signed]
R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [159400 2009-06-19] (Intel Corporation)
S3 FUTUREX; D:\Program Files\Utilities\aida32pe_375\aida32.sys [3907 2003-08-07] () [File not signed]
R3 HPEWSFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [17432 2009-02-25] (Hewlett Packard)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-19] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 OlyCamComm; C:\WINDOWS\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R1 Prio; C:\WINDOWS\System32\drivers\prio.sys [34064 2008-02-02] (Xeno)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [4078400 2010-01-27] (Realtek Semiconductor Corp.)
R1 SASDIFSV; D:\Program Files\SASDIFSV.SYS [12880 2011-08-07] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\SASKUTIL.SYS [67664 2011-08-07] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [697328 2010-10-05] (Duplex Secure Ltd.)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2010-06-17] (Microsoft Corporation) [File not signed]
R3 ALSysIO; \??\J:\Temp\ALSysIO.sys [X]
U3 catchme; \??\J:\Temp\catchme.sys [X]
S3 cpuz136; \??\J:\TEMP\cpuz136\cpuz136_x32.sys [X]
U5 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
S4 IntelIde; No ImagePath
U4 WmdmPmSp; No ImagePath
U3 aswMBR; \??\J:\Temp\aswMBR.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 11:51 - 2014-11-27 11:52 - 00030020 _____ () C:\Users\Urge\Desktop\FRST.txt
2014-11-27 11:51 - 2014-11-27 11:51 - 00000000 ____D () C:\FRST
2014-11-27 11:49 - 2014-11-27 11:49 - 00002654 _____ () C:\Users\Urge\Desktop\aswMBR.txt
2014-11-27 11:49 - 2014-11-27 11:49 - 00000512 _____ () C:\Users\Urge\Desktop\MBR.dat
2014-11-27 11:01 - 2014-11-27 11:01 - 01109504 _____ (Farbar) C:\Users\Urge\Desktop\FRST.exe
2014-11-27 10:56 - 2014-11-27 10:56 - 05198336 _____ (AVAST Software) C:\Users\Urge\Desktop\aswMBR.exe
2014-11-27 10:52 - 2014-11-27 10:52 - 00020938 _____ () C:\ComboFix.txt
2014-11-27 10:45 - 2014-11-27 10:45 - 00000000 _RSHD () C:\cmdcons
2014-11-27 10:45 - 2014-03-07 12:40 - 00000241 _____ () C:\Boot.bak
2014-11-27 10:45 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-11-27 10:43 - 2014-11-27 10:52 - 00000000 ____D () C:\Qoobox
2014-11-27 10:43 - 2014-11-27 10:50 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-27 10:43 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-27 10:43 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-27 10:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-27 10:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-27 10:43 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-27 10:43 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-27 10:43 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-27 10:43 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-27 10:35 - 2014-11-27 10:35 - 05599228 ____R (Swearware) C:\Users\Urge\Desktop\ComboFix.exe
2014-11-25 11:50 - 2014-11-25 11:50 - 00004889 _____ () C:\Users\Urge\Desktop\attach.zip
2014-11-25 11:49 - 2014-11-25 11:49 - 00018632 _____ () C:\Users\Urge\Desktop\attach.txt
2014-11-25 11:49 - 2014-11-25 11:49 - 00016609 _____ () C:\Users\Urge\Desktop\dds.txt
2014-11-25 11:49 - 2014-11-25 11:49 - 00005801 _____ () C:\Users\Urge\Desktop\dds.zip
2014-11-23 15:28 - 2014-11-23 15:29 - 00002153 _____ () C:\Users\All Users\Start Menu\Programs\DBXpress.lnk
2014-11-21 15:02 - 2014-11-21 15:02 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-21 11:17 - 2014-11-21 11:17 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-21 11:17 - 2014-11-21 11:17 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-21 11:17 - 2014-11-21 11:17 - 00000898 _____ () C:\Users\All Users\Desktop\Avast SafeZone.lnk
2014-11-21 11:17 - 2014-11-21 11:17 - 00000838 _____ () C:\Users\All Users\Desktop\Avast Internet Security.lnk
2014-11-21 11:17 - 2014-11-21 11:17 - 00000000 ____D () C:\Users\All Users\Start Menu\Programs\AVAST Software
2014-11-20 11:51 - 2014-11-20 11:51 - 00000862 _____ () C:\Users\Urge\Desktop\defogger_disable.log
2014-11-20 11:51 - 2014-11-20 11:51 - 00000072 _____ () C:\Users\Urge\defogger_reenable
2014-11-20 11:50 - 2014-11-20 11:50 - 00050477 _____ () C:\Users\Urge\Desktop\Defogger.exe
2014-11-20 11:40 - 2014-11-20 11:40 - 00089088 _____ () C:\mbr.exe
2014-11-20 10:44 - 2014-11-25 11:47 - 00018632 _____ () C:\Users\Urge\Desktop\attach0.txt
2014-11-20 10:44 - 2014-11-25 11:47 - 00016609 _____ () C:\Users\Urge\Desktop\dds0.txt
2014-11-19 18:34 - 2014-11-19 18:33 - 00132597 _____ () C:\Users\Urge\Desktop\Flash_Disinfector.exe
2014-11-19 18:06 - 2014-11-25 11:38 - 00688992 ____R (Swearware) C:\Users\Urge\Desktop\dds.com
2014-11-18 18:32 - 2014-11-19 16:24 - 00000000 ____D () C:\AdwCleaner
2014-11-18 11:42 - 2014-11-18 11:42 - 00000000 ____D () C:\Program Files\ESET
2014-11-18 11:39 - 2013-09-02 02:58 - 00263072 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-11-17 16:04 - 2014-11-17 16:04 - 00000679 _____ () C:\Users\Urge\Desktop\OE error message.txt
2014-11-04 15:25 - 2014-11-04 15:25 - 00000608 _____ () C:\Users\All Users\Desktop\Unchecky.lnk
2014-11-04 15:25 - 2014-11-04 15:25 - 00000000 ____D () C:\Users\All Users\Start Menu\Programs\Unchecky
2014-11-04 15:25 - 2014-11-04 15:25 - 00000000 ____D () C:\Users\All Users\Application Data\Unchecky
2014-11-04 14:20 - 2014-11-04 14:55 - 00000000 ____D () C:\Users\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-04 14:17 - 2014-11-04 14:55 - 00000000 ____D () C:\Users\Urge\Desktop\mbar
2014-11-04 13:22 - 2014-11-19 16:33 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 13:22 - 2014-11-04 14:19 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-04 13:22 - 2014-11-04 13:22 - 00000653 _____ () C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 13:22 - 2014-11-04 13:22 - 00000000 ____D () C:\Users\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 13:22 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 11:35 - 2011-05-25 09:59 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-963894560-1177238915-1004UA.job
2014-11-27 11:23 - 2013-07-28 22:39 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 11:17 - 2012-07-06 16:59 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-27 11:17 - 2010-10-05 18:26 - 00000000 __SHD () C:\Users\NetworkService
2014-11-27 11:02 - 2014-10-18 11:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-27 10:52 - 2010-10-05 18:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-27 10:52 - 2010-10-05 18:22 - 00000000 __SHD () C:\Users\LocalService
2014-11-27 10:50 - 2001-08-23 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-27 10:49 - 2010-10-06 04:42 - 00000000 ____D () C:\WINDOWS\system32\ShellExt
2014-11-27 10:45 - 2010-10-06 04:49 - 00000358 __RSH () C:\boot.ini
2014-11-27 10:44 - 2010-10-05 18:26 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-27 10:44 - 2010-10-05 18:18 - 01632978 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-27 07:53 - 2010-10-06 05:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-27 07:53 - 2010-10-06 05:12 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-27 07:52 - 2014-03-22 15:50 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-27 07:52 - 2013-07-28 22:39 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 07:52 - 2001-08-23 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-27 00:49 - 2010-10-05 18:43 - 00000178 ___SH () C:\Users\Urge\ntuser.ini
2014-11-27 00:47 - 2011-12-19 11:55 - 00000000 ____D () C:\Users\Urge\Application Data\vlc
2014-11-26 17:35 - 2011-06-01 06:50 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-963894560-1177238915-1004Core1cc20522bb415f2.job
2014-11-26 10:38 - 2013-08-28 18:04 - 00000000 ____D () C:\Users\Urge\Application Data\XBMC
2014-11-25 01:35 - 2010-10-05 18:43 - 00000000 ____D () C:\Users\Urge
2014-11-21 23:17 - 2010-10-07 14:32 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-21 18:04 - 2011-03-01 15:04 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-21 11:34 - 2010-10-06 05:04 - 00877046 _____ () C:\WINDOWS\setupapi.log
2014-11-21 11:17 - 2014-05-04 11:35 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-21 11:17 - 2013-03-27 09:18 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-21 11:17 - 2013-03-27 09:18 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-11-21 11:17 - 2013-03-27 09:18 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-21 11:17 - 2012-03-20 13:55 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-11-21 11:17 - 2010-10-07 14:32 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-21 11:17 - 2010-10-07 14:32 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-21 11:17 - 2010-10-07 14:32 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-11-21 11:16 - 2010-10-07 14:32 - 00253640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswndis2.sys
2014-11-20 08:27 - 2001-08-23 07:00 - 00001903 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.old
2014-11-19 21:04 - 2014-10-14 23:39 - 00000341 _____ () C:\Users\Urge\Desktop\Jimi songs.txt
2014-11-18 13:01 - 2011-05-31 12:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-11-18 12:47 - 2014-07-19 15:07 - 00000000 ____D () C:\Program Files\Savevid
2014-11-17 16:10 - 2010-10-08 15:48 - 00002357 _____ () C:\Users\All Users\Start Menu\Programs\Microsoft Excel.lnk
2014-11-16 11:15 - 2011-02-18 14:16 - 00002355 _____ () C:\Users\Urge\Desktop\Microsoft Word.lnk
2014-11-14 07:43 - 2012-05-16 08:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-08 15:00 - 2014-03-22 15:50 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-04 13:02 - 2010-10-07 14:07 - 00000000 ____D () C:\Users\Urge\Application Data\Malwarebytes
2014-11-04 13:02 - 2010-10-07 14:07 - 00000000 ____D () C:\Users\All Users\Application Data\Malwarebytes
2014-11-03 11:36 - 2010-10-06 05:07 - 00628714 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-02 00:57 - 2012-02-07 18:30 - 00000000 ____D () C:\Users\Urge\Application Data\Audacity
2014-10-28 14:00 - 2012-01-07 10:31 - 00000215 _____ () C:\WINDOWS\hpbafd.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2010-06-17 06:20] - [2010-06-17 06:20] - 1723904 ____A (Microsoft Corporation) e1f5f729264c8af1d6a95ecd1c8086dd     

C:\WINDOWS\system32\winlogon.exe
[2010-06-17 06:22] - [2010-06-17 06:22] - 0570368 ____A (Microsoft Corporation) 50d6ee240e804f638d88e26200d37670     

C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll
[2010-06-17 06:22] - [2010-06-17 06:22] - 0575488 ____A (Microsoft Corporation) 99c1acb1b8f0f2cecc56515e502b5120     

C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by Urge at 2014-11-27 11:52:13
Running from C:\Users\Urge\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
3ivx D4 4.5.1 Decoder (remove only) (HKLM\...\3ivx D4 4.5.1 Decoder) (Version: 4.5.1 - 3ivx Technologies, Pty. Ltd.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
A1 (HKLM\...\A1_is1) (Version:  - )
Acronis True Image WD Edition (HKLM\...\{A7D5787B-3A91-4433-A753-CFE520671683}) (Version: 13.0.14010 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Advanced Uninstaller PRO 9.6.0.40 (HKLM\...\Advanced Uninstaller PRO_is1) (Version: 9.6.0.40 - -[ by Akozdem!R ]-)
Alarm Clock v1.0 (HKLM\...\Alarm Clock_is1) (Version:  - Moore Design Lmt.)
Alchemy and Bejeweled Pack (HKLM\...\Alchemy and Bejeweled Pack) (Version:  - )
Any Video Converter 3.5.8 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (HKLM\...\{938F63A9-245C-1EF1-A4FF-AF04F1F034EA}) (Version: 10.0.0.40103 - ATI Technologies Inc.)
ATI Catalyst Install Manager (HKLM\...\{C5A56577-49B4-331E-55DC-7143AFFAD108}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Attribute Changer 6.20 (HKLM\...\AC) (Version: 6.10a - Romain Petges)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Internet Security (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version:  - )
BLM 2.7.7 (HKLM\...\The Blocklist Manager_is1) (Version: 2.7.7 - Bluetack Internet Security Solutions)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CDex extraction audio (HKLM\...\CDex) (Version:  - )
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
ConvertXtoDVD Portable 4.0.12.327 (HKLM\...\ConvertXtoDVD Portable_is1) (Version:  - )
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
CPUID CPU-Z 1.55 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools (HKLM\...\{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}) (Version: 3.47.0 - DAEMON'S HOME)
Data Lifeguard Tools (HKLM\...\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}) (Version:  - )
DBXpress (HKLM\...\{A600B935-50DC-476E-9432-95A13F416302}) (Version: 2.1.0 - Stephen L. Cochran, Ph.D.)
DVD Audio Extractor 7.1.1 (HKLM\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD2one V2.3.1 (HKLM\...\DVD2one V2) (Version: 2.3.1 - Eximius B.V.)
DVD43 Plug-in v1.0.0.6 (HKLM\...\DVD43 Plug-in_is1) (Version:  - )
DVD43 v3.7.0 (HKLM\...\DVD43_is1) (Version:  - )
DVDAux 1.0.0 (HKLM\...\DVDAux_is1) (Version:  - DVDAux Inc.)
DVDFab 8.1.3.8 (09/12/2011) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab Inspector version 1.2.0.0 (HKLM\...\DVDFab Inspector_is1) (Version: 1.2.0.0 - Fengtao Software Inc.)
EaseUS Data Recovery Wizard Free Edition 5.5.1 (HKLM\...\EaseUS Data Recovery Wizard Free Edition 5.5.1_is1) (Version:  - EaseUS)
eMule (HKLM\...\eMule) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Everest Ultimate Edition 5.50.2169 (HKLM\...\Everest Ultimate Edition_is1) (Version:  - )
eXPander (HKLM\...\eXPander) (Version: 15.2.2 - )
Family Tree Maker 2012 (HKLM\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version:  - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
foobar2000 v1.2.9 (HKLM\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Freemake Video Converter version 3.2.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
GlobeReader (HKLM\...\com.boston.globereader.32B98E1E109C99C4674A656F6527F42DE7AB8ABA.1) (Version: 1.059 - Boston Globe Electronic Publishing)
GlobeReader (Version: 1.059 - Boston Globe Electronic Publishing) Hidden
Google Chrome (HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HDD Health v3.3 Beta (HKLM\...\HDD Health_is1) (Version:  - )
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
Intel® Network Connections 14.4.0.0 (HKLM\...\{555E63EF-4EB5-43E5-BEEF-9E2CD7BCEFA2}) (Version: 14.4.0.0 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Kels' CPL Bonus Pack! (HKLM\...\CPLBonus) (Version: 11.2 - Kelsenellenelvian EverDawn)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Layer III Audio Encoder (HKLM\...\Layer III Audio Encoder 1.0.70111) (Version: 1.0.70111 - Elecard)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: 3.5.30730 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
MP3reduce II v3 (HKLM\...\ST5UNST #1) (Version:  - )
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nitro Reader 2 (HKLM\...\{A9B3C61A-41C8-4171-A79A-267634E915AE}) (Version: 2.1.1.4 - Nitro PDF Software)
Olympus ib (HKLM\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.3.2207 - OLYMPUS IMAGING CORP.)
Olympus ib (Version: 1.3.2207 - OLYMPUS IMAGING CORP.) Hidden
Open Command Prompt Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 2.0.2.1 - Kai Liu)
Open Selected URL - IE Extension (HKLM\...\OpenSelectedURLIE) (Version: 1.0.1.0 - MuvEnum)
PC Wizard 2008 2008.1.8.4 (HKLM\...\{D14ED2E1-C75B-443c-BD7C-333333333303}_is1) (Version: 2008.1.8.4 - ©2001 - 2008 CPUID)
PCWin Speaker Recorder (HKLM\...\{C78205AF-82F7-4EAF-A6C9-E1B90B8BB833}) (Version: 1.1.7.0 - FrontierDG.com)
PDF-Viewer (HKLM\...\{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1) (Version: 2.0.56.0 - Tracker Software Products Ltd)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
PerfectDisk 11 Professional (HKLM\...\{B7607FC8-72AD-486D-B6B7-A402D5876309}) (Version: 11.00.185 - Raxco Software Inc.)
PowerTweaK Menu (mmm) (HKLM\...\mmm) (Version: 2.02 - Paraglider)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Prio v1.9.8 (HKLM\...\Prio) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version:  - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
RefreshEM (HKLM\...\Refreshem) (Version: 1.0.0.0 - camtech)
RegShot (HKLM\...\RegShot) (Version: 2.0.1.68 - Paraglider)
RegTeaks (HKLM\...\RegTweaks) (Version: 15.2.2 - )
Relaxing Rhythms (HKLM\...\Relaxing Rhythms) (Version: 2.2 - Wild Divine, Inc.)
Resource Hacker (HKLM\...\Reshack) (Version: 3.5.2 beta - Angus Johnson)
REX CRIBBAGE (HKLM\...\{B6A07ABB-AF7C-4820-9AE7-5539B392A18C}) (Version: 3.0 - HALSWARE)
Savevid (HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Savevid) (Version: 0.0.0.1033 - Bandoo Media Inc) <==== ATTENTION
Secunia PSI (3.0.0.6001) (HKLM\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
SendTo Xtras (HKLM\...\SendTo) (Version: 15.2.2 - )
Service Tweaker (HKLM\...\Sertweak) (Version: 1.0.0.0 - ajua Onine)
Silent Hunter Wolves of the Pacific (HKLM\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.05.0000 - Ubisoft)
SIW version 2010.07.14 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.07.14 - Topala Software Solutions)
Spotify (HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\Spotify) (Version: 0.9.1.53.g876fa9df - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
SysInternals Programs Collection v3.7 (HKLM\...\SysInternals Programs Collection) (Version: v3.7 - Addon by odyn1982)
System Requirements Lab for Intel (HKLM\...\{ADD72094-D289-4714-A62E-70574478A2BC}) (Version: 4.3.1.0 - Husdawg, LLC)
TagScanner 5.1.649 (HKLM\...\TagScanner_is1) (Version:  - Sergey Serkov)
TapinRadio 1.58 (HKLM\...\TapinRadio_is1) (Version:  - Raimersoft)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Passage (HKLM\...\The Passage) (Version: 3.0.1 - Wild Divine, Inc.)
TightVNC (HKLM\...\{D903B276-81AE-4AED-AEF9-45DACFBF16CE}) (Version: 2.7.10.0 - GlavSoft LLC.)
Tomb Raider: Anniversary 1.0 (HKLM\...\Tomb Raider: Anniversary) (Version:  - )
ToolTipFixer 1.0.1 (HKLM\...\ToolTipFixer) (Version: 1.0.1 - NeoSmart Technologies)
Unchecky v0.3.4 (HKLM\...\Unchecky) (Version: 0.3.4 - RaMMicHaeL)
Universal Extractor (HKLM\...\Universal Extractor_addon) (Version: v1.6.2 - oszone.net)
Unlocker v1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - )
ViewSonic Monitor Drivers (HKLM\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version:  - )
VistaSwitcher (HKLM\...\VistaSwitcher) (Version: 1.1.2 - NTWind Software)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
What's my computer doing 1.xx (HKLM\...\{3F702F22-A623-4B6A-41BD-420700558223}_is1) (Version:  - ITSTH)
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.7900 -  )
Wild Divine Grapher (HKLM\...\Wild Divine Grapher) (Version: 1.0 - Wild Divine, Inc.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows IP Configuration Manager 2.7.2.80 (HKLM\...\{D14ED2E1-C75B-443c-BD7C-333333333301}_is1) (Version: 2.7.2.80 - Peter Kostov)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Wisdom Quest (HKLM\...\Wisdom Quest) (Version: 2.0 - Wild Divine, Inc.)
XBMC (HKU\S-1-5-21-1844237615-963894560-1177238915-1004\...\XBMC) (Version:  - Team XBMC)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Urge\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Urge\Local Settings\Application Data\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Users\Urge\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 07:00 - 2014-11-27 10:50 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => D:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-963894560-1177238915-1004Core1cc20522bb415f2.job => C:\Users\Urge\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-963894560-1177238915-1004UA.job => C:\Users\Urge\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2014-11-26 15:51 - 2014-11-26 15:51 - 02903552 _____ () D:\Program Files\Alwil Software\Avast5\defs\14112601\algo.dll
2012-01-23 13:23 - 2011-02-28 17:37 - 00180624 _____ () C:\WINDOWS\system32\Primomonnt.dll
2010-06-07 16:05 - 2010-06-07 16:05 - 00028512 _____ () C:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll
2013-11-20 12:30 - 2014-11-21 11:17 - 38562088 _____ () D:\Program Files\Alwil Software\Avast5\libcef.dll
2013-11-22 14:35 - 2005-12-05 18:04 - 00691200 _____ () C:\Program Files\dvd43\dvd43_tray.exe
2010-10-05 20:12 - 2010-08-28 23:02 - 00439824 _____ () D:\Program Files\Utilities\Core Temp\Core Temp.exe
2009-08-14 11:47 - 2009-08-14 11:47 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll
2009-08-14 11:45 - 2009-08-14 11:45 - 00069697 _____ () D:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-07-19 15:09 - 2014-02-05 06:34 - 00796152 _____ () C:\Program Files\Savevid\SavevidService.exe
2014-07-19 15:09 - 2014-02-05 06:34 - 01148920 _____ () C:\Program Files\Savevid\SavevidWSServer.exe
2014-11-13 01:22 - 2014-11-13 01:22 - 03649648 _____ () D:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1844237615-963894560-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Users\Administrator
ASPNET (S-1-5-21-1844237615-963894560-1177238915-1003 - Limited - Enabled)
Guest (S-1-5-21-1844237615-963894560-1177238915-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1844237615-963894560-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1844237615-963894560-1177238915-1002 - Limited - Disabled)
Urge (S-1-5-21-1844237615-963894560-1177238915-1004 - Administrator - Enabled) => %SystemDrive%\Users\Urge

==================== Faulty Device Manager Devices =============

Name: PnP BIOS Extension
Description: PnP BIOS Extension
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: d347bus
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2014 08:55:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
   at System.Security.Principal.SecurityIdentifier..ctor(System.String)
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
   at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
   at FreemakeUtilsService.Statistics.Manager.SettingsSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (11/27/2014 10:50:39 AM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.

Error: (11/27/2014 10:48:03 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC000007Fdesktop.iniHarddiskVolume6

Error: (11/27/2014 10:43:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/27/2014 07:54:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (11/26/2014 07:47:50 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (11/25/2014 07:58:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (11/24/2014 08:55:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2014 06:36:04 PM) (Source: DCOM) (EventID: 10010) (User: SPLURGE)
Description: The server {BC7ADC2B-CC8C-48D2-A820-1BC605B0D3C7} did not register with DCOM within the required timeout.

Error: (11/24/2014 08:53:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (11/23/2014 09:56:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.


Microsoft Office Sessions:
=========================
Error: (11/24/2014 08:55:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
   at System.Security.Principal.SecurityIdentifier..ctor(System.String)
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
   at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
   at FreemakeUtilsService.Statistics.Manager.SettingsSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 34%
Total physical RAM: 3062.04 MB
Available physical RAM: 2014.31 MB
Total Pagefile: 7428.52 MB
Available Pagefile: 6463.14 MB
Total Virtual: 3071.88 MB
Available Virtual: 2947.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:4.29 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Programs) (Fixed) (Total:97.65 GB) (Free:70.32 GB) NTFS
Drive e: (Data) (Fixed) (Total:97.65 GB) (Free:92.84 GB) NTFS
Drive f: (Storage) (Fixed) (Total:175.78 GB) (Free:54.57 GB) NTFS
Drive g: (Backup) (Fixed) (Total:205.54 GB) (Free:93.42 GB) NTFS
Drive i: (Swap) (Fixed) (Total:1.95 GB) (Free:0.01 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive j: (Temp) (Fixed) (Total:7.81 GB) (Free:7.76 GB) NTFS
Drive k: (Storage 1) (Fixed) (Total:195.31 GB) (Free:33.06 GB) NTFS
Drive l: (Storage 2) (Fixed) (Total:146.48 GB) (Free:28.5 GB) NTFS
Drive m: (Storage 3) (Fixed) (Total:114.2 GB) (Free:29.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 0008C1B8)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=05)

==================== End Of Log ============================

 

 

I was unable to access msinfo32 so no system summary.  I have SIW installed, would that work?

 

When you post your reply, use the Replytopic.jpg button instead.  There is no"Reply to this topic" button that I can see so I am clicking the Add Reply button.

 

Urge

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:32 AM

Posted 27 November 2014 - 03:04 PM

Greetings,

Thank you for your continued patience.

The Reply to this topic button is near the top of the web page but just continue to post like you just did.

 

Don't worry about the System Summary information for now.

Please consider and do these things for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have eMule installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again. There are also a couple of open ports assigned to eMule which allows access to your computer.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall eMule, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition, it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt

===================================================

Junkware Removal Tool by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
R3 ALSysIO; \??\J:\Temp\ALSysIO.sys [X]
U3 catchme; \??\J:\Temp\catchme.sys [X]
S3 cpuz136; \??\J:\TEMP\cpuz136\cpuz136_x32.sys [X]
S4 IntelIde; No ImagePath
U4 WmdmPmSp; No ImagePath
U3 aswMBR; \??\J:\Temp\aswMBR.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Urge\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Users\Urge\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

SystemLook by jpshortstuff

--------------------

  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
midimap.dll
mshtml.dll 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Savevid

  • Reboot your computer

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • AdwCleaner log
  • Junkware log
  • Fixlog
  • SystemLook log

Edited by Oh My!, 27 November 2014 - 03:05 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 27 November 2014 - 08:05 PM

Hi Oh My!,  Here are the results: 

 

AdwCleaner-

 

# AdwCleaner v4.102 - Report created 27/11/2014 at 19:35:05
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Urge - SPLURGE
# Running from : C:\Users\Urge\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2046 octets] - [18/11/2014 18:32:43]
AdwCleaner[R1].txt - [895 octets] - [19/11/2014 16:22:54]
AdwCleaner[R2].txt - [949 octets] - [27/11/2014 19:32:56]
AdwCleaner[S0].txt - [2131 octets] - [18/11/2014 18:53:10]
AdwCleaner[S1].txt - [871 octets] - [27/11/2014 19:35:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [930 octets] ##########

 

It didn't find anything, did I do something wrong like clic the report button too soon?

 

Junkware Removal Tool-

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Microsoft Windows XP x86
Ran by Urge on 11/27/2014 at 19:43:49.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19F1959D-9717-4DE1-B371-E52E8A6DF88C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F1F06197-D83A-4232-933F-D7325B23A566}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Urge\Application Data\mozilla\firefox\profiles\jpekglj6.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/27/2014 at 19:46:43.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Urge at 2014-11-27 19:54:34 Run:1
Running from C:\Users\Urge\Desktop
Loaded Profile: Urge (Available profiles: Urge & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-963894560-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
R3 ALSysIO; \??\J:\Temp\ALSysIO.sys [X]
U3 catchme; \??\J:\Temp\catchme.sys [X]
S3 cpuz136; \??\J:\TEMP\cpuz136\cpuz136_x32.sys [X]
S4 IntelIde; No ImagePath
U4 WmdmPmSp; No ImagePath
U3 aswMBR; \??\J:\Temp\aswMBR.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Urge\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Users\Urge\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Urge\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No File
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\about" => Key deleted successfully.
"HKCR\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\javascript" => Key deleted successfully.
"HKCR\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\mailto" => Key deleted successfully.
"HKCR\CLSID\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\res" => Key deleted successfully.
"HKCR\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\vbscript" => Key deleted successfully.
"HKCR\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
"HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}" => Key not found.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
catchme => Service deleted successfully.
cpuz136 => Service deleted successfully.
IntelIde => Service deleted successfully.
WmdmPmSp => Service deleted successfully.
aswMBR => Service not found.
mbr => Service not found.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-963894560-1177238915-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

==== End of Fixlog ====

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:59 on 27/11/2014 by Urge
Administrator - Elevation successful

========== filefind ==========

Searching for "midimap.dll"
C:\WINDOWS\system32\midimap.dll    --a---- 32256 bytes    [11:20 17/06/2010]    [11:20 17/06/2010] 448937CF6D5D4A4009532DF67B205F92

Searching for "mshtml.dll "
C:\WINDOWS\ie8updates\KB2183461-IE8\mshtml.dll    -----c- 6093824 bytes    [21:53 08/10/2010]    [11:20 17/06/2010] F850935CE53640BE7AA71D8124578984
C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll    -----c- 5954560 bytes    [22:33 16/10/2010]    [12:24 24/06/2010] 94DC7E938C57F3C3D1BC4A0F68FC5830
C:\WINDOWS\ie8updates\KB2744842-IE8\mshtml.dll    -----c- 5958656 bytes    [16:30 28/11/2012]    [05:57 10/09/2010] 8A03CC037E6B7D1796192815231B0C3F
C:\WINDOWS\ie8updates\KB2761465-IE8\mshtml.dll    -----c- 6010368 bytes    [19:00 24/01/2013]    [15:13 28/08/2012] CF6B381C3518AB328382429CAE206D64
C:\WINDOWS\ie8updates\KB2799329-IE8\mshtml.dll    -----c- 6010880 bytes    [04:47 25/01/2013]    [06:23 13/11/2012] 02D8509E2362D777DEBFFC05C022CBF2
C:\WINDOWS\ie8updates\KB2909921-IE8\mshtml.dll    -----c- 6011392 bytes    [05:15 24/02/2014]    [05:33 06/01/2013] 14FD1CAEFB6D2749019AC2F54859568C
C:\WINDOWS\ie8updates\KB2925418-IE8\mshtml.dll    -----c- 6021120 bytes    [04:00 13/03/2014]    [23:26 05/02/2014] 516E371CC348141277A73EB9D3C25951
C:\WINDOWS\ie8updates\KB2936068-IE8\mshtml.dll    -----c- 6022144 bytes    [05:40 10/04/2014]    [11:46 24/02/2014] 427C63C2075ABF62FAA897BBD3DE44F4
C:\WINDOWS\ie8updates\KB2964358-IE8\mshtml.dll    -----c- 6021632 bytes    [06:30 03/05/2014]    [17:59 06/03/2014] 0964EFC80BD54FDF37397A09FDAE8395
C:\WINDOWS\system32\dllcache\mshtml.dll    ------- 6022144 bytes    [21:47 08/10/2010]    [08:13 30/04/2014] 3DB2624CCB1663BF6D62311B2B9E7B55

-= EOF =-

 

I got this through two flash drives that i had used in one computer and the brought it home to this computer.  I need to clean both flash drives and 2 additional computers that are also infected.  Can I just run all these tools on those other computers and can I search the flash drives and remove the infected files from them?

 

Urge



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:32 AM

Posted 27 November 2014 - 11:51 PM

Greetings,

Let's deal with this computer first and then the flash drives. In order to deal with any other computers officially you will need to start a Topic for each of them. Ideally we should see the individualized information from each computer to determine what needs to be done. Whether you want to wait for that or go it alone on the other computers is up to you.

You completed AdwCleaner correctly. :thumbsup2:

Please do this.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\WINDOWS\system32\midimap.dll

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
cmd: copy /y c:\windows\system32\dllcache\mshtml.dll c:\windows\System32
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 28 November 2014 - 11:02 AM

Hi Gary,  Here is the virus total scan;

 

https://www.virustotal.com/en/file/b385adfdb214fa979a6c5112d2ef72227c90b476466686484d297b99312dddf6/analysis/1417151280/

 

Here is the FRST log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Urge at 2014-11-28 00:40:52 Run:2
Running from C:\Users\Urge\Desktop
Loaded Profile: Urge (Available profiles: Urge & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: copy /y c:\windows\system32\dllcache\mshtml.dll c:\windows\System32
EmptyTemp:
*****************


=========  copy /y c:\windows\system32\dllcache\mshtml.dll c:\windows\System32 =========

        1 file(s) copied.

========= End of CMD: =========

EmptyTemp: => Removed 702.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

When I tried to open FRST on my desktop, Avast popped up and disappeared the FRST file.

 

Here is the error message: 

"Windows cannot find 'C:\Users\Urge\Desktop\FRST.exe'.  Make sure you typed the name correctly, and then try again.  To search for a file, click the start button, and then click search."

 

 

  I reacquired FRST and closed Avast and it worked.  The computer seems to be working normally again but I have spent very little time with it in this state so time will tell.  I would like to take a shot at fixing the other two computers with this issue.  Could you show me the items you found in these logs that point to the malware?  Can I run the code you provided for this computer?  What do we do with the flash drives?  I already reformatted one but it has been back in this computer so...?

 

Thanks for all your help!

 

Bill



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:32 AM

Posted 28 November 2014 - 11:47 AM

Hi Bill,

Showing you is not quite that simple, you really need to understand what you are looking at. You can certainly run AdwCleaner and Junkware Removal without any real danger. There are online scanners you can use but often times the infection is deeper than where they probe. ESET Online Scanner and Emsisoft Emergency Kit are good to use. So is Malwarebytes.

Here is what we need to do to deal with your USB devices.

===================================================

Panda USB Vaccine

--------------------
  • From a clean computer, please download Panda USB Vaccine and save it to your desktop
  • Double-click the icon to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your external drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
  • Leave the external drive attached to your computer
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. Once USB drives have been vaccinated, they cannot be reversed except with a format, meaning you will have to manually attempt to run something from the USB device rather than it running on its own simply by inserting the device. If you need to reformat the USB device to reverse this protection be sure to back up your data files first or they will be lost during the formatting process.

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon Including External Drive

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Attach any external drives you want to scan if not already attached
  • Click the Scan button near the top
  • Select Custom Scan then click Scan Now >>
  • Place a check mark in any additonal drives you would like to scan
  • Click Start Scan

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
===================================================

ESET Online Scanner Including External Drives

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Select Enable detection of potentially unwanted applications then click Start
  • Click Advanced settings
  • Select Scan for potentially unsafe applications
  • Click Change... next to Current scan targets: Operating memory, Local drives
  • Place a check mark in any additional drives you would like to scan then click OK
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Scan results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 28 November 2014 - 12:23 PM

Do you consider this computer clean now?  I ask because I want to know if I can download Panda USB Vaccine on this computer or do I need to use another?  I probably need to format one of my 2 USB drives to do this.  I used to have a 1/2 dozen or so but can't find any others.  I have been carrying these two around in my pocket for years.

 

Urge



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:32 AM

Posted 28 November 2014 - 01:13 PM

We are still working you this computer but I would like you to download Panda onto it. It will vaccinate both this computer and the USB devices. What it will do is prevent an autorun infection which may be what caused the contamination of the computers.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 28 November 2014 - 09:40 PM

So I ran the ESET scan and it came up with a bunch of programs I've been using for years. 

 

siw
Imgburn
PerfectDisk
cpu-z
Karen's Replicator
Foxit Reader
Core-Temp
FreemakeVideoConverter

 

These programs are not malware!  Could it be that ESET found bad files inserted into these programs?  I restored all of them and I will await your reply.  I know there are some programs in there that might be sketchy but I've had most of them for years.

 

Urge


Edited by Urge21, 28 November 2014 - 09:45 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:32 AM

Posted 28 November 2014 - 10:16 PM

You are fine to restore them, I think they are clean.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 02 December 2014 - 10:25 AM

OK, here are the last 2 scans.

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/11/29 14:45:27 -0500</date>
<logfile>mbam-log-2014-11-29 (14-44-25).xml</logfile>
<isadmin>no</isadmin>
</header>
<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.11.29.08</malware-database>
<rootkit-database>v2014.11.29.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows XP Service Pack 3</osversion>
<arch>x86</arch>
<username>Urge</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>custom</type>
<result>completed</result>
<objects>537828</objects>
<time>3740</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>

 

D:\PerfectDisk_11.0.174.exe    a variant of Win32/Keygen.AK potentially unsafe application    deleted - quarantined
D:\Program Files\Utilities\blocklist-manager\Blocklist_Manager_Install_2.7.7.exe    Win32/NetTool.Portscan.C potentially unsafe application    deleted - quarantined
D:\Program Files\Utilities\SIW\siw.exe    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    deleted - quarantined
E:\Flash contents\ccsetup318.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Flash contents\Utilities\cpu-z_1.55-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Flash contents\Utilities\FoxitReader514.0104_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Flash contents\Utilities\siw.exe    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    deleted - quarantined
E:\Gamepad Emulator\NudePatch1.7\NudePatch1.7\Texmod.exe    Win32/GameHack.TA potentially unsafe application    deleted - quarantined
E:\Gamepad Emulator\texmod\Texmod.exe    Win32/GameHack.TA potentially unsafe application    deleted - quarantined
E:\My Documents\Downloads\tapinradio_setup.exe    Win32/DownWare.W potentially unwanted application    deleted - quarantined
F:\Downloads\cbsi-10064069.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
F:\Downloads\cbsidlm-cbsi183-Soluto-ORG-75446583.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
F:\Downloads\cbsidlm-tr1_10a-RarmaRadio-SEO-10679588.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
F:\Downloads\cbsidlm-tr1_7-TapinRadio-SEO2-75324204.exe    Win32/DownloadAdmin.D potentially unwanted application    deleted - quarantined
F:\Downloads\cbsidlm-tr1_9-Karens_Replicator-SEO2-50127.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
F:\Downloads\cnet2_MyVideoConverter_Setup246_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application    deleted - quarantined
F:\Downloads\cpu-z_1.55-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
F:\Downloads\freeocr.exe    Win32/InstallMonetizer.AF potentially unwanted application    deleted - quarantined
F:\Downloads\m4a-to-mp3-converter.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
F:\Downloads\PerfectDisk_11.0.174.exe    a variant of Win32/Keygen.AK potentially unsafe application    deleted - quarantined
F:\Downloads\SetupImgBurn_2.5.2.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
F:\Downloads\siw-setup.exe    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    deleted - quarantined
F:\Downloads\YouTubeDownloaderSetup263.exe    a variant of Win32/Toolbar.Widgi potentially unwanted application    deleted - quarantined
F:\Downloads\PDFXVwer\PDFXVwer.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
F:\Downloads\produkey\ProduKey.exe    a variant of Win32/PSWTool.ProductKey potentially unsafe application    deleted - quarantined
K:\Flash contents\cbsidlm-tr1_7-BackUp_Maker-SEO2-10209877.exe    Win32/DownloadAdmin.D potentially unwanted application    deleted - quarantined
K:\Flash contents\ccsetup318.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
K:\Flash contents\Utilities\cpu-z_1.55-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\Flash contents\Utilities\FoxitReader514.0104_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\Flash contents\Utilities\siw.exe    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    deleted - quarantined
K:\Utility Downloads\Core-Temp-setup.exe    a variant of Win32/Complitly.A potentially unwanted application    deleted - quarantined
L:\Flash Drive Contents\siw.exe    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    deleted - quarantined
L:\Flash Drive Contents\crackz\keyfinder.exe    a variant of Win32/MagicalJellyBean.A potentially unsafe application    deleted - quarantined
L:\Flash Drive Contents\crackz\wga-fix.exe    Win32/HackHosts.AC potentially unsafe application    deleted - quarantined
L:\Flash Drive Contents\Saved Flash Drive\siw.exe    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    deleted - quarantined
L:\Flash Drive Contents\Saved Flash Drive\aLL uSERS\Documents and Settings\My Documents\Downloads\cpu-z_1.55-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
L:\Flash Drive Contents\Saved Flash Drive\My Documents\unlock files\keyfinder.exe    a variant of Win32/MagicalJellyBean.A potentially unsafe application    deleted - quarantined
L:\Flash Drive Contents\Saved Flash Drive\My Documents\unlock files\wga-fix.exe    Win32/HackHosts.AC potentially unsafe application    deleted - quarantined
L:\Flash Drive Contents\Saved Flash Drive\Video Xfer Progs\debutsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
L:\War Cruiser\cbsidlm-cbsi213-Freemake_Video_Converter-SEO-75218346.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
M:\Apps\Desktop\Clock.Tray.Skins_4.1.exe    a variant of Win32/HackTool.Patcher.A potentially unsafe application    deleted - quarantined
M:\Apps\Files-Folders\Unlocker_1.8.8.exe    Win32/Adware.ADON potentially unwanted application    deleted - quarantined
M:\Apps\Internet\FlashFXP.3.7.9.Beta.exe    a variant of Win32/Keygen.EM potentially unsafe application    deleted - quarantined
M:\Apps\Internet\Internet.Download.Manager_5.18.Build.5.exe    Win32/HackTool.Patcher.A potentially unsafe application    deleted - quarantined
M:\Apps\Multimedia\ConvertXtoDVD_4.0.8.320.exe    a variant of Win32/Keygen.AS potentially unsafe application    deleted - quarantined
M:\Apps\Multimedia\Cool.Edit.Pro_2.1.exe    a variant of Generik.HJNNYMP trojan    deleted - quarantined
M:\Apps\Multimedia\MediaInfo_0.7.27.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
M:\Apps\Security\Get.All.Passwords_1.21.exe    Win32/PSWTool.ChromePass.A potentially unsafe application    deleted - quarantined
M:\Apps\System\Perfect.Uninstaller_6.2.3.exe    a variant of Win32/Adware.SpywareCease.AA application    deleted - quarantined
M:\Flash Drive Backup\cbsidlm-tr1_9-Replicator-ORG2-10549567.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
M:\Flash Drive Backup 2\cbsidlm-tr1_9-Replicator-ORG2-10549567.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
M:\Video Xfer Progs\FreemakeVideoConverterSetup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined

 

I am having a little trouble with internet explorer, When I click on a sign in link on a website (www.concertvault.com)  it is non responsive.  What was the malware that I had called?  Which program took it out?  Could I deal with the other 2 computers that have the same issue in this thread?

 

Thank You for all your help, especially jumping in on Thanksgiving!

 

Urge

 

I cannot go to Windows Update!
 


Edited by Urge21, 02 December 2014 - 10:34 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users