Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP Pro SP3 desktop infected with CTB-Locker type virus


  • This topic is locked This topic is locked
36 replies to this topic

#1 KBenning

KBenning

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 January 2015 - 06:28 PM

Thank you very much for your time, help, and attention.  I greatly appreciate it.

 

I downloaded DDS and ran it several times, but it only generated the "Attach.txt" file, it never generated the "DDS.txt" file, even when I ran it with only the "DDS.txt" option checked.  Earlier today I did run GMER, and I have that log and can post it if that would be appropriate.

 

Please excuse the length of this post and any lack of clarity.  I have never posted here before today.

 

The only good thing is that my infected computer is a backup computer that I don't use much and I don't connect it to other computers.  It is not on a network.  However, it has several documents and photos I would like to preserve.  It is also useful as a stand alone computer for basic web browsing (but I still intend to get rid of it once Windows 10 comes out).

 

The infected computer is a desktop with Windows XP Pro SP3.  It has Microsoft Security Essentials on it but it apparently has been disabled.  While the computer is an XP computer, it is as up to date as an XP computer still can be (i.e., the few updates Microsoft still does I make sure to install).  Unfortunately, the main login has Admin privileges.

 

I was not aware of any problem with the computer until yesterday.  Yesterday afternoon, I was using the computer and I noticed it was very sluggish.  I checked the Task Manager and saw that 2 different "explorer.exe" processes were running.  One of the explorer.exe processes kept taking up more and more memory.  Instead of taking up 20,000-50,000 K, the growing explorer.exe process reached all the way to 1,400,000 K.

 

In my ignorance, I didn't realize the computer had somehow been infected by a virus/trojan/etc.  At first I thought the growing explorer.exe process was caused by some routine system error (not a malicious virus).  I kept using Task Manager to "End Process", but the second explorer.exe kept coming back.

 

I tried booting into Safe Mode (without Networking), but I got the Blue Screen of Death when I tried booting into Safe Mode.  I left the computer unplugged (no electricity) over night.  I woke up early and tried the computer again.

 

I saw that one DOC and two TXT text tiles had weird extensions added to the end, i.e., after the ".doc" and ".txt" for the files, there was a "." with seven letters (the same seven letters for all three files).  Not being familiar with ransonware/encryption viruses, I didn't immediately understand what was going on.

 

After about 15 minutes of web searching, I realized the computer was infected with some type of ransomware/encryption virus.  I did not get any sort of ransom message.

 

I realized the Microsoft Security Essentials was not running.  I could not get it to run.  I have Malwarebytes installed.  I tried running it.  Malwarebytes would not run.  I tried downloading Kaspersky TDSSkiller.  I could download it and start the Unzip, but it would not run.

 

Eventually, after some guesswork and reading on this website and others (such as Malwarebytes forums), I went into the   Documents and Settings\All Users\Application Data in Safe Mode to look for suspicious files or subdirectories.  There I found two suspicious looking folders that had "Date Modified" timestamps from yesterday and today.  I tried accessing the directories but was not able to.  I then realized that those were mostly the core virus directories.  I opened a Command Prompt and tried deleting the directories through a command line, but I got a standard DOS message that the access was denied.  So I went to the Task Manager and did an "End Process" on both "explorer.exe" processes.  The Windows desktop and icons went blank, but the Command Prompt window remained, and after using I believe "-r" or similar DOS commands, I was able to delete both of the troublesome directories.

 

I see now that accomplished something positive, but I still have many problems.  The second version of "explorer.exe" has not returned (I have since rebooted both into a normal Windows session and into Safe Mode; I am currently in a normal Windows session).

 

I do have Spybot installed, and at least I was able to run Spybot.  Spybot detected W32.Palevo and a registry change that seemed to have disabled Windows Antimalware Service by toggling from 0 to 1.  I've run Spybot 3 times since then and it hasn't found anything else.  I still cannot run Microsoft Security Essentials, I still cannot run Malwarebytes, and I still cannot install TDSSKiller.  I tried running RKill and I tried a "taskkill" command, but neither one enabled me to run Malwarebytes or Security Essentials, and I still cannot install TDSSKiller or any other antivirus or antimalware program.  I tried ESET's online scanner, but it also failed to run.

 

I have deleted several "Temp" directories and I deleted every entry in Windows Task Scheduler, both what seemed to be legitimate Adobe and Google scheduled tasks and a hidden task that I found that appears to run the virus.  In the schedule log (SchedLgU.txt), I found an entry from last night that showed an executable with a random name being run, but the entries for this morning show "Unable to start task" and "The system cannot find the specified file", so I assume my efforts did at least delete the primary virus encryption executable. 

 

In digging through the different directories that have photos and documents (DOC, TXT, PDF, and PPT) on this computer, it seems that my actions have stopped the virus (at least for now) from encrypting additional files.  Also, the second "explorer.exe" has not returned, and the one explorer.exe that is running is taking up what seems like a normal 30,000-40,000K.

 

I did not get any pop-up demand or wallpaper demand from the ransonware/virus senders/creators.  I did find what seems to have been several identical TXT files that were created by the virus.  They are titled "Decrypt All Files".  They say:
 

 

====================

Your documents, photos, databases and other important files have been encrypted
with strongest encryption and unique key, generated for this computer.
 
Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.
 
If you see the main locker window, follow the instructions on the locker.
Overwise, it's seems that you or your antivirus deleted the locker program.
Now you have the last chance to decrypt your files.
 
Open . . . .onion.cab or . . . tor2web.org 
in your browser. They are public gates to the secret server. 
 
If you have problems with gates, use direct connection:
 
1. Download Tor Browser from http://torproject.org
 
2. In the Tor Browser open the . . . onion/
   Note that this server is available via Tor Browser only. 
   Retry in 1 hour if site is not reachable.
 
Copy and paste the following public key in the input form on server. Avoid missprints.
[Four lines of key follow]
 
Follow the instructions on the server.
====================
 
I also found the same message in "BMP" picture form.  The message is the same except that it has a large font first line that says:
 
"Your personal files are encrypted by CTB-Locker"
 
 
While I would like to "save" this Windows XP Pro SP3 computer if possible, I don't care much about doing that, because like I said it is only a backup that I had planned to replace anyway since it is so out of date and underpowered (it also is not networked and does not maintain critical files).
 
Is there a way for me to clean (or attempt to clean) the computer?  i.e., Get Malwarebytes and other antivirus and antirootkit software working on the computer?  Also, is there a decent chance I might be able to break the encryption (I have read there are a couple of websites and programs from Fireeye, Kaspersky, and hopefully others, that do so).
 
I have tried running System Restore, but after going through the process, I get an error message that the restoration cannot be done.
 
Does it seem likely that the virus/malware also might have included a keystroke logger or other extra nasty things besides just encrypting my files (while I don't use the computer for anything important, I am still concerned that anything I do, including what I am doing now, might be monitored)?
 
Worst comes to worst, I may pull the hard drive out of this computer and try accessing it from another computer in run an antivirus on the hard drive and then attempt to recover whatever files I can before either reformatting the hard drive or just discarding it altogether.  Before I would pull the hard drive and try accessing it from another computer, I would want to make sure that I understand the proper security procedures to be using before connecting the hard drive to a clean computer, so as to avoid any potential problems
 
Thank you again for your time, patience and help.  I greatly, greatly appreciate it.
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:43 AM

Posted 14 January 2015 - 10:40 AM

Hey my friend. :)

Are you able to access the desktop and run programs? If yes:

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 14 January 2015 - 11:27 AM

Machiavelli,

 

Thank you very much for your time and fast response.  I was able to run FRST.exe.  Below are the contents of the two logs, FRST.txt and Addition.txt.

 

 

 

 

===================================

=====FRST.txt log file contents below=====

===================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Windows (administrator) on COMPUTER on 14-01-2015 11:06:02
Running from C:\Documents and Settings\Windows\My Documents\Downloads
Loaded Profile: Windows (Available profiles: Windows & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
() C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Policies\Explorer\Run: [3906] => C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msqinxiyh.exe No File
HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\MountPoints2: {98255e4c-66f0-11e4-b2a9-0014225a35c9} - E:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [256392 2013-06-28] (Citrix Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-789336058-2077806209-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> DefaultScope {6D571814-2E85-4D94-BA5B-ACC378AF26B3} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
Toolbar: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.11/uploader2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\q5z8k5gv.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veoh.com/VeohTVPlugin -> C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF Plugin: @veoh.com/VeohWebPlayer -> C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKU\S-1-5-21-789336058-2077806209-725345543-1003: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\q5z8k5gv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-02-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-26]
FF HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009-07-19]
FF HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Windows\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Windows\Application Data\Move Networks [2009-10-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://cnn.com/
CHR StartupUrls: Default -> "hxxp://cnn.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (SlingPlayer Web Plug-in) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\plugins/npSlingPlayerChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (VeohTV Plugin) - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
CHR Plugin: (Veoh Web Player Beta) - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google Cast) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-15]
CHR Extension: (Google Search) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2013-07-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S4 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [118784 2004-02-08] (Intel Corporation) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-08] (Juniper Networks)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-24] (Oracle Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) [File not signed]
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-08-28] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{DF645E2F-EEBA-46B6-8917-DB011052C50A}
S3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsfAlrt; C:\WINDOWS\system32\drivers\AsfAlrt.sys [36064 2002-12-18] (Intel Corporation) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 CO_Mon; C:\WINDOWS\system32\Drivers\CO_Mon.sys [28672 2010-02-11] () [File not signed]
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [27648 2013-06-17] (Juniper Networks)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation)
R3 FLMckUsb; C:\WINDOWS\System32\DRIVERS\ATTchWDF.sys [64000 2010-06-03] (AuthenTec, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [50704 2015-01-12] (CACE Technologies, Inc.)
R2 pmem; C:\WINDOWS\System32\DRIVERS\pmemnt.sys [7012 2004-08-02] (Microsoft Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 BS3567718210; \??\C:\DOCUME~1\Windows\LOCALS~1\Temp\NTFS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 11:05 - 2015-01-14 11:06 - 00000000 ____D () C:\FRST
2015-01-13 17:59 - 2015-01-13 18:06 - 00004358 _____ () C:\Documents and Settings\Windows\Desktop\attach.txt
2015-01-13 17:53 - 2015-01-13 17:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\List of files shortcut
2015-01-13 17:14 - 2015-01-13 22:29 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\Windows\Start Menu\Programs\WinRAR
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2015-01-13 17:13 - 2015-01-13 17:13 - 00000000 ___HD () C:\WINDOWS\PIF
2015-01-13 16:37 - 2015-01-13 16:40 - 00001376 _____ () C:\Documents and Settings\Windows\Desktop\RKill.txt
2015-01-13 16:35 - 2015-01-13 16:35 - 00064617 _____ () C:\Documents and Settings\Windows\Desktop\GMER.txt
2015-01-13 13:16 - 2015-01-13 13:16 - 00106496 _____ () C:\WINDOWS\Minidump\Mini011315-01.dmp
2015-01-13 12:30 - 2015-01-14 11:07 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Temp
2015-01-13 12:13 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-13 11:49 - 2015-01-13 11:49 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\WinRAR
2015-01-13 11:48 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-13 10:04 - 2015-01-13 04:31 - 04166770 _____ () C:\Documents and Settings\Windows\Desktop\tdsskiller.zip
2015-01-13 09:42 - 2015-01-13 09:42 - 00353029 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\census.cache
2015-01-13 09:42 - 2015-01-13 09:42 - 00188951 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\ars.cache
2015-01-13 09:34 - 2015-01-13 09:34 - 00000036 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\housecall.guid.cache
2015-01-13 09:34 - 2013-09-27 21:56 - 00289352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-01-12 18:45 - 2015-01-12 18:45 - 01280192 _____ () C:\Documents and Settings\All Users\Application Data\List of files.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00100880 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Packet.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00050704 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-01-09 12:03 - 2015-01-12 16:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-09 11:54 - 2015-01-12 16:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-01-09 11:33 - 2015-01-13 17:02 - 00000000 __SHD () C:\WINDOWS\CSC
2015-01-09 10:04 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-09 09:48 - 2015-01-09 09:48 - 00000960 _____ () C:\Documents and Settings\Windows\resetlog.TXT.odlytnc
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 11:02 - 2009-04-25 13:56 - 01889436 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-14 10:58 - 2011-06-16 19:42 - 00296826 _____ () C:\WINDOWS\setupapi.log
2015-01-14 10:56 - 2009-04-25 14:13 - 00004598 _____ () C:\WINDOWS\system32\nvapps.xml
2015-01-14 10:56 - 2009-04-25 14:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-14 10:56 - 2009-04-25 09:49 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-14 10:56 - 2009-04-25 09:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-14 10:56 - 2004-08-04 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-13 13:16 - 2014-07-02 04:14 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-13 09:49 - 2009-04-25 14:01 - 00032538 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-13 07:48 - 2009-04-25 14:03 - 00000278 ___SH () C:\Documents and Settings\Windows\ntuser.ini
2015-01-13 05:59 - 2009-04-25 09:44 - 00000210 ___SH () C:\boot.ini
2015-01-13 05:59 - 2004-08-04 05:00 - 00000634 _____ () C:\WINDOWS\win.ini
2015-01-13 05:59 - 2004-08-04 05:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-13 04:24 - 2010-07-17 23:35 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-13 02:58 - 2011-10-09 19:03 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Summer 2011
2015-01-13 02:47 - 2012-07-05 05:44 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\Photos 2012
2015-01-13 02:46 - 2012-02-14 21:46 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\Photos Downloaded 02-15-12 (Backup of PMB)
2015-01-13 02:45 - 2010-11-03 20:30 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\My temp
2015-01-13 02:16 - 2009-07-11 12:35 - 00000000 ____D () C:\old data
2015-01-13 02:13 - 2010-04-18 20:52 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Wells files
2015-01-13 02:00 - 2009-04-25 15:12 - 00007952 _____ () C:\WINDOWS\setupact.log
2015-01-12 19:14 - 2014-11-12 05:27 - 00015888 _____ () C:\Documents and Settings\Windows\Desktop\Megu.DOC.odlytnc
2015-01-12 19:05 - 2009-04-26 08:47 - 00000000 ____D () C:\data
2015-01-12 18:55 - 2010-04-19 20:52 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Coverage
2015-01-12 18:50 - 2012-11-09 07:50 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Application Data\Akamai
2015-01-12 18:47 - 2012-02-12 07:42 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-01-12 18:47 - 2009-04-25 14:03 - 00000000 ____D () C:\Documents and Settings\Windows
2015-01-12 18:46 - 2013-07-02 06:25 - 00000000 ____D () C:\Program Files\iTunes
2015-01-12 18:46 - 2013-07-02 06:25 - 00000000 ____D () C:\Program Files\iPod
2015-01-12 18:46 - 2010-01-31 14:48 - 00000000 ____D () C:\Work FP
2015-01-12 18:46 - 2009-04-26 14:33 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-12 18:45 - 2010-02-14 11:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 18:45 - 2009-08-17 20:45 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2015-01-12 18:44 - 2010-01-31 15:04 - 00000000 ____D () C:\Transfered from Old
2015-01-12 18:43 - 2009-10-06 04:10 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Move Networks
2015-01-12 18:43 - 2009-07-08 07:17 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Juniper Networks
2015-01-12 18:42 - 2009-04-26 08:42 - 00000000 ____D () C:\blp
2015-01-12 01:32 - 2014-07-24 17:04 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Application Data\Adobe
2015-01-12 01:31 - 2012-04-13 20:04 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-12 01:31 - 2011-06-19 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-11 10:18 - 2009-04-25 14:00 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-09 14:22 - 2013-08-15 22:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-09 14:15 - 2009-04-25 15:39 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-09 11:48 - 2009-08-18 01:58 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Malwarebytes
2015-01-09 11:47 - 2014-11-07 21:40 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\VERIZON
2015-01-09 11:44 - 2009-08-18 01:58 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-09 10:04 - 2009-08-18 01:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-08 17:45 - 2013-07-23 23:20 - 00001835 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-12-31 06:13 - 2009-10-02 19:26 - 00249488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-866f365a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a595eaf8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-abbf4a5b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f3c67354.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
 
 
=====================================
=====Addition.txt log file contents below=====
=====================================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Windows at 2015-01-14 11:10:26
Running from C:\Documents and Settings\Windows\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat 7.1.1 Standard - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Standard - EFG - V) (Version: 7.1.1 - Adobe Systems)
Adobe Acrobat 7.1.1 Standard - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Standard - English, Français, Deutsch - V) (Version: 7.1.1 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.04 - Adobe Systems Incorporated)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
AIM Pro (HKLM\...\{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}) (Version: 1.5.0.291 - )
Akamai NetSession Interface (HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
Bloomberg Excel Tools (HKLM\...\Bloomberg Excel Tools) (Version:  - )
Bloomberg Keyboard v10.5 (HKLM\...\Bloomberg Keyboard v10.5) (Version: v10.5 - Bloomberg L.P.)
Bloomberg Keyboard v11.1 (HKLM\...\Bloomberg Keyboard v11.1) (Version: v11.1 - Bloomberg L.P.)
Bloomberg PFM Upload Tool for Microsoft Excel (HKLM\...\Bloomberg PFM Upload Tool for Microsoft Excel) (Version:  - )
Bloomberg Professional Service (HKLM\...\Bloomberg Professional Service) (Version:  - )
Bloomberg SFD Data Dictionary (HKLM\...\Bloomberg SFD Data Dictionary) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP470 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series) (Version:  - )
Canon MP470 series User Registration (HKLM\...\Canon MP470 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Citrix Receiver (Enterprise) (HKLM\...\CitrixOnlinePluginFull) (Version: 13.4.200.11 - Citrix Systems, Inc.)
Color Efex Pro 3.0 Wacom Edition 3 (HKLM\...\Color Efex Pro 3.0 Wacom Edition 3) (Version: 3.0.0.1 - Nik Software, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Confidence Online™ for Web Applications (HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Confidence Online EE) (Version:  - )
Corel Painter Essentials 4 (HKLM\...\_{53A908D4-99C6-469B-BC13-F4189F260742}) (Version:  - Corel Corporation)
Corel Painter Essentials 4 (Version: 4.2 - Corel Corporation) Hidden
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader® (HKLM\...\{A638EC76-65C3-4F82-BA68-D105DDA393E7}) (Version: 2.0.9.874 - FileOpen Systems, Inc.)
GIMP 2.6.6 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel ® Pro Alerting Agent (HKLM\...\{C3BAE6D2-0FAD-4C32-8138-8A226460C864}) (Version: 4.2.5 - Intel ® Corporation)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Neoteris_Host_Checker) (Version: 7.3.0.25741 - Juniper Networks)
Juniper Networks Network Connect 6.4.0 (HKLM\...\Juniper Network Connect 6.4.0) (Version: 6.4.0.14343 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19525 - Juniper Networks)
Juniper Networks Network Connect 7.2.0 (HKLM\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.22399 - Juniper Networks)
Juniper Networks Network Connect 7.3.0 (HKLM\...\Juniper Network Connect 7.3.0) (Version: 7.3.0.25741 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30599 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Juniper_Setup_Client) (Version: 7.4.9.43209 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Move Media Player (HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox (3.6.16) (HKLM\...\Mozilla Firefox (3.6.16)) (Version: 3.6.16 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Plug-in (Version: 13.4.200.11 - Citrix Systems, Inc.) Hidden
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Sony Image Data Suite (HKLM\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.2.00.19080 - Sony Corporation)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.4060 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{D31032BD-B70C-4E1E-8BE3-0B870A910983}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{74870974-832F-42D3-8047-D87A5A722CC3}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebSlingPlayer ActiveX (HKLM\...\{2DC0661C-FF81-4358-9F33-76EA6CAB6BF6}) (Version: 1.5.15770 - Sling Media)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.5 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.4 - Wacom Technology Corp.)
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{54E5E3C0-02BF-424A-B2D2-6D3867FCD1CE}\InprocServer32 -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{B16C93CE-DE80-4E8D-9E46-DDA89125704C}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{0C571E72-EEF9-44D3-8868-EB508D44117B}\ListSvc. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-789336058-2077806209-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
 
==================== Restore Points  =========================
 
15-10-2014 16:27:23 Software Distribution Service 3.0
15-10-2014 22:00:34 Software Distribution Service 3.0
16-10-2014 16:28:41 Software Distribution Service 3.0
17-10-2014 01:02:50 Software Distribution Service 3.0
26-10-2014 17:41:54 Software Distribution Service 3.0
27-10-2014 17:49:30 Software Distribution Service 3.0
28-10-2014 17:49:55 Software Distribution Service 3.0
29-10-2014 17:49:57 Software Distribution Service 3.0
30-10-2014 17:49:52 Software Distribution Service 3.0
31-10-2014 19:34:18 Software Distribution Service 3.0
01-11-2014 20:29:40 System Checkpoint
02-11-2014 10:01:06 Software Distribution Service 3.0
04-11-2014 17:18:33 Software Distribution Service 3.0
05-11-2014 17:18:30 Software Distribution Service 3.0
06-11-2014 17:35:20 System Checkpoint
07-11-2014 07:11:09 Software Distribution Service 3.0
07-11-2014 21:54:56 Installed Verizon Wireless Software Utility Application for Android - Samsung.
07-11-2014 21:55:41 Installed Verizon Wireless Software Upgrade Assistant - Samsung(ar).
07-11-2014 21:56:40 Installed SUABnR
08-11-2014 07:10:21 Software Distribution Service 3.0
09-11-2014 07:10:20 Software Distribution Service 3.0
10-11-2014 13:43:10 System Checkpoint
10-11-2014 17:29:25 Software Distribution Service 3.0
11-11-2014 17:49:28 System Checkpoint
12-11-2014 01:59:23 Software Distribution Service 3.0
12-11-2014 05:05:41 Software Distribution Service 3.0
13-11-2014 02:19:08 Software Distribution Service 3.0
14-11-2014 02:15:31 Software Distribution Service 3.0
15-11-2014 03:12:11 System Checkpoint
15-11-2014 16:18:27 Software Distribution Service 3.0
16-11-2014 16:21:08 System Checkpoint
16-11-2014 19:18:21 Software Distribution Service 3.0
17-11-2014 19:17:10 Software Distribution Service 3.0
18-11-2014 19:17:29 Software Distribution Service 3.0
19-11-2014 19:15:51 Software Distribution Service 3.0
21-11-2014 10:59:25 Software Distribution Service 3.0
01-12-2014 16:48:19 Software Distribution Service 3.0
02-12-2014 19:40:53 Software Distribution Service 3.0
04-12-2014 07:15:17 Software Distribution Service 3.0
05-12-2014 19:18:08 Software Distribution Service 3.0
07-12-2014 10:01:02 Software Distribution Service 3.0
08-12-2014 22:12:58 Software Distribution Service 3.0
06-01-2015 17:30:03 System Checkpoint
08-01-2015 17:42:46 Software Distribution Service 3.0
09-01-2015 11:50:45 Restore Operation
09-01-2015 14:15:09 Software Distribution Service 3.0
10-01-2015 02:23:39 Software Distribution Service 3.0
11-01-2015 10:18:21 Software Distribution Service 3.0
12-01-2015 14:55:54 System Checkpoint
13-01-2015 02:21:11 Restore Operation
13-01-2015 02:35:08 Restore Operation
13-01-2015 03:26:18 Removed SUABnR
13-01-2015 17:18:38 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 05:00 - 2009-04-26 15:13 - 00305692 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Loaded Modules (whitelisted) =============
 
2009-04-25 15:10 - 2003-08-28 13:01 - 00061440 ____N () C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
2004-08-04 05:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 05:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-01-08 17:45 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-08 17:45 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2015-01-08 17:45 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-04-21 07:00 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-21 07:00 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\Windows\Desktop\Megu.DOC.odlytnc:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Windows\Desktop\Megu.DOC.odlytnc:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Online plug-in.lnk => C:\WINDOWS\pss\Online plug-in.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Receiver.lnk => C:\WINDOWS\pss\Receiver.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Windows^Start Menu^Programs^Startup^FileOpenAPI.exe.lnk => C:\WINDOWS\pss\FileOpenAPI.exe.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\WINDOWS\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnkStartup
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Ad-Watch => C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Documents and Settings\Windows\Local Settings\Application Data\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CLRHost => C:\blp\API\Office Tools\bbxlcmd.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-789336058-2077806209-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-789336058-2077806209-725345543-1006 - Limited - Enabled)
Guest (S-1-5-21-789336058-2077806209-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-789336058-2077806209-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-789336058-2077806209-725345543-1002 - Limited - Disabled)
Windows (S-1-5-21-789336058-2077806209-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Windows
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/13/2015 07:08:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 07:08:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 07:08:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 08:47:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 08:47:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 08:47:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 08:47:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 08:47:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 08:47:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/13/2015 03:17:44 AM) (Source: MsiInstaller) (EventID: 1008) (User: COMPUTER)
Description: The installation of C:\WINDOWS\Installer\334cfc1.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
 
 
System errors:
=============
Error: (01/14/2015 10:56:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1053
 
Error: (01/14/2015 10:56:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
 
Error: (01/13/2015 09:14:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1053
 
Error: (01/13/2015 09:14:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
 
Error: (01/13/2015 05:16:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1053
 
Error: (01/13/2015 05:16:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
 
Error: (01/13/2015 05:10:41 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (01/13/2015 05:04:03 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (01/13/2015 05:03:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ctxusbm
Fips
intelppm
MpFilter
 
Error: (01/13/2015 05:03:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor:  Intel® Xeon™ CPU 3.20GHz
Percentage of memory in use: 71%
Total physical RAM: 2045.98 MB
Available physical RAM: 591.03 MB
Total Pagefile: 3938.55 MB
Available Pagefile: 2568.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.5 GB) (Free:11.84 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:43 AM

Posted 14 January 2015 - 03:11 PM

Hey my friend. :)

Please move FRST to the Desktop.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 14 January 2015 - 05:03 PM

Machiavelli,

 

Thank you for the 4 step recommendation.

 

 

1. AdwCleaner.  I was able to download and run it, but the computer is somewhat unstable, and it crashed after the first run and first log, so I re-ran it and generated a second log.  Both logs are in the posting right below this one.

 

2. Malwarebytes.  Unfortunately, while I was able to download the Malwarebytes installation file, I was unable to install the software.  This is what happeend to me yesterday when I tried reinstalling Malwarebytes.  Every Malwarebytes installation effort fails.  I get as far as the Windows "Open File - Security Warning" dialog box.  I select "Run", but then nothing happens, i.e., the program does not install.  When I check in Task Manager, I do not see the "mbam" Malwarebytes installation .exe file as a running process.  It seems that the virus has caused changes that block antimalware and antivirus software from running.  Before the virus hit my computer, I had Microsoft Security Essentials installed and running live scanning, and I also had Malwarebytes installed.  I can no longer get Microsoft Security Essentials to run, and I also cannot run the existing Malwarebytes installation from before the virus, nor can I reinstall Malwarebytes.  Also, when I downloaded TDSSKiller yesterday (see my original posting), TDSSKiller would not install.

 

3. Junkware Removal Tool.  I downloaded and ran Junkware Removal Tool.  I do not think it ran properly.  I tried downloading and running it three different times.  Each time I would get a pop-up "command prompt" style window, but I never got a Junkware Removal Tool log file in a posting below, so there is nothing I can post here.

 

4. FRST.  I ran FRST again, but it seems to be taking a very long time, much longer than it took to run yesterday.  I will post the log file if one is generated.

 

 

Thank you again.


Edited by KBenning, 14 January 2015 - 05:09 PM.


#6 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 14 January 2015 - 05:06 PM

Machiavelli,

 

Here are the first and second AdwCleaner log files.  Thank you.

 

 

 

==============================

=====First AdwClearner log file=====

==============================
 
 
# AdwCleaner v4.107 - Report created 14/01/2015 at 15:39:38
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Windows - COMPUTER
# Running from : C:\Documents and Settings\Windows\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\YahooPartnerToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v3.6.16 (en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [1087 octets] - [14/01/2015 15:30:05]
AdwCleaner[S0].txt - [1015 octets] - [14/01/2015 15:39:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1075 octets] ##########
 
 
 
 

================================

=====Second AdwClearner log file=====

================================
 
# Username : Windows - COMPUTER
# Running from : C:\Documents and Settings\Windows\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v3.6.16 (en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1087 octets] - [14/01/2015 15:30:05]
AdwCleaner[R1].txt - [1304 octets] - [14/01/2015 15:53:09]
AdwCleaner[S0].txt - [1155 octets] - [14/01/2015 15:39:38]
AdwCleaner[S1].txt - [1229 octets] - [14/01/2015 15:57:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1289 octets] ##########
 


#7 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 14 January 2015 - 05:31 PM

Machiavelli,

 

I was able to get the FRST log file.  It is below.  This FRST log file is from after:
 

 

1. I ran AdwCleaner twice (see the 2 log files above).

2. Unsuccessfully tried installing and running Malwarebytes.

3. Seemed to have an unsuccessful run/installation of Junkware Removal Tool since no log file was generated.

4. The FRST log file below came after the 3 steps listed above.

 

 

 

 

Here it is:

 

 

====================

=====FRST log file=====

====================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2015 01
Ran by Windows (administrator) on COMPUTER on 14-01-2015 17:21:03
Running from C:\Documents and Settings\Windows\Desktop
Loaded Profiles: Windows (Available profiles: Windows & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
() C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Policies\Explorer\Run: [3906] => C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msqinxiyh.exe No File
HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\MountPoints2: {98255e4c-66f0-11e4-b2a9-0014225a35c9} - E:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [256392 2013-06-28] (Citrix Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-789336058-2077806209-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
Toolbar: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.11/uploader2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\q5z8k5gv.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veoh.com/VeohTVPlugin -> C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF Plugin: @veoh.com/VeohWebPlayer -> C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKU\S-1-5-21-789336058-2077806209-725345543-1003: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\q5z8k5gv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-02-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-26]
FF HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009-07-19]
FF HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Windows\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Windows\Application Data\Move Networks [2009-10-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://cnn.com/
CHR StartupUrls: Default -> "hxxp://cnn.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (SlingPlayer Web Plug-in) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\plugins/npSlingPlayerChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (VeohTV Plugin) - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
CHR Plugin: (Veoh Web Player Beta) - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google Cast) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-15]
CHR Extension: (Google Search) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2013-07-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S4 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [118784 2004-02-08] (Intel Corporation) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-08] (Juniper Networks)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-24] (Oracle Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) [File not signed]
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-08-28] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{DF645E2F-EEBA-46B6-8917-DB011052C50A}
S3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsfAlrt; C:\WINDOWS\system32\drivers\AsfAlrt.sys [36064 2002-12-18] (Intel Corporation) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 CO_Mon; C:\WINDOWS\system32\Drivers\CO_Mon.sys [28672 2010-02-11] () [File not signed]
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [27648 2013-06-17] (Juniper Networks)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation)
R3 FLMckUsb; C:\WINDOWS\System32\DRIVERS\ATTchWDF.sys [64000 2010-06-03] (AuthenTec, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [50704 2015-01-12] (CACE Technologies, Inc.)
R2 pmem; C:\WINDOWS\System32\DRIVERS\pmemnt.sys [7012 2004-08-02] (Microsoft Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 BS3567718210; \??\C:\DOCUME~1\Windows\LOCALS~1\Temp\NTFS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 16:59 - 2015-01-14 16:59 - 00000706 _____ () C:\Documents and Settings\Windows\Desktop\Addition.txt
2015-01-14 16:58 - 2015-01-14 17:21 - 00021744 _____ () C:\Documents and Settings\Windows\Desktop\FRST.txt
2015-01-14 16:58 - 2015-01-14 16:58 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\FRST-OlderVersion
2015-01-14 16:28 - 2015-01-14 16:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-14 16:02 - 2015-01-14 16:02 - 00001369 _____ () C:\Documents and Settings\Windows\Desktop\AdwCleaner[S1].txt
2015-01-14 15:47 - 2015-01-14 15:47 - 00001155 _____ () C:\Documents and Settings\Windows\Desktop\AdwCleaner[S0].txt
2015-01-14 15:29 - 2015-01-14 15:57 - 00000000 ____D () C:\AdwCleaner
2015-01-14 11:05 - 2015-01-14 17:21 - 00000000 ____D () C:\FRST
2015-01-14 11:04 - 2015-01-14 16:58 - 01116672 _____ (Farbar) C:\Documents and Settings\Windows\Desktop\FRST.exe
2015-01-13 17:59 - 2015-01-13 18:06 - 00004358 _____ () C:\Documents and Settings\Windows\Desktop\attach.txt
2015-01-13 17:53 - 2015-01-13 17:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\List of files shortcut
2015-01-13 17:14 - 2015-01-14 16:34 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\Windows\Start Menu\Programs\WinRAR
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2015-01-13 17:13 - 2015-01-13 17:13 - 00000000 ___HD () C:\WINDOWS\PIF
2015-01-13 16:37 - 2015-01-13 16:40 - 00001376 _____ () C:\Documents and Settings\Windows\Desktop\RKill.txt
2015-01-13 16:35 - 2015-01-13 16:35 - 00064617 _____ () C:\Documents and Settings\Windows\Desktop\GMER.txt
2015-01-13 13:16 - 2015-01-13 13:16 - 00106496 _____ () C:\WINDOWS\Minidump\Mini011315-01.dmp
2015-01-13 12:30 - 2015-01-14 17:21 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Temp
2015-01-13 12:13 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-13 11:49 - 2015-01-13 11:49 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\WinRAR
2015-01-13 11:48 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-13 10:04 - 2015-01-13 04:31 - 04166770 _____ () C:\Documents and Settings\Windows\Desktop\tdsskiller.zip
2015-01-13 09:42 - 2015-01-13 09:42 - 00353029 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\census.cache
2015-01-13 09:42 - 2015-01-13 09:42 - 00188951 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\ars.cache
2015-01-13 09:34 - 2015-01-13 09:34 - 00000036 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\housecall.guid.cache
2015-01-13 09:34 - 2013-09-27 21:56 - 00289352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-01-12 18:45 - 2015-01-12 18:45 - 01280192 _____ () C:\Documents and Settings\All Users\Application Data\List of files.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00100880 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Packet.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00050704 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-01-09 12:03 - 2015-01-12 16:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-09 11:54 - 2015-01-12 16:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-01-09 11:33 - 2015-01-13 17:02 - 00000000 __SHD () C:\WINDOWS\CSC
2015-01-09 10:04 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-09 09:48 - 2015-01-09 09:48 - 00000960 _____ () C:\Documents and Settings\Windows\resetlog.TXT.odlytnc
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 17:17 - 2009-04-25 14:13 - 00004598 _____ () C:\WINDOWS\system32\nvapps.xml
2015-01-14 17:17 - 2004-08-04 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-14 17:16 - 2009-04-25 13:56 - 01941678 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-14 17:15 - 2009-04-25 14:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-14 17:15 - 2009-04-25 09:49 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-14 17:15 - 2009-04-25 09:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-14 17:14 - 2009-04-25 14:01 - 00032538 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-14 16:34 - 2013-08-15 22:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 16:21 - 2009-04-25 15:39 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 15:19 - 2011-06-16 19:42 - 00298323 _____ () C:\WINDOWS\setupapi.log
2015-01-13 13:16 - 2014-07-02 04:14 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-13 07:48 - 2009-04-25 14:03 - 00000278 ___SH () C:\Documents and Settings\Windows\ntuser.ini
2015-01-13 05:59 - 2009-04-25 09:44 - 00000210 ___SH () C:\boot.ini
2015-01-13 05:59 - 2004-08-04 05:00 - 00000634 _____ () C:\WINDOWS\win.ini
2015-01-13 05:59 - 2004-08-04 05:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-13 04:24 - 2010-07-17 23:35 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-13 02:58 - 2011-10-09 19:03 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Vermont Summer 2011
2015-01-13 02:47 - 2012-07-05 05:44 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\Sony NEX-C3 Photos 2012
2015-01-13 02:46 - 2012-02-14 21:46 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\Photos Downloaded 02-15-12 (Backup of PMB)
2015-01-13 02:45 - 2010-11-03 20:30 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\Namu-chan temp
2015-01-13 02:16 - 2009-07-11 12:35 - 00000000 ____D () C:\old data
2015-01-13 02:13 - 2010-04-18 20:52 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Wellington files
2015-01-13 02:00 - 2009-04-25 15:12 - 00007952 _____ () C:\WINDOWS\setupact.log
2015-01-12 19:14 - 2014-11-12 05:27 - 00015888 _____ () C:\Documents and Settings\Windows\Desktop\Megu.DOC.odlytnc
2015-01-12 19:05 - 2009-04-26 08:47 - 00000000 ____D () C:\data
2015-01-12 18:55 - 2010-04-19 20:52 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Coverage
2015-01-12 18:50 - 2012-11-09 07:50 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Application Data\Akamai
2015-01-12 18:47 - 2012-02-12 07:42 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-01-12 18:47 - 2009-04-25 14:03 - 00000000 ____D () C:\Documents and Settings\Windows
2015-01-12 18:46 - 2013-07-02 06:25 - 00000000 ____D () C:\Program Files\iTunes
2015-01-12 18:46 - 2013-07-02 06:25 - 00000000 ____D () C:\Program Files\iPod
2015-01-12 18:46 - 2010-01-31 14:48 - 00000000 ____D () C:\Work FP
2015-01-12 18:46 - 2009-04-26 14:33 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-12 18:45 - 2010-02-14 11:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 18:45 - 2009-08-17 20:45 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2015-01-12 18:44 - 2010-01-31 15:04 - 00000000 ____D () C:\Namu_Transfered from Baio
2015-01-12 18:43 - 2009-10-06 04:10 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Move Networks
2015-01-12 18:43 - 2009-07-08 07:17 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Juniper Networks
2015-01-12 18:42 - 2009-04-26 08:42 - 00000000 ____D () C:\blp
2015-01-12 01:32 - 2014-07-24 17:04 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Application Data\Adobe
2015-01-12 01:31 - 2012-04-13 20:04 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-12 01:31 - 2011-06-19 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-11 10:18 - 2009-04-25 14:00 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-09 11:48 - 2009-08-18 01:58 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Malwarebytes
2015-01-09 11:47 - 2014-11-07 21:40 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\VERIZON
2015-01-09 11:44 - 2009-08-18 01:58 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-09 10:04 - 2009-08-18 01:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-08 17:45 - 2013-07-23 23:20 - 00001835 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-12-31 06:13 - 2009-10-02 19:26 - 00249488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-866f365a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a595eaf8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-abbf4a5b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f3c67354.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#8 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 14 January 2015 - 05:33 PM

Machiavelli,

 

I forgot to mention that yesterday, when I tried installing TDSSKiller and Malwarebytes but neither attempt worked, I also tried Malwarebytes Chameleon but that program didn't work either.  It seems that the malware on my computer is blocking most known antivirus and antimalware programs from running.



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:43 AM

Posted 15 January 2015 - 10:20 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\...\Policies\Explorer\Run: [3906] => C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msqinxiyh.exe No File
    HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\MountPoints2: {98255e4c-66f0-11e4-b2a9-0014225a35c9} - E:\VZW_Software_upgrade_assistant.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    CHR Plugin: (SlingPlayer Web Plug-in) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\plugins/npSlingPlayerChrome.dll No File
    CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
    CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 15 January 2015 - 11:26 AM

Machiavelli,

 

Thanks for the continued help.

 

Unfortunately, things are not improved.  I was able to do the first 2 steps, but not the third and probably most important step.  This is what happened when I did the 3 steps.

 

 

Step 1.     I copied, pasted, and saved the codebox as you directed.  I ran FRST fix.  I have put the "Fixlog.txt" log file in my next posting.

 

 

Step 2.     I ran FRST scan.  I have put the "FRST.txt" log file in my next posting, after the "Fixlog.txt" log file.

 

 

Step 3.     I tried running ESET Online Scanner as per your directions.  Unfortunately, just like when I tried running ESET Online Scanner on my own two days ago, it does not install and therefore will not run.  I get prompted to approve the ActiveX, and then I get prompted with a Windows pop-up to approve running the installation file for the ESET component that needs to go on the hard drive.  Unfortunately, after I click "Install" to approve the installation of   "OnlineScanner.cab"   nothing happens.  ESET does not seem to be able to install "OnlineScanner.cab" and run properly.  It seems that it is still blocked from being installed or run.  I went into Task Manager, and I did not see any "ESET" or "OnlineScanner" process running.  Since I went to the ESET website using Internet Explorer, and since Internet Explorer was still opened, I tried opening a Chrome browser session to go to Bleeping Computer and post this reply.  When I tried opening Chrome, I got a "Blue Screen of Death" and had to unplug my computer to get it to reboot.  Once it rebooted, I went back to Bleeping Computer to post this reply to you.  I also am right now trying to run the online scan from the ESET website.  Once again, it will not install properly, but at least this time I did not get a Blue Screen of Death.

 

 

The "Fixlog.txt" and "FRST.txt" log files are in the post below.  Thank you.


Edited by KBenning, 15 January 2015 - 11:35 AM.


#11 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 15 January 2015 - 11:28 AM

=======================

=====Fixlog.txt log file=====

=======================

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-01-2015 01
Ran by Windows at 2015-01-15 10:42:07 Run:1
Running from C:\Documents and Settings\Windows\Desktop
Loaded Profiles: Windows (Available profiles: Windows & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Policies\Explorer\Run: [3906] => C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msqinxiyh.exe No File
HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\MountPoints2: {98255e4c-66f0-11e4-b2a9-0014225a35c9} - E:\VZW_Software_upgrade_assistant.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
CHR Plugin: (SlingPlayer Web Plug-in) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\plugins/npSlingPlayerChrome.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
EmptyTemp:
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\3906 => Value not found.
"HKU\S-1-5-21-789336058-2077806209-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98255e4c-66f0-11e4-b2a9-0014225a35c9}" => Key deleted successfully.
HKCR\CLSID\{98255e4c-66f0-11e4-b2a9-0014225a35c9} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-789336058-2077806209-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\plugins/npSlingPlayerChrome.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npdnu.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll not found.
c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll not found.
EmptyTemp: => Removed 1.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:43:09 ====
 
 
 
 
 

=======================

=====FRST.txt log file=====

=======================

 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2015 01
Ran by Windows (administrator) on COMPUTER on 15-01-2015 10:47:59
Running from C:\Documents and Settings\Windows\Desktop
Loaded Profiles: Windows (Available profiles: Windows & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
() C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [256392 2013-06-28] (Citrix Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-789336058-2077806209-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> DefaultScope {6D571814-2E85-4D94-BA5B-ACC378AF26B3} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
Toolbar: HKU\S-1-5-21-789336058-2077806209-725345543-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.11/uploader2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\q5z8k5gv.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veoh.com/VeohTVPlugin -> C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF Plugin: @veoh.com/VeohWebPlayer -> C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKU\S-1-5-21-789336058-2077806209-725345543-1003: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\q5z8k5gv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-02-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-26]
FF HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009-07-19]
FF HKU\S-1-5-21-789336058-2077806209-725345543-1003\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Windows\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Windows\Application Data\Move Networks [2009-10-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://cnn.com/
CHR StartupUrls: Default -> "hxxp://cnn.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (SlingPlayer Web Plug-in) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\plugins/npSlingPlayerChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Windows\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (VeohTV Plugin) - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
CHR Plugin: (Veoh Web Player Beta) - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google Cast) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-15]
CHR Extension: (Google Search) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2013-07-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S4 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [118784 2004-02-08] (Intel Corporation) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-08] (Juniper Networks)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-24] (Oracle Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) [File not signed]
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-08-28] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{DF645E2F-EEBA-46B6-8917-DB011052C50A}
S3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsfAlrt; C:\WINDOWS\system32\drivers\AsfAlrt.sys [36064 2002-12-18] (Intel Corporation) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 CO_Mon; C:\WINDOWS\system32\Drivers\CO_Mon.sys [28672 2010-02-11] () [File not signed]
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [27648 2013-06-17] (Juniper Networks)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation)
R3 FLMckUsb; C:\WINDOWS\System32\DRIVERS\ATTchWDF.sys [64000 2010-06-03] (AuthenTec, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [50704 2015-01-12] (CACE Technologies, Inc.)
R2 pmem; C:\WINDOWS\System32\DRIVERS\pmemnt.sys [7012 2004-08-02] (Microsoft Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 BS3567718210; \??\C:\DOCUME~1\Windows\LOCALS~1\Temp\NTFS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 16:59 - 2015-01-14 16:59 - 00000706 _____ () C:\Documents and Settings\Windows\Desktop\Addition.txt
2015-01-14 16:58 - 2015-01-15 10:49 - 00021332 _____ () C:\Documents and Settings\Windows\Desktop\FRST.txt
2015-01-14 16:58 - 2015-01-14 16:58 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\FRST-OlderVersion
2015-01-14 16:28 - 2015-01-14 16:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-14 16:02 - 2015-01-14 16:02 - 00001369 _____ () C:\Documents and Settings\Windows\Desktop\AdwCleaner[S1].txt
2015-01-14 15:47 - 2015-01-14 15:47 - 00001155 _____ () C:\Documents and Settings\Windows\Desktop\AdwCleaner[S0].txt
2015-01-14 15:29 - 2015-01-14 15:57 - 00000000 ____D () C:\AdwCleaner
2015-01-14 11:05 - 2015-01-15 10:48 - 00000000 ____D () C:\FRST
2015-01-14 11:04 - 2015-01-14 16:58 - 01116672 _____ (Farbar) C:\Documents and Settings\Windows\Desktop\FRST.exe
2015-01-13 17:59 - 2015-01-13 18:06 - 00004358 _____ () C:\Documents and Settings\Windows\Desktop\attach.txt
2015-01-13 17:53 - 2015-01-13 17:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\List of files shortcut
2015-01-13 17:14 - 2015-01-14 17:58 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\Windows\Start Menu\Programs\WinRAR
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2015-01-13 17:13 - 2015-01-13 17:13 - 00000000 ___HD () C:\WINDOWS\PIF
2015-01-13 16:37 - 2015-01-13 16:40 - 00001376 _____ () C:\Documents and Settings\Windows\Desktop\RKill.txt
2015-01-13 16:35 - 2015-01-13 16:35 - 00064617 _____ () C:\Documents and Settings\Windows\Desktop\GMER.txt
2015-01-13 13:16 - 2015-01-13 13:16 - 00106496 _____ () C:\WINDOWS\Minidump\Mini011315-01.dmp
2015-01-13 12:30 - 2015-01-15 10:49 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Temp
2015-01-13 12:13 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-13 11:49 - 2015-01-13 11:49 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\WinRAR
2015-01-13 11:48 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-13 10:04 - 2015-01-13 04:31 - 04166770 _____ () C:\Documents and Settings\Windows\Desktop\tdsskiller.zip
2015-01-13 09:42 - 2015-01-13 09:42 - 00353029 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\census.cache
2015-01-13 09:42 - 2015-01-13 09:42 - 00188951 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\ars.cache
2015-01-13 09:34 - 2015-01-13 09:34 - 00000036 _____ () C:\Documents and Settings\Windows\Local Settings\Application Data\housecall.guid.cache
2015-01-13 09:34 - 2013-09-27 21:56 - 00289352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-01-12 18:45 - 2015-01-12 18:45 - 01280192 _____ () C:\Documents and Settings\All Users\Application Data\List of files.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00100880 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Packet.dll
2015-01-12 18:39 - 2015-01-12 18:39 - 00050704 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-01-09 12:03 - 2015-01-12 16:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-09 11:54 - 2015-01-12 16:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-01-09 11:33 - 2015-01-13 17:02 - 00000000 __SHD () C:\WINDOWS\CSC
2015-01-09 10:04 - 2015-01-13 17:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-09 09:48 - 2015-01-09 09:48 - 00000960 _____ () C:\Documents and Settings\Windows\resetlog.TXT.odlytnc
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 10:48 - 2009-04-25 13:56 - 01964271 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-15 10:46 - 2009-04-25 14:13 - 00004598 _____ () C:\WINDOWS\system32\nvapps.xml
2015-01-15 10:46 - 2004-08-04 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-15 10:45 - 2009-04-25 14:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-15 10:45 - 2009-04-25 09:49 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-15 10:45 - 2009-04-25 09:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-15 10:43 - 2009-04-25 14:03 - 00000278 ___SH () C:\Documents and Settings\Windows\ntuser.ini
2015-01-15 10:43 - 2009-04-25 14:01 - 00032538 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-15 10:42 - 2010-07-17 14:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-15 10:42 - 2009-04-25 14:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-15 10:42 - 2009-04-25 14:00 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-14 16:34 - 2013-08-15 22:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 15:19 - 2011-06-16 19:42 - 00298323 _____ () C:\WINDOWS\setupapi.log
2015-01-13 13:16 - 2014-07-02 04:14 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-13 05:59 - 2009-04-25 09:44 - 00000210 ___SH () C:\boot.ini
2015-01-13 05:59 - 2004-08-04 05:00 - 00000634 _____ () C:\WINDOWS\win.ini
2015-01-13 05:59 - 2004-08-04 05:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-13 04:24 - 2010-07-17 23:35 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-13 02:58 - 2011-10-09 19:03 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Vermont Summer 2011
2015-01-13 02:47 - 2012-07-05 05:44 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\Sony NEX-C3 Photos 2012
2015-01-13 02:46 - 2012-02-14 21:46 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\Photos Downloaded 02-15-12 (Backup of PMB)
2015-01-13 02:45 - 2010-11-03 20:30 - 00000000 ____D () C:\Documents and Settings\Windows\Desktop\Namu-chan temp
2015-01-13 02:16 - 2009-07-11 12:35 - 00000000 ____D () C:\old data
2015-01-13 02:13 - 2010-04-18 20:52 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Wellington files
2015-01-13 02:00 - 2009-04-25 15:12 - 00007952 _____ () C:\WINDOWS\setupact.log
2015-01-12 19:14 - 2014-11-12 05:27 - 00015888 _____ () C:\Documents and Settings\Windows\Desktop\Megu.DOC.odlytnc
2015-01-12 19:05 - 2009-04-26 08:47 - 00000000 ____D () C:\data
2015-01-12 18:55 - 2010-04-19 20:52 - 00000000 ____D () C:\Documents and Settings\Windows\My Documents\Coverage
2015-01-12 18:50 - 2012-11-09 07:50 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Application Data\Akamai
2015-01-12 18:47 - 2012-02-12 07:42 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-01-12 18:47 - 2009-04-25 14:03 - 00000000 ____D () C:\Documents and Settings\Windows
2015-01-12 18:46 - 2013-07-02 06:25 - 00000000 ____D () C:\Program Files\iTunes
2015-01-12 18:46 - 2013-07-02 06:25 - 00000000 ____D () C:\Program Files\iPod
2015-01-12 18:46 - 2010-01-31 14:48 - 00000000 ____D () C:\Work FP
2015-01-12 18:46 - 2009-04-26 14:33 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-12 18:45 - 2010-02-14 11:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 18:45 - 2009-08-17 20:45 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2015-01-12 18:44 - 2010-01-31 15:04 - 00000000 ____D () C:\Namu_Transfered from Baio
2015-01-12 18:43 - 2009-10-06 04:10 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Move Networks
2015-01-12 18:43 - 2009-07-08 07:17 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Juniper Networks
2015-01-12 18:42 - 2009-04-26 08:42 - 00000000 ____D () C:\blp
2015-01-12 01:32 - 2014-07-24 17:04 - 00000000 ____D () C:\Documents and Settings\Windows\Local Settings\Application Data\Adobe
2015-01-12 01:31 - 2012-04-13 20:04 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-12 01:31 - 2011-06-19 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-09 11:48 - 2009-08-18 01:58 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\Malwarebytes
2015-01-09 11:47 - 2014-11-07 21:40 - 00000000 ____D () C:\Documents and Settings\Windows\Application Data\VERIZON
2015-01-09 11:44 - 2009-08-18 01:58 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-09 10:04 - 2009-08-18 01:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-08 17:45 - 2013-07-23 23:20 - 00001835 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-12-31 13:15 - 2009-04-25 15:39 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-31 06:13 - 2009-10-02 19:26 - 00249488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:43 AM

Posted 15 January 2015 - 01:59 PM

Try it with another browser this time. :)

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 15 January 2015 - 02:17 PM

Machiavelli,

 

Thank you for your most recent suggestion.

 

I just tried running ESET Online Scanner through the Chrome browser.  I was able to down the "esetsmartinstaller_enu.exe" file.  Unfortunately, I am having the same problem I have had with ESET Online Scanner before -- when I run the installer ("esetsmartinstaller_enu.exe) nothing happens.  The installer seems to be blocked, just like it was earlier today and earlier this week.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:43 AM

Posted 15 January 2015 - 02:33 PM

Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 KBenning

KBenning
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 15 January 2015 - 03:05 PM

Machiavelli,

 

Thank you for the the Farber Service Scanner suggestion.  Below is the FSS.txt log file.

 

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Windows (administrator) on 15-01-2015 at 15:02:52
Running from "C:\Documents and Settings\Windows\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(8) 
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users