Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS Log Check for AOL Dial-up Frequent Dis-connect


  • Please log in to reply
10 replies to this topic

#1 faye raye

faye raye

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:33 PM

Posted 04 January 2015 - 10:02 PM

Orignal thread: http://www.bleepingcomputer.com/forums/t/560376/slowed-speeds-high-cpu-and-pf-usage-and-virtual-memory-messages

My dial-up AOL connection has this incredibly annoying habit of disconnecting while you're trying to browse, as in: all of a sudden web pages won't load, and a little box appears in the bottom right saying it's re-dialing AOL. If a download is going, it will cause it to fail. Sometimes AOL even signs off all the way, and must be signed on again.

The other extremely aggravating thing is that my Avast antivirus needs to update to the latest version, but every time I try, AOL fully disconnects. This also happens when trying to load videos embedded on web pages.

I use Firefox as my main browswer, and I think it might have something to do with that, because it seems that when I just use AOL's browsers, AOL doesn't disconnect, at least, not until after many hours, which is not so when browsing with FF. And often if i start FF while AOL is already connected, AOL will need to re-connect and sometimes even sign off all the way, before FF appears. And earlier, I was trying to sign on again, and it didn't work until I after I had restarted the PC and tried signing on without FF running.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by Dashel R at 18:08:16 on 2015-01-04
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.140 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Free Download Manager\fdmwi.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1399257046\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
dURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
TB: AIM Search: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Free Download Manager - RCS] c:\program files\free download manager\fdmwi.exe -autorun
uRun: [Easy Dock] c:\documents and settings\dashel r\my documents\rca easyrip\EZDock.exe
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.7\AOL.EXE" -b
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [ZoneAlarm Installer] "c:\program files\checkpoint\install\launcher.exe" "c:\program files\checkpoint\install\install.exe" /r welcome /c "c:\program files\checkpoint\install\Install.xml" /w
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [HostManager] c:\program files\common files\aol\1399257046\ee\AOLSoftware.exe
mRun: [Easy Dock] <no file>
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\dashel~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\dashel r\my documents\rca detective\RCADetective.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - <orphaned>
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351444110390
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348869713890
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\y4brb0h9.default-1410831217343\
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-5-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-5-9 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-5-9 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-5-9 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-9 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-5-9 67824]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-6 133392]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WORDPAD.EXE="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: Documents.exe: open=c:\documents and settings\dashel r\my documents\downloads\PSXGameEdit.exe "%1"
.
=============== Created Last 30 ================
.
2015-01-04 18:42:18    --------    d-----w-    c:\windows\system32\HtmlData
2014-12-31 07:46:38    --------    d-----w-    c:\documents and settings\dashel r\local settings\application data\SvchostViewer
2014-12-30 07:21:13    --------    d-----w-    c:\windows\system32\{userdocs}
2014-12-27 03:57:16    --------    d-----w-    c:\program files\AnyToISO
2014-12-26 05:19:24    --------    d-----w-    c:\program files\Free ISO Creator
2014-12-25 05:02:04    --------    d-----w-    c:\documents and settings\all users\application data\Viewpoint
2014-12-25 05:01:34    --------    d-----w-    c:\program files\Viewpoint
2014-12-18 03:08:21    --------    d-----w-    c:\program files\AOL Desktop 9.7
2014-12-10 13:55:56    92784    ----a-w-    c:\program files\mozilla firefox\nssdbm3.dll
.
==================== Find3M  ====================
.
2014-12-10 10:29:53    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-10 10:29:50    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 06:40:38    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2005-06-01 18:14:41    823296    -c--a-w-    c:\program files\winmx353.exe
2005-05-20 09:16:07    4354084    -c--a-w-    c:\program files\spybotsd13.exe
2005-05-12 21:47:20    3149616    -c--a-w-    c:\program files\dap74.exe
2005-05-04 01:59:07    6179507    -c--a-w-    c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08:33    7741336    -c--a-w-    c:\program files\DivX521XP2K.exe
.
============= FINISH: 18:12:47.35 ===============

Attached Files


Edited by faye raye, 04 January 2015 - 10:06 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 09 January 2015 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:33 PM

Posted 10 January 2015 - 07:36 PM

Here's the logs:

 

# AdwCleaner v4.106 - Report created 10/01/2015 at 14:50:52
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dashel R - NO1
# Running from : C:\Documents and Settings\Dashel R\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [23930 octets] - [23/02/2014 08:41:40]
AdwCleaner[R10].txt - [3185 octets] - [20/03/2014 16:35:30]
AdwCleaner[R11].txt - [3108 octets] - [21/03/2014 06:39:00]
AdwCleaner[R12].txt - [3322 octets] - [22/03/2014 10:14:45]
AdwCleaner[R13].txt - [3383 octets] - [22/03/2014 11:01:12]
AdwCleaner[R14].txt - [2334 octets] - [22/03/2014 11:12:32]
AdwCleaner[R15].txt - [3534 octets] - [22/03/2014 11:44:46]
AdwCleaner[R16].txt - [3595 octets] - [22/03/2014 11:57:14]
AdwCleaner[R17].txt - [2640 octets] - [22/03/2014 14:20:02]
AdwCleaner[R18].txt - [2582 octets] - [22/03/2014 16:02:36]
AdwCleaner[R19].txt - [2855 octets] - [26/03/2014 21:32:17]
AdwCleaner[R1].txt - [24524 octets] - [06/03/2014 17:56:18]
AdwCleaner[R20].txt - [2884 octets] - [26/03/2014 21:52:42]
AdwCleaner[R21].txt - [3006 octets] - [27/03/2014 06:03:09]
AdwCleaner[R22].txt - [3067 octets] - [27/03/2014 06:29:51]
AdwCleaner[R23].txt - [3259 octets] - [12/04/2014 16:22:13]
AdwCleaner[R24].txt - [3192 octets] - [12/04/2014 16:39:24]
AdwCleaner[R25].txt - [3372 octets] - [12/04/2014 19:57:54]
AdwCleaner[R26].txt - [3433 octets] - [12/04/2014 20:32:32]
AdwCleaner[R27].txt - [3555 octets] - [12/04/2014 20:49:49]
AdwCleaner[R28].txt - [4693 octets] - [03/05/2014 07:25:51]
AdwCleaner[R29].txt - [4774 octets] - [03/05/2014 08:50:25]
AdwCleaner[R2].txt - [2904 octets] - [11/03/2014 08:55:55]
AdwCleaner[R30].txt - [3860 octets] - [03/05/2014 09:25:16]
AdwCleaner[R31].txt - [4328 octets] - [03/05/2014 14:34:50]
AdwCleaner[R32].txt - [4389 octets] - [03/05/2014 15:55:53]
AdwCleaner[R33].txt - [3985 octets] - [03/05/2014 16:17:15]
AdwCleaner[R34].txt - [5005 octets] - [03/05/2014 16:50:23]
AdwCleaner[R35].txt - [4796 octets] - [03/05/2014 16:53:37]
AdwCleaner[R36].txt - [4538 octets] - [03/05/2014 16:59:01]
AdwCleaner[R37].txt - [9078 octets] - [22/12/2014 19:30:05]
AdwCleaner[R38].txt - [5556 octets] - [10/01/2015 14:34:29]
AdwCleaner[R3].txt - [1946 octets] - [11/03/2014 16:03:52]
AdwCleaner[R4].txt - [1989 octets] - [12/03/2014 12:02:56]
AdwCleaner[R5].txt - [2049 octets] - [12/03/2014 12:05:54]
AdwCleaner[R6].txt - [1873 octets] - [12/03/2014 12:39:19]
AdwCleaner[R7].txt - [1993 octets] - [12/03/2014 13:41:16]
AdwCleaner[R8].txt - [1762 octets] - [18/03/2014 13:20:49]
AdwCleaner[R9].txt - [2958 octets] - [20/03/2014 11:19:13]
AdwCleaner[S0].txt - [24451 octets] - [06/03/2014 19:01:12]
AdwCleaner[S10].txt - [3481 octets] - [22/03/2014 11:02:48]
AdwCleaner[S11].txt - [2397 octets] - [22/03/2014 11:37:28]
AdwCleaner[S12].txt - [3691 octets] - [22/03/2014 11:58:34]
AdwCleaner[S13].txt - [2919 octets] - [26/03/2014 21:39:01]
AdwCleaner[S14].txt - [2946 octets] - [26/03/2014 21:53:34]
AdwCleaner[S15].txt - [3129 octets] - [27/03/2014 06:31:54]
AdwCleaner[S16].txt - [3325 octets] - [12/04/2014 16:26:52]
AdwCleaner[S17].txt - [3495 octets] - [12/04/2014 20:33:29]
AdwCleaner[S18].txt - [4789 octets] - [03/05/2014 07:32:44]
AdwCleaner[S19].txt - [4866 octets] - [03/05/2014 09:16:14]
AdwCleaner[S1].txt - [3063 octets] - [11/03/2014 08:59:24]
AdwCleaner[S20].txt - [4471 octets] - [03/05/2014 15:58:57]
AdwCleaner[S21].txt - [9095 octets] - [22/12/2014 19:40:01]
AdwCleaner[S22].txt - [4945 octets] - [10/01/2015 14:50:52]
AdwCleaner[S2].txt - [2061 octets] - [11/03/2014 16:06:29]
AdwCleaner[S3].txt - [2157 octets] - [12/03/2014 12:08:35]
AdwCleaner[S4].txt - [1967 octets] - [12/03/2014 12:44:46]
AdwCleaner[S5].txt - [2072 octets] - [12/03/2014 13:42:35]
AdwCleaner[S6].txt - [1825 octets] - [18/03/2014 13:54:24]
AdwCleaner[S7].txt - [3055 octets] - [20/03/2014 11:23:38]
AdwCleaner[S8].txt - [3283 octets] - [20/03/2014 16:37:44]
AdwCleaner[S9].txt - [3202 octets] - [21/03/2014 06:40:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S22].txt - [5486 octets] ##########
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by Dashel R (administrator) on NO1 on 10-01-2015 16:21:49
Running from C:\Documents and Settings\Dashel R\My Documents\Downloads
Loaded Profile: Dashel R (Available profiles: carlos olguin & Dashel R & Others & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\fxssvc.exe
(CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe
(Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
(Sonic Solutions) C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(Applian Technologies, Inc.) C:\Program Files\Freecorder\FLVSrvc.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\hkcmd.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1399257046\ee\aolsoftware.exe
() C:\Program Files\Free Download Manager\fdmwi.exe
(Audiovox Electronics Corp.) C:\Documents and Settings\Dashel R\My Documents\RCA easyRip\EZDock.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(Audiovox Accessories Corp.) C:\Documents and Settings\Dashel R\My Documents\RCA Detective\RCADetective.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
(AOL Inc.) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\taskmgr.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Documents and Settings\Dashel R\My Documents\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PCMService] => C:\Program Files\Dell\Media Experience\PCMService.exe [290816 2004-04-11] (CyberLink Corp.)
HKLM\...\Run: [IntelMeM] => C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] => C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2004-08-12] (Microsoft Corporation)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-11-15] (Sonic Solutions)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-06-30] (Analog Devices, Inc.)
HKLM\...\Run: [Freecorder FLV Service] => C:\Program Files\Freecorder\FLVSrvc.exe [167936 2010-06-26] (Applian Technologies, Inc.)
HKLM\...\Run: [Dell Photo AIO Printer 922] => C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [290816 2004-06-18] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [ZoneAlarm Installer] => C:\Program Files\CheckPoint\Install\Install.exe [2816648 2014-05-10] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1399257046\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Run: [Free Download Manager - RCS] => C:\Program Files\Free Download Manager\fdmwi.exe [1724928 2014-04-29] ()
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Run: [Easy Dock] => C:\Documents and Settings\Dashel R\My Documents\RCA easyRip\EZDock.exe [585728 2012-06-29] (Audiovox Electronics Corp.)
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7\AOL.EXE [72296 2014-02-13] (AOL Inc.)
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Policies\Explorer: [NoDriveAutoRun] 0x10000000
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\Dashel R\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> C:\Documents and Settings\Dashel R\My Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCzyzzzztDtCyBtBtDyEzztN0D0Tzu0CtAtAyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2077309999" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-329806685-2581723038-1583669757-1007 -> {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKU\S-1-5-21-329806685-2581723038-1583669757-1007 -> {C1D477AE-060A-42D1-B03B-18D7E14CABB3} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121249,16646,0,6,0
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-329806685-2581723038-1583669757-1007 -> AIM Search - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351444110390
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D43373C1-65F2-4016-90EB-4BAA9FB5EA53}: [NameServer] 205.188.146.145

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\y4brb0h9.default-1410831217343
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2088 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Extension: Flashblock - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\y4brb0h9.default-1410831217343\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: WOT - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\y4brb0h9.default-1410831217343\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-16]
FF Extension: NoScript - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\y4brb0h9.default-1410831217343\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-15]
FF Extension: Procon Latte Content Filter - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\y4brb0h9.default-1410831217343\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2014-09-15]
FF Extension: Menu Editor - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\y4brb0h9.default-1410831217343\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2014-09-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-09]
FF HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Documents and Settings\Dashel R\Local Settings\Application Data\XDM\xdmff
FF Extension: XDM Helper - C:\Documents and Settings\Dashel R\Local Settings\Application Data\XDM\xdmff [2013-12-15]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Dashel R\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2005-04-26] () [File not signed]
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\acsd.exe [42088 2014-02-12] (AOL Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)
S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [421888 2004-03-16] (Dell)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [74512 2012-02-06] (SANDBOXIE L.T.D)
S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-01-10] (America Online, Inc.) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 FreemakeVideoCapture; "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe" [X]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{21A155AA-1D30-4720-AB68-288F998268D0}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-12] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-14] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-14] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-14] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-14] ()
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2003-08-28] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
S3 MR97310_USB_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310c.sys [129875 2002-12-13] (Mars Semiconductor Corp.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-04-12] (Sonic Solutions) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [133392 2012-02-06] (SANDBOXIE L.T.D)
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [381056 2004-04-26] (Sensaura)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-12-04] (RapidSolution Software AG)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-11-15] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-11-15] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-11-15] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-11-15] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86554 2004-11-15] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-11-15] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-11-15] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-11-15] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-11-15] (Sonic Solutions) [File not signed]
S3 TrojanKillerDriver; C:\WINDOWS\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows ® Win 7 DDK provider)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
S3 catchme; \??\C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 15:16 - 2015-01-10 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Viewpoint
2015-01-10 15:15 - 2015-01-10 15:16 - 00000000 ____D () C:\Program Files\Viewpoint
2015-01-04 18:13 - 2015-01-04 18:13 - 00013921 _____ () C:\Documents and Settings\Dashel R\Desktop\attach.txt
2015-01-04 18:13 - 2015-01-04 18:12 - 00010230 _____ () C:\Documents and Settings\Dashel R\Desktop\dds.txt
2015-01-04 10:42 - 2015-01-04 10:42 - 00000000 ____D () C:\WINDOWS\system32\HtmlData
2014-12-30 23:46 - 2014-12-30 23:46 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\SvchostViewer
2014-12-29 23:26 - 2015-01-09 13:19 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\RCA Updater
2014-12-29 23:26 - 2014-12-29 23:26 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\RCA Detective
2014-12-29 23:26 - 2014-12-29 23:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RCA Detective
2014-12-29 23:24 - 2014-12-29 23:24 - 00000671 _____ () C:\Documents and Settings\Dashel R\Desktop\RCA easyRip.lnk
2014-12-29 23:22 - 2014-12-29 23:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RCA easyRip
2014-12-29 23:21 - 2014-12-29 23:21 - 00000000 ____D () C:\WINDOWS\system32\{userdocs}
2014-12-29 23:20 - 2015-01-09 13:19 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\RCA easyRip
2014-12-29 21:48 - 2014-12-29 21:49 - 37929016 _____ () C:\Documents and Settings\Dashel R\My Documents\END.wav
2014-12-27 00:21 - 2014-12-27 20:11 - 740715360 _____ () C:\Documents and Settings\Dashel R\My Documents\ (D).bin
2014-12-26 20:22 - 2014-12-26 20:48 - 00000082 _____ () C:\Documents and Settings\Dashel R\My Documents\FINALFANTASY7 (D).cue
2014-12-26 20:00 - 2014-12-26 20:00 - 00000692 _____ () C:\Documents and Settings\Dashel R\Desktop\AnyToISO.lnk
2014-12-26 20:00 - 2014-12-26 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AnyToISO
2014-12-26 19:57 - 2014-12-26 20:00 - 00000000 ____D () C:\Program Files\AnyToISO
2014-12-25 21:19 - 2014-12-25 21:19 - 00000690 _____ () C:\Documents and Settings\Dashel R\Desktop\Free ISO Creator.lnk
2014-12-25 21:19 - 2014-12-25 21:19 - 00000000 ____D () C:\Program Files\Free ISO Creator
2014-12-25 21:19 - 2014-12-25 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MiniDVDSoft
2014-12-25 20:22 - 2014-12-25 20:03 - 00124599 _____ () C:\Documents and Settings\Dashel R\My Documents\HNI_0039.MPO
2014-12-25 20:22 - 2014-12-25 20:03 - 00113830 _____ () C:\Documents and Settings\Dashel R\My Documents\HNI_0040.MPO
2014-12-25 20:22 - 2014-12-25 20:02 - 00124959 _____ () C:\Documents and Settings\Dashel R\My Documents\HNI_0036.MPO
2014-12-25 20:22 - 2014-12-25 20:02 - 00121434 _____ () C:\Documents and Settings\Dashel R\My Documents\HNI_0038.MPO
2014-12-25 20:22 - 2014-12-25 20:02 - 00119875 _____ () C:\Documents and Settings\Dashel R\My Documents\HNI_0035.MPO
2014-12-25 20:22 - 2014-04-27 17:56 - 00085407 _____ () C:\Documents and Settings\Dashel R\My Documents\HNI_0037.MPO
2014-12-22 22:48 - 2014-12-22 22:48 - 00001105 _____ () C:\Documents and Settings\Dashel R\Desktop\JRT.txt
2014-12-22 19:01 - 2014-12-22 19:06 - 00004044 _____ () C:\Documents and Settings\Dashel R\Desktop\Rkill.txt
2014-12-17 19:20 - 2014-12-17 19:20 - 00000678 _____ () C:\Documents and Settings\All Users\Start Menu\AOL Desktop 9.7.lnk
2014-12-17 19:08 - 2014-12-17 19:24 - 00000000 ____D () C:\Program Files\AOL Desktop 9.7
2014-12-15 18:05 - 2014-12-15 18:06 - 22249528 _____ () C:\Documents and Settings\Dashel R\My Documents\kolher.wav

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 16:23 - 2014-03-26 21:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\temp
2015-01-10 16:22 - 2014-03-11 09:23 - 00000000 ____D () C:\FRST
2015-01-10 16:16 - 2010-07-18 14:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 16:12 - 2013-12-14 18:11 - 00000958 _____ () C:\WINDOWS\Tasks\SBW_UpdateTask_Time_313931363131383635322d3437415a556c2a3223346c41.job
2015-01-10 15:57 - 2004-08-10 11:08 - 00035429 _____ () C:\WINDOWS\WMSETUP.LOG
2015-01-10 15:55 - 2014-09-12 16:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-10 15:42 - 2004-12-19 22:50 - 01780566 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-10 15:01 - 2014-05-09 13:42 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-10 15:00 - 2014-03-19 22:39 - 00874889 _____ () C:\WINDOWS\setupapi.log
2015-01-10 15:00 - 2014-03-07 20:47 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-10 15:00 - 2013-12-14 18:11 - 00000958 _____ () C:\WINDOWS\Tasks\SBW_UpdateTask_Logon_313931363131383635322d3437415a556c2a3223346c41.job
2015-01-10 15:00 - 2010-07-18 14:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 15:00 - 2004-12-19 22:48 - 00002206 _____ () C:\WINDOWS\system32\WPA.DBL
2015-01-10 14:58 - 2004-12-19 22:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-10 14:58 - 2004-08-10 10:59 - 00000159 _____ () C:\WINDOWS\WIADEBUG.LOG
2015-01-10 14:58 - 2004-08-10 10:59 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2015-01-10 14:53 - 2004-12-29 01:20 - 00000178 ___SH () C:\Documents and Settings\Dashel R\NTUSER.INI
2015-01-10 14:53 - 2004-12-29 01:20 - 00000000 ____D () C:\Documents and Settings\Dashel R
2015-01-10 14:53 - 2004-12-19 22:50 - 00032424 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-10 14:51 - 2014-02-23 08:41 - 00000000 ____D () C:\AdwCleaner
2015-01-10 14:32 - 2012-09-29 08:20 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Freecorder 4
2015-01-10 11:27 - 2004-12-30 11:06 - 00053248 _____ () C:\Documents and Settings\Dashel R\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 08:58 - 2010-11-19 18:41 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\FLVService
2015-01-09 14:57 - 2006-03-07 14:19 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\MS
2015-01-09 08:46 - 2013-08-22 08:22 - 00000063 _____ () C:\WINDOWS\qsbset.qsb
2015-01-08 19:24 - 2004-12-19 23:08 - 00000000 ____D () C:\Program Files\Common Files\AOL
2015-01-08 15:08 - 2014-03-07 20:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-07 19:04 - 2014-07-09 09:50 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\Free Download Manager
2015-01-06 19:55 - 2011-08-06 14:58 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-05 03:47 - 2014-09-12 16:37 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-05 03:47 - 2014-09-12 16:37 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-04 11:00 - 2004-12-19 22:36 - 00000282 ___SH () C:\boot.ini
2015-01-04 11:00 - 2004-08-10 11:04 - 00000120 _____ () C:\WINDOWS\WIN.INI
2015-01-04 11:00 - 2004-08-10 10:57 - 00000150 _____ () C:\WINDOWS\system.ini
2015-01-03 02:01 - 2014-08-31 20:33 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\foobar2000
2015-01-02 19:13 - 2009-03-06 08:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2015-01-02 19:13 - 2004-12-29 02:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\Adobe
2014-12-30 17:39 - 2013-09-29 08:48 - 00000000 ____D () C:\FFOutput
2014-12-29 22:02 - 2014-11-14 11:39 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\KRISTAL Media Files
2014-12-27 23:07 - 2014-09-11 19:19 - 00000000 ___RD () C:\Documents and Settings\Dashel R\My Documents\The  PSP
2014-12-25 09:01 - 2014-03-12 14:25 - 00000000 ____D () C:\Program Files\Freecorder
2014-12-24 19:43 - 2012-11-14 14:39 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\Free Audio Editor
2014-12-24 19:40 - 2005-01-01 03:07 - 00000000 ____D () C:\Temp
2014-12-22 17:00 - 2010-04-15 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-12-22 17:00 - 2004-12-30 12:10 - 00000000 ____D () C:\Program Files\Google
2014-12-22 17:00 - 2004-12-30 12:10 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\Google
2014-12-22 16:59 - 2004-12-29 02:18 - 00000000 ____D () C:\Program Files\AIM Toolbar
2014-12-22 16:53 - 2004-12-19 22:49 - 06301747 ____C () C:\WINDOWS\FaxSetup.log
2014-12-22 16:53 - 2004-12-19 22:49 - 03088819 ____C () C:\WINDOWS\OCGEN.LOG
2014-12-22 16:53 - 2004-12-19 22:49 - 02421246 ____C () C:\WINDOWS\TSOC.LOG
2014-12-22 16:53 - 2004-12-19 22:49 - 01015902 ____C () C:\WINDOWS\COMSETUP.LOG
2014-12-22 16:53 - 2004-12-19 22:49 - 00975023 ____C () C:\WINDOWS\IIS6.LOG
2014-12-22 16:53 - 2004-12-19 22:49 - 00337275 ____C () C:\WINDOWS\OCMSN.LOG
2014-12-22 16:53 - 2004-12-19 22:49 - 00314544 ____C () C:\WINDOWS\MSGSOCM.LOG
2014-12-22 16:53 - 2004-12-19 22:49 - 00209380 ____C () C:\WINDOWS\ntdtcsetup.log
2014-12-22 16:53 - 1979-12-31 22:00 - 00001943 _____ () C:\WINDOWS\imsins.log
2014-12-20 17:05 - 2004-12-19 22:49 - 00286592 _____ () C:\WINDOWS\setupact.log
2014-12-20 10:57 - 2010-06-27 19:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-12-18 11:50 - 2007-01-21 00:40 - 00000053 ____C () C:\WINDOWS\marscam.ini
2014-12-18 11:00 - 2005-02-12 01:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB888302$
2014-12-17 19:22 - 2006-07-06 20:30 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\AOL
2014-12-17 19:22 - 2004-12-30 13:35 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\AOL
2014-12-17 19:21 - 2014-05-04 18:43 - 00061595 _____ () C:\install.log
2014-12-17 19:20 - 2014-05-04 18:44 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.7.lnk
2014-12-17 19:20 - 2014-05-04 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AOL
2014-12-17 19:08 - 2014-04-25 12:37 - 00000000 ____D () C:\Program Files\Common Files\aolshare
2014-12-17 19:07 - 2004-12-19 23:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AOL
2014-12-16 13:53 - 2005-05-03 10:59 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Lame
2014-12-15 18:27 - 2014-11-06 14:50 - 00000000 ____D () C:\Documents and Settings\Dashel R\Desktop\iPlayer Recordings
2014-12-15 17:46 - 2014-07-28 12:59 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Sd Card
2014-12-15 16:38 - 2006-05-31 09:31 - 00000754 ____C () C:\WINDOWS\WORDPAD.INI
2014-12-14 22:18 - 2005-01-01 15:23 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\WMTools Downloaded Files
2014-12-14 18:55 - 2013-09-15 15:49 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Project Development
2014-12-14 15:54 - 2011-04-02 18:07 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Any Video Converter
2014-12-13 01:03 - 2014-01-21 17:15 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\My Cheat Tables
2014-12-12 00:16 - 2012-09-23 17:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Documents and Settings\C.O\Local Settings\temp\AcsInstall.dll
C:\Documents and Settings\C.O\Local Settings\temp\atl80.dll
C:\Documents and Settings\C.O\Local Settings\temp\insmac2k.dll
C:\Documents and Settings\C.O\Local Settings\temp\libexpat.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfc80.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfc80u.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfcm80.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfcm80u.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcm80.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcp80.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcr80.dll
C:\Documents and Settings\C.O\Local Settings\temp\ocpchk.dll
C:\Documents and Settings\C.O\Local Settings\temp\tbinst.dll
C:\Documents and Settings\C.O\Local Settings\temp\TmDbg32.dll
C:\Documents and Settings\C.O\Local Settings\temp\uninst.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\AcsInstall.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\AOLFirewallMgr.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\AOLInstallerfw.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\cygwin1.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\mkisofs.exe
C:\Documents and Settings\Dashel R\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Dashel R\Local Settings\temp\SHFOLDER.DLL
C:\Documents and Settings\Dashel R\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 11 January 2015 - 10:20 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [ZoneAlarm Installer] => C:\Program Files\CheckPoint\Install\Install.exe [2816648 2014-05-10] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [Easy Dock] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCzyzzzztDtCyBtBtDyEzztN0D0Tzu0CtAtAyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2077309999" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-329806685-2581723038-1583669757-1007 -> {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKU\S-1-5-21-329806685-2581723038-1583669757-1007 -> {C1D477AE-060A-42D1-B03B-18D7E14CABB3} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121249,16646,0,6,0
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR HKLM\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [Not Found]
S2 FreemakeVideoCapture; "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe" [X]
S3 catchme; \??\C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U3 TlntSvr; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:33 PM

Posted 16 January 2015 - 12:14 AM

Here's the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-01-2015
Ran by Dashel R at 2015-01-11 18:06:07 Run:2
Running from C:\Documents and Settings\Dashel R\My Documents\Downloads
Loaded Profile: Dashel R (Available profiles: carlos olguin & Dashel R & Others & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\Run: [ZoneAlarm Installer] => C:\Program Files\CheckPoint\Install\Install.exe [2816648 2014-05-10] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [Easy Dock] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCzyzzzztDtCyBtBtDyEzztN0D0Tzu0CtAtAyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2077309999" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-329806685-2581723038-1583669757-1007 -> {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKU\S-1-5-21-329806685-2581723038-1583669757-1007 -> {C1D477AE-060A-42D1-B03B-18D7E14CABB3} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121249,16646,0,6,0
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR HKLM\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [Not Found]
S2 FreemakeVideoCapture; "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe" [X]
S3 catchme; \??\C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U3 TlntSvr; No ImagePath

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Installer => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Dock => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value deleted successfully.
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL => value deleted successfully.
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}" => Key deleted successfully.
HKCR\CLSID\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} => Key not found.
"HKU\S-1-5-21-329806685-2581723038-1583669757-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1D477AE-060A-42D1-B03B-18D7E14CABB3}" => Key deleted successfully.
HKCR\CLSID\{C1D477AE-060A-42D1-B03B-18D7E14CABB3} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\Software\MozillaPlugins\@viewpoint.com/VMP" => Key deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\kbhplonhjleiopohgmppianogioknked" => Key deleted successfully.
FreemakeVideoCapture => Service deleted successfully.
catchme => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
TlntSvr => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 18:07:04 ====

 

 

 

 Results of screen317's Security Check version 0.99.93  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 avast! Free Antivirus    
 ESET Online Scanner v3   
 iPod Reset Utility    
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
  Adobe Flash Player     15.0.0.246 Flash Player out of Date!  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

 

 

 

 

 

Since running these, the PC does seem a tad less slow, and the instances of AOL needing to tre-connect and/or disconnecting are less often, but still present. I tried to update Avast, and it was going fine for a few hours, but AOL disconnected before it could finish, and I tried again to leave it downloading overnight, but it didn't work.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 16 January 2015 - 08:50 AM

Loosing AOL means that you are loosing your internet connection.

Reset the browser(s) that you are using.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Keep me posted.

#7 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:33 PM

Posted 16 January 2015 - 09:20 PM

Do you mean I should reset my browser whenever I see AOL disconnecting?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 17 January 2015 - 09:24 AM

If you still log AOl after resetting the browsers then you internet connection is failing.

You should start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/f/21/networking/

Get an expert to help you find out what is wrong.

#9 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:33 PM

Posted 17 January 2015 - 08:15 PM

I guess I will do that, then, because I reset Firefox, and it still disconnected earlier. One of the weird things about this is it seems like AOL has periods where it gets by without disconnecting all day, i.e. it can actually complete a long download. Then there are times when it seems as if it's having trouble just signing on- while it's dialing up it'll keep giving some error message and won't sign on. The Pc's been cleared for viruses? Because it never used to do anything like this unless it was infected.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 18 January 2015 - 09:21 AM

I will leave this topic open for 5 days if you need to return please do.

#11 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:33 PM

Posted 18 January 2015 - 03:53 PM

Okay.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users