Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow running computer on boot-up...computer lock-up freeze sometimes


  • This topic is locked This topic is locked
21 replies to this topic

#1 rick33

rick33

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 16 January 2015 - 04:17 PM

My computer has lock-ups every so often where I will have to manually re-boot.  Lately, in the past week or so I've noticed that when I boot my computer it works very hard (i can hear it working) but it takes 7-10 minutes until I can open and programs, internet, etc.   My desktop boots normal very quickly, I just can't access anything until the computer (works hard) for the 7-10 minutes.. then it seems to slow down or (catch up finally) and I can access stuff.    When I do have a computer freeze.. (few times a week) sometimes It will just freeze and sometimes it will freeze and a contant beep will sound.

 

Thanks for any help you can offer.

 

DSS log blelow

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by owner at 16:08:25 on 2015-01-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2216 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BitTorrent] "c:\documents and settings\owner\application data\bittorrent\BitTorrent.exe"  /MINIMIZED
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7753E7B9-24A5-4604-8851-3D41F5F6CE41} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{86D97045-5BBF-4C2E-8447-8EAC7C0B6371} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\pj778085.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF - plugin: c:\docume~1\owner\locals~1\application data\npwangwang\npwangwang.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_257.dll
FF - ExtSQL: !HIDDEN! 2011-10-17 15:03; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.iminent.id - 5c006183000000000000000f66798377
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16246
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.317:47:51
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-28 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-28 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-5-16 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-5-16 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-10 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-28 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-16 50344]
S0 awpsypn;awpsypn;c:\windows\system32\drivers\tjbrab.sys --> c:\windows\system32\drivers\tjbrab.sys [?]
S0 cerc6;cerc6; [x]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2015-01-09 19:29:14    --------    d-----w-    c:\documents and settings\owner\di
2015-01-08 19:12:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2015-01-08 19:12:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2015-01-08 19:12:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2015-01-08 19:12:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2015-01-08 19:12:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2015-01-05 18:49:01    5632    ----a-w-    c:\windows\system32\ptpusb.dll
2015-01-05 18:49:00    159232    ----a-w-    c:\windows\system32\ptpusd.dll
2015-01-02 19:51:32    43152    ----a-w-    c:\windows\avastSS.scr
.
==================== Find3M  ====================
.
2015-01-14 02:19:38    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 02:19:38    701616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-01-02 20:01:05    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-02 19:52:16    787800    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2015-01-02 19:51:33    206248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-01-02 19:51:32    70384    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2015-01-02 19:51:32    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-01-02 19:51:32    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-11-21 11:14:14    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14:06    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-21 19:43:11    897448    ----a-w-    c:\program files\jre-7u17-windows-i586-iftw.exe
2011-10-09 17:34:46    423952    ----a-w-    c:\program files\msgr11us.exe
2011-05-17 01:06:26    56923744    ----a-w-    c:\program files\setup_av_free.exe
2011-01-12 02:16:57    155184736    ----a-w-    c:\program files\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
2011-01-11 22:27:02    418616    ----a-w-    c:\program files\msgr10us.exe
.
============= FINISH: 16:10:00.84 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:22 PM

Posted 16 January 2015 - 05:05 PM

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 rick33

rick33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 16 January 2015 - 07:07 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by owner (administrator) on OWNER-3383D268F on 16-01-2015 18:47:25
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner (Available profiles: owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Freecorder FLV Service] => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [BitTorrent] => C:\Documents and Settings\owner\Application Data\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-527237240-57989841-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> DefaultScope {C9C0B217-125C-48D7-B544-8011587ED4D9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> {C9C0B217-125C-48D7-B544-8011587ED4D9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\pj778085.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.com
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\DOCUME~1\owner\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll ( )
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\pj778085.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-20]
FF HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-02] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-13] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{4841A4EB-4710-4951-8672-B5F2FBA3B2E8}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-02] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-02-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PRISM_A02; C:\WINDOWS\System32\DRIVERS\WUSB20XP.sys [339488 2004-04-15] (Cisco-Linksys, LLC.)
S0 awpsypn; System32\drivers\tjbrab.sys [X]
S3 catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:46 - 2015-01-16 18:47 - 00000000 ____D () C:\FRST
2015-01-16 16:10 - 2015-01-16 16:11 - 00020547 _____ () C:\Documents and Settings\owner\Desktop\attach.txt
2015-01-16 16:10 - 2015-01-16 16:11 - 00010549 _____ () C:\Documents and Settings\owner\Desktop\dds.txt
2015-01-13 15:41 - 2015-01-13 15:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 16:45 - 2015-01-12 16:45 - 00019005 _____ () C:\ComboFix.txt
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-01-09 14:29 - 2015-01-09 14:29 - 00000000 ____D () C:\Documents and Settings\owner\di
2015-01-08 14:12 - 2015-01-08 14:12 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-01-08 14:12 - 2015-01-08 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-08 14:11 - 2015-01-08 14:12 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-08 14:05 - 2015-01-08 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-01-07 14:00 - 2015-01-07 14:00 - 00067208 _____ () C:\fatcat.zip
2015-01-05 13:49 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2015-01-05 13:49 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2015-01-02 14:52 - 2015-01-02 14:52 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-02 14:51 - 2015-01-02 14:51 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-02 14:51 - 2015-01-02 14:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:47 - 2014-08-15 11:55 - 00000000 ____D () C:\Documents and Settings\owner\Local Settings\temp
2015-01-16 18:43 - 2011-01-22 13:59 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\BitTorrent
2015-01-16 18:33 - 2011-02-21 12:22 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:19 - 2013-03-21 14:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-16 17:51 - 2010-06-04 10:31 - 01876042 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-16 17:50 - 2014-03-30 11:59 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-16 17:50 - 2012-09-06 15:31 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-16 17:50 - 2011-02-21 12:22 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 17:50 - 2010-06-04 10:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-16 17:50 - 2010-06-04 05:26 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-01-16 17:50 - 2010-06-04 05:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-16 17:50 - 2008-04-13 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-16 17:46 - 2011-01-22 19:20 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\vlc
2015-01-16 14:37 - 2010-06-04 05:23 - 00547424 _____ () C:\WINDOWS\setupapi.log
2015-01-15 20:19 - 2010-06-04 10:36 - 00032374 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-13 21:19 - 2013-03-21 14:29 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-13 21:19 - 2011-10-09 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-13 18:56 - 2013-02-17 13:50 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\PEG-Leased TV Stuff
2015-01-13 18:33 - 2012-05-10 08:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 13:33 - 2010-06-04 10:36 - 00000178 ___SH () C:\Documents and Settings\owner\ntuser.ini
2015-01-13 13:33 - 2010-06-04 05:22 - 00000327 __RSH () C:\boot.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000619 _____ () C:\WINDOWS\win.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-12 17:44 - 2010-06-04 10:36 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-12 16:45 - 2011-05-15 20:34 - 00000000 ____D () C:\Qoobox
2015-01-12 16:25 - 2013-09-04 19:51 - 05609736 ____R (Swearware) C:\Documents and Settings\owner\My Documents\ComboFix.exe
2015-01-11 20:07 - 2011-09-05 22:16 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\My Received Files
2015-01-10 02:20 - 2011-08-14 18:54 - 00097280 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-09 14:29 - 2010-06-04 10:36 - 00000000 ____D () C:\Documents and Settings\owner
2015-01-08 15:00 - 2014-03-30 11:58 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-08 14:36 - 2010-06-04 11:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-08 14:11 - 2010-06-04 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-01-08 14:05 - 2013-09-27 19:16 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-01-07 14:00 - 2014-07-14 11:12 - 00034005 _____ () C:\flagseurope.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00024432 _____ () C:\flagsapac.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00014761 _____ () C:\flagsamericas.zip
2015-01-02 15:01 - 2014-06-25 22:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 14:52 - 2011-05-16 21:40 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-02 14:52 - 2011-05-16 21:40 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-02 14:51 - 2014-05-10 17:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-12-27 19:19 - 2010-06-04 05:22 - 00173112 _____ () C:\WINDOWS\setupact.log

Files to move or delete:
====================
C:\Documents and Settings\owner\TempWmicBatchFile.bat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015 01
Ran by owner at 2015-01-16 18:48:33
Running from C:\Documents and Settings\owner\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
BitTorrent (HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\BitTorrent) (Version: 7.9.2.36804 - BitTorrent Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000 - Hewlett-Packard) Hidden
F4500 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
Paltalk Messenger  11.4 (HKLM\...\Paltalk Messenger) (Version: 11.4.564.16149 - AVM Software Inc.)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SignageStudio (HKLM\...\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1) (Version: 4.11.29 - Signage)
SignageStudio (Version: 4.11.29 - Signage) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snood 4 (HKLM\...\Snood 4_is1) (Version:  - Word of Mouse Games)
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{7ECDEB76-36CF-4A03-B612-239369A6B499}\InprocServer32 -> C:\Program Files\trademanager\modules\19734\allinone.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{A777FC6F-16C6-4C2A-AACB-BCDF73762F78}\InprocServer32 -> C:\Program Files\trademanager\modules\19734\allinone.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\trademanager\modules\8003\GraffitiGUI.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{CFCA933E-4C70-4FB2-B411-70C2CAF2B9F8}\localserver32 -> "C:\Program Files\trademanager\aliapploader.exe" No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File

==================== Restore Points  =========================

23-11-2014 20:38:49 System Checkpoint
24-11-2014 23:04:49 System Checkpoint
25-11-2014 23:32:58 System Checkpoint
26-11-2014 23:46:27 System Checkpoint
28-11-2014 00:28:39 System Checkpoint
29-11-2014 14:55:36 System Checkpoint
30-11-2014 16:08:27 System Checkpoint
01-12-2014 19:50:44 System Checkpoint
03-12-2014 13:11:35 System Checkpoint
04-12-2014 16:01:42 System Checkpoint
05-12-2014 17:14:22 System Checkpoint
06-12-2014 18:01:05 System Checkpoint
07-12-2014 18:22:40 System Checkpoint
08-12-2014 19:19:21 System Checkpoint
09-12-2014 19:24:54 System Checkpoint
11-12-2014 11:01:49 System Checkpoint
12-12-2014 12:23:01 System Checkpoint
13-12-2014 12:39:44 System Checkpoint
14-12-2014 01:01:27 Software Distribution Service 3.0
15-12-2014 13:36:55 System Checkpoint
17-12-2014 17:36:32 System Checkpoint
18-12-2014 18:41:40 System Checkpoint
19-12-2014 19:41:27 System Checkpoint
20-12-2014 22:32:05 System Checkpoint
22-12-2014 00:24:07 System Checkpoint
23-12-2014 12:15:57 System Checkpoint
24-12-2014 12:48:55 System Checkpoint
25-12-2014 13:29:11 System Checkpoint
26-12-2014 14:27:35 System Checkpoint
27-12-2014 15:11:22 System Checkpoint
29-12-2014 01:48:48 System Checkpoint
30-12-2014 11:48:46 System Checkpoint
31-12-2014 13:13:46 System Checkpoint
01-01-2015 13:30:51 System Checkpoint
02-01-2015 13:35:15 System Checkpoint
02-01-2015 14:48:21 avast! antivirus system restore point
03-01-2015 15:42:30 System Checkpoint
04-01-2015 18:17:56 System Checkpoint
05-01-2015 18:22:27 System Checkpoint
06-01-2015 18:47:51 System Checkpoint
07-01-2015 19:22:01 System Checkpoint
08-01-2015 19:23:27 System Checkpoint
10-01-2015 12:38:04 System Checkpoint
11-01-2015 17:39:53 System Checkpoint
13-01-2015 12:57:02 System Checkpoint
14-01-2015 13:24:08 System Checkpoint
15-01-2015 13:45:09 System Checkpoint
16-01-2015 15:22:58 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-05-15 20:51 - 2013-09-27 16:10 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2015-01-16 14:19 - 2015-01-16 14:19 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011601\algo.dll
2014-02-28 18:37 - 2015-01-02 14:51 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-13 15:41 - 2015-01-13 15:41 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-527237240-57989841-1606980848-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\WINDOWS\pss\Logitech . Product Registration.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^owner^Start Menu^Programs^Startup^PalTalk.lnk => C:\WINDOWS\pss\PalTalk.lnkStartup
MSCONFIG\startupreg: aliim => C:\Program Files\trademanager\aliim.exe
MSCONFIG\startupreg: BitTorrent => "C:\Documents and Settings\owner\Application Data\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-527237240-57989841-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-527237240-57989841-1606980848-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-527237240-57989841-1606980848-1000 - Limited - Disabled)
owner (S-1-5-21-527237240-57989841-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\owner
SUPPORT_388945a0 (S-1-5-21-527237240-57989841-1606980848-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 02:29:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.0.5486, faulting module mozalloc.dll, version 35.0.0.5486, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/16/2015 02:29:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 35.0.0.5486, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2015 05:11:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application paltalk.exe, version 11.4.564.16149, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/16/2015 05:50:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 02:36:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 02:16:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 00:13:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 00:08:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/15/2015 10:05:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/15/2015 08:45:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/15/2015 08:38:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/15/2015 05:44:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/15/2015 04:27:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL


Microsoft Office Sessions:
=========================
Error: (01/16/2015 02:29:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.5486mozalloc.dll35.0.0.548600001425

Error: (01/16/2015 02:29:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.0.5486hungapp0.0.0.000000000

Error: (01/15/2015 05:11:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: paltalk.exe11.4.564.16149hungapp0.0.0.000000000


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 23%
Total physical RAM: 3062.07 MB
Available physical RAM: 2352.31 MB
Total Pagefile: 4425.92 MB
Available Pagefile: 3877.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:42.16 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 50814AAC)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:22 PM

Posted 16 January 2015 - 07:09 PM

Hey, :)
Please move FRST to your Desktop.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 rick33

rick33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 16 January 2015 - 09:35 PM

# AdwCleaner v4.107 - Report created 16/01/2015 at 20:04:26
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : owner - OWNER-3383D268F
# Running from : C:\Documents and Settings\owner\My Documents\Downloads\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Documents and Settings\owner\Application Data\HPAppData
Folder Deleted : C:\Documents and Settings\owner\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\owner\Application Data\Search Protection
File Deleted : C:\END
File Deleted : C:\Documents and Settings\owner\Application Data\LiveSupport.exe_log.txt
File Deleted : C:\Documents and Settings\owner\Application Data\regsvr32.exe_log.txt
File Deleted : C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\pj778085.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RrSavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v35.0 (x86 en-US)

[pj778085.default\prefs.js] - Line Deleted : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.a92d8b6044bd54bb1a8dc95b32002e067e7fbdde1e7da4fad8f0cd97b7e73a076com54025.54025.internaldb.Resources_meta.value", "%7B%22images/fb1.png%22%3A%7B%22id%22%3A563387%2C%22ver%22%3A4%[...]
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.admin", false);
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.aflt", "orgnl");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.autoRvrt", "false");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.cntry", "US");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.dfltLng", "");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.excTlbr", false);
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.ffxUnstlRst", false);
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.hdrMd5", "8E5D8716CC71FF325589CD447BFD15B1");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.id", "5c006183000000000000000f66798377");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.instlDay", "16246");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.instlRef", "");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.lastVrsnTs", "1.8.28.317:47:51");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.newTab", false);
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.prdct", "iminent");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.prtnrId", "iminent");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.rvrt", "false");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.sg", "none");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.smplGrp", "none");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.vrsn", "1.8.28.3");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.vrsnTs", "1.8.28.317:47:51");
[pj778085.default\prefs.js] - Line Deleted : user_pref("extensions.iminent.vrsni", "1.8.28.3");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.LayoutId", "1");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.ShowThankyouPixel", "0");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.0063862711969375,\"s\":0,\"es\":1}");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.adapters", "{\"start.iminent.com\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"1403732980[...]
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.enabledAds", "obsolete");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent100", "1403733689797");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent102", "1403733990876");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.version", "8.25.2.1");
[pj778085.default\prefs.js] - Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.25.2.1\",\"InstallEventCTime\":1403733961593}");

*************************

AdwCleaner[R0].txt - [27100 octets] - [18/10/2013 18:58:02]
AdwCleaner[R1].txt - [9000 octets] - [16/01/2015 19:22:59]
AdwCleaner[S0].txt - [27678 octets] - [18/10/2013 18:59:42]
AdwCleaner[S1].txt - [9157 octets] - [16/01/2015 20:04:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9217 octets] ##########
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/16/2015
Scan Time: 8:17:45 PM
Logfile: malwarebytes_scanlog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.16.14
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367341
Time Elapsed: 24 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, Quarantined, [4c0524d3bbce53e3f41db5427e864fb1],

Registry Values: 1
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, mbgcnnihcmjdlpopnobljbfkcppokhpm;http://chrome.cdnloader.com/update2.xml?extid=mbgcnnihcmjdlpopnobljbfkcppokhpm&installid={8024FFAB-B683-4777-9714-EA5CEB47C226}&installpartner=adk&installdate=2013-6-4&testGroup=, Quarantined, [4c0524d3bbce53e3f41db5427e864fb1]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by owner on Fri 01/16/2015 at 21:13:42.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\owner\Application Data\mozilla\firefox\profiles\pj778085.default\prefs.js

user_pref("extensions.a92d8b6044bd54bb1a8dc95b32002e067e7fbdde1e7da4fad8f0cd97b7e73a076com54025.54025.internaldb.Resources_resource_563389.value", "%22data%3Aimage/png%3Bbase6
Emptied folder: C:\Documents and Settings\owner\Application Data\mozilla\firefox\profiles\pj778085.default\minidumps [18 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/16/2015 at 21:20:01.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2015 01
Ran by owner (administrator) on OWNER-3383D268F on 16-01-2015 21:31:48
Running from C:\Documents and Settings\owner\Desktop
Loaded Profiles: owner (Available profiles: owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Freecorder FLV Service] => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [BitTorrent] => C:\Documents and Settings\owner\Application Data\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-527237240-57989841-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> {C9C0B217-125C-48D7-B544-8011587ED4D9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\pj778085.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\DOCUME~1\owner\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll ( )
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-20]
FF HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-02] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-13] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{4841A4EB-4710-4951-8672-B5F2FBA3B2E8}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-02] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-02-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PRISM_A02; C:\WINDOWS\System32\DRIVERS\WUSB20XP.sys [339488 2004-04-15] (Cisco-Linksys, LLC.)
S0 awpsypn; System32\drivers\tjbrab.sys [X]
S3 catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 21:31 - 2015-01-16 21:32 - 00012951 _____ () C:\Documents and Settings\owner\Desktop\FRST.txt
2015-01-16 21:30 - 2015-01-16 21:30 - 01117696 _____ (Farbar) C:\Documents and Settings\owner\Desktop\FRST.exe
2015-01-16 21:20 - 2015-01-16 21:20 - 00001059 _____ () C:\Documents and Settings\owner\Desktop\JRT.txt
2015-01-16 19:22 - 2015-01-16 19:22 - 02191360 _____ () C:\Documents and Settings\owner\Desktop\adwcleaner_4.107.exe
2015-01-16 18:46 - 2015-01-16 21:31 - 00000000 ____D () C:\FRST
2015-01-16 16:10 - 2015-01-16 16:11 - 00020547 _____ () C:\Documents and Settings\owner\Desktop\attach.txt
2015-01-16 16:10 - 2015-01-16 16:11 - 00010549 _____ () C:\Documents and Settings\owner\Desktop\dds.txt
2015-01-13 15:41 - 2015-01-13 15:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 16:45 - 2015-01-12 16:45 - 00019005 _____ () C:\ComboFix.txt
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-01-09 14:29 - 2015-01-09 14:29 - 00000000 ____D () C:\Documents and Settings\owner\di
2015-01-08 14:12 - 2015-01-08 14:12 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-01-08 14:12 - 2015-01-08 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-08 14:11 - 2015-01-08 14:12 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-08 14:05 - 2015-01-08 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-01-07 14:00 - 2015-01-07 14:00 - 00067208 _____ () C:\fatcat.zip
2015-01-05 13:49 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2015-01-05 13:49 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2015-01-02 14:52 - 2015-01-02 14:52 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-02 14:51 - 2015-01-02 14:51 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-02 14:51 - 2015-01-02 14:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 21:32 - 2014-08-15 11:55 - 00000000 ____D () C:\Documents and Settings\owner\Local Settings\temp
2015-01-16 21:19 - 2013-03-21 14:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-16 21:05 - 2014-06-25 22:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 21:02 - 2010-06-04 10:31 - 01891172 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-16 21:00 - 2011-01-22 13:59 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\BitTorrent
2015-01-16 20:59 - 2014-03-30 11:59 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-16 20:59 - 2012-09-06 15:31 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-16 20:59 - 2011-02-21 12:22 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 20:59 - 2010-06-04 10:36 - 00032532 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-16 20:59 - 2010-06-04 10:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-16 20:59 - 2010-06-04 05:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-16 20:59 - 2010-06-04 05:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-16 20:59 - 2008-04-13 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-16 20:58 - 2010-06-04 11:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2015-01-16 20:58 - 2010-06-04 10:36 - 00000178 ___SH () C:\Documents and Settings\owner\ntuser.ini
2015-01-16 20:33 - 2011-02-21 12:22 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 20:04 - 2013-10-18 18:57 - 00000000 ____D () C:\AdwCleaner
2015-01-16 17:46 - 2011-01-22 19:20 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\vlc
2015-01-16 14:37 - 2010-06-04 05:23 - 00547424 _____ () C:\WINDOWS\setupapi.log
2015-01-13 21:19 - 2013-03-21 14:29 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-13 21:19 - 2011-10-09 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-13 18:56 - 2013-02-17 13:50 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\PEG-Leased TV Stuff
2015-01-13 18:33 - 2012-05-10 08:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 13:33 - 2010-06-04 05:22 - 00000327 __RSH () C:\boot.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000619 _____ () C:\WINDOWS\win.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-12 17:44 - 2010-06-04 10:36 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-12 16:45 - 2011-05-15 20:34 - 00000000 ____D () C:\Qoobox
2015-01-12 16:25 - 2013-09-04 19:51 - 05609736 ____R (Swearware) C:\Documents and Settings\owner\My Documents\ComboFix.exe
2015-01-11 20:07 - 2011-09-05 22:16 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\My Received Files
2015-01-10 02:20 - 2011-08-14 18:54 - 00097280 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-09 14:29 - 2010-06-04 10:36 - 00000000 ____D () C:\Documents and Settings\owner
2015-01-08 15:00 - 2014-03-30 11:58 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-08 14:36 - 2010-06-04 11:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-08 14:11 - 2010-06-04 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-01-08 14:05 - 2013-09-27 19:16 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-01-07 14:00 - 2014-07-14 11:12 - 00034005 _____ () C:\flagseurope.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00024432 _____ () C:\flagsapac.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00014761 _____ () C:\flagsamericas.zip
2015-01-02 14:52 - 2011-05-16 21:40 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-02 14:52 - 2011-05-16 21:40 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-02 14:51 - 2014-05-10 17:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-12-27 19:19 - 2010-06-04 05:22 - 00173112 _____ () C:\WINDOWS\setupact.log

==================== Files in the root of some directories =======
2013-03-21 14:43 - 2013-03-21 14:43 - 0897448 _____ (Oracle Corporation) C:\Program Files\jre-7u17-windows-i586-iftw.exe
2011-01-11 17:27 - 2011-01-11 17:27 - 0418616 _____ (Yahoo! Inc.) C:\Program Files\msgr10us.exe
2011-10-09 12:35 - 2011-10-09 12:34 - 0423952 _____ (Yahoo! Inc.) C:\Program Files\msgr11us.exe
2011-01-11 20:57 - 2011-01-11 21:16 - 155184736 _____ () C:\Program Files\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
2011-05-16 19:55 - 2011-05-16 20:06 - 56923744 _____ () C:\Program Files\setup_av_free.exe
2011-10-05 15:15 - 2011-10-05 15:15 - 0000040 _____ () C:\Documents and Settings\owner\Application Data\cdr.ini
2011-08-14 18:54 - 2015-01-10 02:20 - 0097280 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\owner\TempWmicBatchFile.bat


Some content of TEMP:
====================
C:\Documents and Settings\owner\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\owner\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


Hopefully I did that all correctly.



#6 rick33

rick33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 16 January 2015 - 09:38 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2015 01
Ran by owner at 2015-01-16 21:32:53
Running from C:\Documents and Settings\owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
BitTorrent (HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\BitTorrent) (Version: 7.9.2.36804 - BitTorrent Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000 - Hewlett-Packard) Hidden
F4500 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
Paltalk Messenger  11.4 (HKLM\...\Paltalk Messenger) (Version: 11.4.564.16149 - AVM Software Inc.)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SignageStudio (HKLM\...\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1) (Version: 4.11.29 - Signage)
SignageStudio (Version: 4.11.29 - Signage) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Snood 4 (HKLM\...\Snood 4_is1) (Version:  - Word of Mouse Games)
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{7ECDEB76-36CF-4A03-B612-239369A6B499}\InprocServer32 -> C:\Program Files\trademanager\modules\19734\allinone.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{A777FC6F-16C6-4C2A-AACB-BCDF73762F78}\InprocServer32 -> C:\Program Files\trademanager\modules\19734\allinone.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\trademanager\modules\8003\GraffitiGUI.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{CFCA933E-4C70-4FB2-B411-70C2CAF2B9F8}\localserver32 -> "C:\Program Files\trademanager\aliapploader.exe" No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File

==================== Restore Points  =========================

23-11-2014 20:38:49 System Checkpoint
24-11-2014 23:04:49 System Checkpoint
25-11-2014 23:32:58 System Checkpoint
26-11-2014 23:46:27 System Checkpoint
28-11-2014 00:28:39 System Checkpoint
29-11-2014 14:55:36 System Checkpoint
30-11-2014 16:08:27 System Checkpoint
01-12-2014 19:50:44 System Checkpoint
03-12-2014 13:11:35 System Checkpoint
04-12-2014 16:01:42 System Checkpoint
05-12-2014 17:14:22 System Checkpoint
06-12-2014 18:01:05 System Checkpoint
07-12-2014 18:22:40 System Checkpoint
08-12-2014 19:19:21 System Checkpoint
09-12-2014 19:24:54 System Checkpoint
11-12-2014 11:01:49 System Checkpoint
12-12-2014 12:23:01 System Checkpoint
13-12-2014 12:39:44 System Checkpoint
14-12-2014 01:01:27 Software Distribution Service 3.0
15-12-2014 13:36:55 System Checkpoint
17-12-2014 17:36:32 System Checkpoint
18-12-2014 18:41:40 System Checkpoint
19-12-2014 19:41:27 System Checkpoint
20-12-2014 22:32:05 System Checkpoint
22-12-2014 00:24:07 System Checkpoint
23-12-2014 12:15:57 System Checkpoint
24-12-2014 12:48:55 System Checkpoint
25-12-2014 13:29:11 System Checkpoint
26-12-2014 14:27:35 System Checkpoint
27-12-2014 15:11:22 System Checkpoint
29-12-2014 01:48:48 System Checkpoint
30-12-2014 11:48:46 System Checkpoint
31-12-2014 13:13:46 System Checkpoint
01-01-2015 13:30:51 System Checkpoint
02-01-2015 13:35:15 System Checkpoint
02-01-2015 14:48:21 avast! antivirus system restore point
03-01-2015 15:42:30 System Checkpoint
04-01-2015 18:17:56 System Checkpoint
05-01-2015 18:22:27 System Checkpoint
06-01-2015 18:47:51 System Checkpoint
07-01-2015 19:22:01 System Checkpoint
08-01-2015 19:23:27 System Checkpoint
10-01-2015 12:38:04 System Checkpoint
11-01-2015 17:39:53 System Checkpoint
13-01-2015 12:57:02 System Checkpoint
14-01-2015 13:24:08 System Checkpoint
15-01-2015 13:45:09 System Checkpoint
16-01-2015 15:22:58 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-05-15 20:51 - 2013-09-27 16:10 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2015-01-16 14:19 - 2015-01-16 14:19 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011601\algo.dll
2014-02-28 18:37 - 2015-01-02 14:51 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-13 15:41 - 2015-01-13 15:41 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-527237240-57989841-1606980848-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\WINDOWS\pss\Logitech . Product Registration.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^owner^Start Menu^Programs^Startup^PalTalk.lnk => C:\WINDOWS\pss\PalTalk.lnkStartup
MSCONFIG\startupreg: aliim => C:\Program Files\trademanager\aliim.exe
MSCONFIG\startupreg: BitTorrent => "C:\Documents and Settings\owner\Application Data\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-527237240-57989841-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-527237240-57989841-1606980848-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-527237240-57989841-1606980848-1000 - Limited - Disabled)
owner (S-1-5-21-527237240-57989841-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\owner
SUPPORT_388945a0 (S-1-5-21-527237240-57989841-1606980848-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 09:14:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.0.5486, faulting module mozalloc.dll, version 35.0.0.5486, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/16/2015 02:29:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.0.5486, faulting module mozalloc.dll, version 35.0.0.5486, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/16/2015 02:29:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 35.0.0.5486, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2015 05:11:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application paltalk.exe, version 11.4.564.16149, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/16/2015 08:59:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 08:05:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 05:50:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 02:36:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 02:16:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 00:13:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/16/2015 00:08:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/15/2015 10:05:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/15/2015 08:45:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (01/15/2015 08:38:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL


Microsoft Office Sessions:
=========================
Error: (01/16/2015 09:14:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.5486mozalloc.dll35.0.0.548600001425

Error: (01/16/2015 02:29:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.5486mozalloc.dll35.0.0.548600001425

Error: (01/16/2015 02:29:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.0.5486hungapp0.0.0.000000000

Error: (01/15/2015 05:11:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: paltalk.exe11.4.564.16149hungapp0.0.0.000000000


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 22%
Total physical RAM: 3062.07 MB
Available physical RAM: 2366.91 MB
Total Pagefile: 4425.76 MB
Available Pagefile: 3897.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:42.13 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 50814AAC)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:22 PM

Posted 17 January 2015 - 08:24 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    C:\Documents and Settings\owner\TempWmicBatchFile.bat
    CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
    CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
    CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{7ECDEB76-36CF-4A03-B612-239369A6B499}\InprocServer32 -> C:\Program Files\trademanager\modules\19734\allinone.dll No File
    CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{A777FC6F-16C6-4C2A-AACB-BCDF73762F78}\InprocServer32 -> C:\Program Files\trademanager\modules\19734\allinone.dll No File
    CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\trademanager\modules\8003\GraffitiGUI.dll No File
    CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{CFCA933E-4C70-4FB2-B411-70C2CAF2B9F8}\localserver32 -> "C:\Program Files\trademanager\aliapploader.exe" No File
    CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 rick33

rick33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 17 January 2015 - 02:08 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2015 01
Ran by owner (administrator) on OWNER-3383D268F on 17-01-2015 13:06:19
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner (Available profiles: owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Documents and Settings\owner\My Documents\Downloads\FRST.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Freecorder FLV Service] => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [BitTorrent] => C:\Documents and Settings\owner\Application Data\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-527237240-57989841-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> {C9C0B217-125C-48D7-B544-8011587ED4D9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\pj778085.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\DOCUME~1\owner\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll ( )
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-20]
FF HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-02] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-13] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{4841A4EB-4710-4951-8672-B5F2FBA3B2E8}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-02] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-02-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PRISM_A02; C:\WINDOWS\System32\DRIVERS\WUSB20XP.sys [339488 2004-04-15] (Cisco-Linksys, LLC.)
S0 awpsypn; System32\drivers\tjbrab.sys [X]
S3 catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 13:05 - 2015-01-17 13:05 - 01117696 _____ (Farbar) C:\Documents and Settings\owner\Desktop\FRST.exe
2015-01-16 21:32 - 2015-01-16 21:33 - 00021074 _____ () C:\Documents and Settings\owner\Desktop\Addition.txt
2015-01-16 21:31 - 2015-01-16 21:33 - 00022315 _____ () C:\Documents and Settings\owner\Desktop\FRST.txt
2015-01-16 21:20 - 2015-01-16 21:20 - 00001059 _____ () C:\Documents and Settings\owner\Desktop\JRT.txt
2015-01-16 19:22 - 2015-01-16 19:22 - 02191360 _____ () C:\Documents and Settings\owner\Desktop\adwcleaner_4.107.exe
2015-01-16 18:46 - 2015-01-17 13:06 - 00000000 ____D () C:\FRST
2015-01-16 16:10 - 2015-01-16 16:11 - 00020547 _____ () C:\Documents and Settings\owner\Desktop\attach.txt
2015-01-16 16:10 - 2015-01-16 16:11 - 00010549 _____ () C:\Documents and Settings\owner\Desktop\dds.txt
2015-01-13 15:41 - 2015-01-13 15:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 16:45 - 2015-01-12 16:45 - 00019005 _____ () C:\ComboFix.txt
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-01-09 14:29 - 2015-01-09 14:29 - 00000000 ____D () C:\Documents and Settings\owner\di
2015-01-08 14:12 - 2015-01-08 14:12 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-01-08 14:12 - 2015-01-08 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-08 14:11 - 2015-01-08 14:12 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-08 14:05 - 2015-01-08 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-01-07 14:00 - 2015-01-07 14:00 - 00067208 _____ () C:\fatcat.zip
2015-01-05 13:49 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2015-01-05 13:49 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2015-01-02 14:52 - 2015-01-02 14:52 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-02 14:51 - 2015-01-02 14:51 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-02 14:51 - 2015-01-02 14:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 13:06 - 2014-08-15 11:55 - 00000000 ____D () C:\Documents and Settings\owner\Local Settings\temp
2015-01-17 12:44 - 2011-01-22 13:59 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\BitTorrent
2015-01-17 12:33 - 2011-02-21 12:22 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 12:19 - 2013-03-21 14:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-17 12:15 - 2010-06-04 10:31 - 01906435 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-17 12:11 - 2012-09-06 15:31 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-17 12:10 - 2011-02-21 12:22 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 12:10 - 2010-06-04 05:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-17 12:10 - 2008-04-13 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-17 12:09 - 2014-03-30 11:59 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-17 12:09 - 2010-06-04 10:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-17 12:09 - 2010-06-04 05:26 - 00000000 _____ () C:\WINDOWS\wiaservc.log
2015-01-16 21:05 - 2014-06-25 22:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 20:59 - 2010-06-04 10:36 - 00032532 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-16 20:58 - 2010-06-04 11:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2015-01-16 20:58 - 2010-06-04 10:36 - 00000178 ___SH () C:\Documents and Settings\owner\ntuser.ini
2015-01-16 20:04 - 2013-10-18 18:57 - 00000000 ____D () C:\AdwCleaner
2015-01-16 17:46 - 2011-01-22 19:20 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\vlc
2015-01-16 14:37 - 2010-06-04 05:23 - 00547424 _____ () C:\WINDOWS\setupapi.log
2015-01-13 21:19 - 2013-03-21 14:29 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-13 21:19 - 2011-10-09 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-13 18:56 - 2013-02-17 13:50 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\PEG-Leased TV Stuff
2015-01-13 18:33 - 2012-05-10 08:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 13:33 - 2010-06-04 05:22 - 00000327 __RSH () C:\boot.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000619 _____ () C:\WINDOWS\win.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-12 17:44 - 2010-06-04 10:36 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-12 16:45 - 2011-05-15 20:34 - 00000000 ____D () C:\Qoobox
2015-01-12 16:25 - 2013-09-04 19:51 - 05609736 ____R (Swearware) C:\Documents and Settings\owner\My Documents\ComboFix.exe
2015-01-11 20:07 - 2011-09-05 22:16 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\My Received Files
2015-01-10 02:20 - 2011-08-14 18:54 - 00097280 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-09 14:29 - 2010-06-04 10:36 - 00000000 ____D () C:\Documents and Settings\owner
2015-01-08 15:00 - 2014-03-30 11:58 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-08 14:36 - 2010-06-04 11:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-08 14:11 - 2010-06-04 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-01-08 14:05 - 2013-09-27 19:16 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-01-07 14:00 - 2014-07-14 11:12 - 00034005 _____ () C:\flagseurope.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00024432 _____ () C:\flagsapac.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00014761 _____ () C:\flagsamericas.zip
2015-01-02 14:52 - 2011-05-16 21:40 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-02 14:52 - 2011-05-16 21:40 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-02 14:51 - 2014-05-10 17:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-12-27 19:19 - 2010-06-04 05:22 - 00173112 _____ () C:\WINDOWS\setupact.log

==================== Files in the root of some directories =======
2013-03-21 14:43 - 2013-03-21 14:43 - 0897448 _____ (Oracle Corporation) C:\Program Files\jre-7u17-windows-i586-iftw.exe
2011-01-11 17:27 - 2011-01-11 17:27 - 0418616 _____ (Yahoo! Inc.) C:\Program Files\msgr10us.exe
2011-10-09 12:35 - 2011-10-09 12:34 - 0423952 _____ (Yahoo! Inc.) C:\Program Files\msgr11us.exe
2011-01-11 20:57 - 2011-01-11 21:16 - 155184736 _____ () C:\Program Files\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
2011-05-16 19:55 - 2011-05-16 20:06 - 56923744 _____ () C:\Program Files\setup_av_free.exe
2011-10-05 15:15 - 2011-10-05 15:15 - 0000040 _____ () C:\Documents and Settings\owner\Application Data\cdr.ini
2011-08-14 18:54 - 2015-01-10 02:20 - 0097280 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\owner\TempWmicBatchFile.bat


Some content of TEMP:
====================
C:\Documents and Settings\owner\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\owner\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\hk64tbBit0.dll.vir    Win64/Toolbar.Conduit.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\hk64tbBit2.dll.vir    a variant of Win64/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\hktbBit0.dll.vir    Win32/Toolbar.Conduit.W potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\hktbBit2.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\ldrtbBit0.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\ldrtbBit2.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\ldrtbBitT.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\tbBit0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\tbBit1.dll.vir    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\tbBit2.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\tbBitT.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\owner\Local Settings\Application Data\BitTorrentControl_v12\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\hk64tbBit0.dll.vir    Win64/Toolbar.Conduit.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\hk64tbBit2.dll.vir    a variant of Win64/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\hktbBit0.dll.vir    Win32/Toolbar.Conduit.W potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\hktbBit2.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\ldrtbBit0.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\ldrtbBit2.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\ldrtbBitT.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\prxtbBit0.dll.vir    Win32/Toolbar.Conduit.W potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\prxtbBit2.dll.vir    Win32/Toolbar.Conduit.N potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\prxtbBitT.dll.vir    Win32/Toolbar.Conduit.O potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\tbBit0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\tbBit2.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentControl_v12\tbBitT.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\wrtc.exe.vir    Win32/SweetIM.E potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\jmdp\lmrn.dll.vir    Win32/SweetIM.G potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\jmdp\stij.exe.vir    Win32/SweetIM.G potentially unwanted application    deleted - quarantined
C:\Documents and Settings\owner\My Documents\Programs\audiotranscoder.exe    a variant of Win32/Complitly.A potentially unwanted application    deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\owner\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe.vir    Win32/Toolbar.DefaultTab.E potentially unwanted application    deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\owner\Application Data\DefaultTab\DefaultTab\uninstalldt.exe.vir    a variant of Win32/Toolbar.DefaultTab.E potentially unwanted application    deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\OApps\SeLEctionlinks.dll.vir    Win32/AdWare.Facetheme.F application    cleaned by deleting - quarantined
 



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:22 PM

Posted 17 January 2015 - 02:10 PM

I don't think you have done Step 1 & 4. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 rick33

rick33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 17 January 2015 - 02:59 PM

my bad,

 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Documents and Settings\owner\TempWmicBatchFile.bat
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{7ECDEB76-36CF-4A03-B612-239369A6B499}\InprocServer32 -> C:\Program Files\trademanager\modules\19734\allinone.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{A777FC6F-16C6-4C2A-AACB-BCDF73762F78}\InprocServer32 -> C:\Program Files\trademanager\modules\19734\allinone.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\trademanager\modules\8003\GraffitiGUI.dll No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{CFCA933E-4C70-4FB2-B411-70C2CAF2B9F8}\localserver32 -> "C:\Program Files\trademanager\aliapploader.exe" No File
CustomCLSID: HKU\S-1-5-21-527237240-57989841-1606980848-1003_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll No File
EmptyTemp:

 

 

 

 

On re-boot the processor (or whatever) still seems to run a lot.. (like it's churning data) but I didn't have to wait nearly as long before being able to access programs, internet, etc.    nagigating the web seems much quicker with no lag or problems.

 

Did I do everything right?    I'm just curious, aside from the 32 problems being found and deleted in Eset.. what exactly was wrong? 

 

Thank you so much for your help.



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:22 PM

Posted 17 January 2015 - 04:26 PM

Hey,
ESET just found some leftovers and generally we just removed some Adware. ;)
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 rick33

rick33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 17 January 2015 - 05:16 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2015 01
Ran by owner (administrator) on OWNER-3383D268F on 17-01-2015 17:14:38
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner (Available profiles: owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVM Software Inc.) C:\Program Files\Paltalk Messenger\paltalk.exe
(AVM Software Inc.) C:\Program Files\Paltalk Messenger\paltalk.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\Documents and Settings\owner\My Documents\Downloads\FRST.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Freecorder FLV Service] => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-527237240-57989841-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> DefaultScope {C9C0B217-125C-48D7-B544-8011587ED4D9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> {C9C0B217-125C-48D7-B544-8011587ED4D9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\pj778085.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\DOCUME~1\owner\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll ( )
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-20]
FF HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-02] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-13] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{4841A4EB-4710-4951-8672-B5F2FBA3B2E8}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-02] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-02-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PRISM_A02; C:\WINDOWS\System32\DRIVERS\WUSB20XP.sys [339488 2004-04-15] (Cisco-Linksys, LLC.)
S0 awpsypn; System32\drivers\tjbrab.sys [X]
S3 catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 17:14 - 2015-01-17 17:14 - 01117696 _____ (Farbar) C:\Documents and Settings\owner\Desktop\FRST.exe
2015-01-17 13:11 - 2015-01-17 13:11 - 00000000 ____D () C:\Program Files\ESET
2015-01-16 21:32 - 2015-01-16 21:33 - 00021074 _____ () C:\Documents and Settings\owner\Desktop\Addition.txt
2015-01-16 21:31 - 2015-01-16 21:33 - 00022315 _____ () C:\Documents and Settings\owner\Desktop\FRST.txt
2015-01-16 21:20 - 2015-01-16 21:20 - 00001059 _____ () C:\Documents and Settings\owner\Desktop\JRT.txt
2015-01-16 19:22 - 2015-01-16 19:22 - 02191360 _____ () C:\Documents and Settings\owner\Desktop\adwcleaner_4.107.exe
2015-01-16 18:46 - 2015-01-17 17:14 - 00000000 ____D () C:\FRST
2015-01-16 16:10 - 2015-01-16 16:11 - 00020547 _____ () C:\Documents and Settings\owner\Desktop\attach.txt
2015-01-16 16:10 - 2015-01-16 16:11 - 00010549 _____ () C:\Documents and Settings\owner\Desktop\dds.txt
2015-01-13 15:41 - 2015-01-13 15:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 16:45 - 2015-01-12 16:45 - 00019005 _____ () C:\ComboFix.txt
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-01-09 14:29 - 2015-01-09 14:29 - 00000000 ____D () C:\Documents and Settings\owner\di
2015-01-08 14:12 - 2015-01-08 14:12 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-01-08 14:12 - 2015-01-08 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-08 14:11 - 2015-01-08 14:12 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-08 14:05 - 2015-01-08 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-01-07 14:00 - 2015-01-07 14:00 - 00067208 _____ () C:\fatcat.zip
2015-01-05 13:49 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2015-01-05 13:49 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2015-01-02 14:52 - 2015-01-02 14:52 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-02 14:51 - 2015-01-02 14:51 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-02 14:51 - 2015-01-02 14:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 17:15 - 2014-08-15 11:55 - 00000000 ____D () C:\Documents and Settings\owner\Local Settings\temp
2015-01-17 16:33 - 2011-02-21 12:22 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 16:19 - 2013-03-21 14:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-17 15:59 - 2011-01-22 19:20 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\vlc
2015-01-17 15:25 - 2011-08-14 18:54 - 00097792 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-17 15:06 - 2011-01-22 13:59 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\BitTorrent
2015-01-17 14:52 - 2012-09-06 15:31 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-17 14:14 - 2010-06-04 10:31 - 01914311 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-17 14:11 - 2014-03-30 11:59 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-17 14:11 - 2011-02-21 12:22 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 14:11 - 2010-06-04 10:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-17 14:11 - 2010-06-04 05:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-17 14:11 - 2010-06-04 05:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-17 14:11 - 2008-04-13 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-17 14:10 - 2010-06-04 10:36 - 00032532 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-17 14:10 - 2010-06-04 10:36 - 00000178 ___SH () C:\Documents and Settings\owner\ntuser.ini
2015-01-17 13:11 - 2010-06-04 05:23 - 00547901 _____ () C:\WINDOWS\setupapi.log
2015-01-16 21:05 - 2014-06-25 22:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 20:58 - 2010-06-04 11:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2015-01-16 20:04 - 2013-10-18 18:57 - 00000000 ____D () C:\AdwCleaner
2015-01-13 21:19 - 2013-03-21 14:29 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-13 21:19 - 2011-10-09 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-13 18:56 - 2013-02-17 13:50 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\PEG-Leased TV Stuff
2015-01-13 18:33 - 2012-05-10 08:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 13:33 - 2010-06-04 05:22 - 00000327 __RSH () C:\boot.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000619 _____ () C:\WINDOWS\win.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-12 17:44 - 2010-06-04 10:36 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-12 16:45 - 2011-05-15 20:34 - 00000000 ____D () C:\Qoobox
2015-01-12 16:25 - 2013-09-04 19:51 - 05609736 ____R (Swearware) C:\Documents and Settings\owner\My Documents\ComboFix.exe
2015-01-11 20:07 - 2011-09-05 22:16 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\My Received Files
2015-01-09 14:29 - 2010-06-04 10:36 - 00000000 ____D () C:\Documents and Settings\owner
2015-01-08 15:00 - 2014-03-30 11:58 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-08 14:36 - 2010-06-04 11:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-08 14:11 - 2010-06-04 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-01-08 14:05 - 2013-09-27 19:16 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-01-07 14:00 - 2014-07-14 11:12 - 00034005 _____ () C:\flagseurope.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00024432 _____ () C:\flagsapac.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00014761 _____ () C:\flagsamericas.zip
2015-01-02 14:52 - 2011-05-16 21:40 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-02 14:52 - 2011-05-16 21:40 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-02 14:51 - 2014-05-10 17:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-12-27 19:19 - 2010-06-04 05:22 - 00173112 _____ () C:\WINDOWS\setupact.log

==================== Files in the root of some directories =======
2013-03-21 14:43 - 2013-03-21 14:43 - 0897448 _____ (Oracle Corporation) C:\Program Files\jre-7u17-windows-i586-iftw.exe
2011-01-11 17:27 - 2011-01-11 17:27 - 0418616 _____ (Yahoo! Inc.) C:\Program Files\msgr10us.exe
2011-10-09 12:35 - 2011-10-09 12:34 - 0423952 _____ (Yahoo! Inc.) C:\Program Files\msgr11us.exe
2011-01-11 20:57 - 2011-01-11 21:16 - 155184736 _____ () C:\Program Files\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
2011-05-16 19:55 - 2011-05-16 20:06 - 56923744 _____ () C:\Program Files\setup_av_free.exe
2011-10-05 15:15 - 2011-10-05 15:15 - 0000040 _____ () C:\Documents and Settings\owner\Application Data\cdr.ini
2011-08-14 18:54 - 2015-01-17 15:25 - 0097792 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\owner\TempWmicBatchFile.bat


Some content of TEMP:
====================
C:\Documents and Settings\owner\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\owner\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:22 PM

Posted 18 January 2015 - 09:17 AM

Hey,
please move FRST to your Desktop. :)
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    C:\Documents and Settings\owner\TempWmicBatchFile.bat
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
How is your system running now?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 rick33

rick33
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 18 January 2015 - 05:59 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 03
Ran by owner (administrator) on OWNER-3383D268F on 18-01-2015 17:58:03
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner (Available profiles: owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVM Software Inc.) C:\Program Files\Paltalk Messenger\paltalk.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\Documents and Settings\owner\My Documents\Downloads\FRST.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Freecorder FLV Service] => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Run: [BitTorrent] => C:\Documents and Settings\owner\Application Data\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-527237240-57989841-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-527237240-57989841-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> DefaultScope {C9C0B217-125C-48D7-B544-8011587ED4D9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> {C9C0B217-125C-48D7-B544-8011587ED4D9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-527237240-57989841-1606980848-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\pj778085.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\DOCUME~1\owner\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll ( )
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-20]
FF HKU\S-1-5-21-527237240-57989841-1606980848-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-02] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-13] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{4841A4EB-4710-4951-8672-B5F2FBA3B2E8}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-02] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-02-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PRISM_A02; C:\WINDOWS\System32\DRIVERS\WUSB20XP.sys [339488 2004-04-15] (Cisco-Linksys, LLC.)
S0 awpsypn; System32\drivers\tjbrab.sys [X]
S3 catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 17:56 - 2015-01-18 17:56 - 00000776 _____ () C:\Documents and Settings\owner\Desktop\Fixlist.txt
2015-01-18 17:53 - 2015-01-18 17:53 - 01118208 _____ (Farbar) C:\Documents and Settings\owner\Desktop\FRST.exe
2015-01-17 13:11 - 2015-01-17 13:11 - 00000000 ____D () C:\Program Files\ESET
2015-01-16 18:46 - 2015-01-18 17:58 - 00000000 ____D () C:\FRST
2015-01-13 15:41 - 2015-01-13 15:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 16:45 - 2015-01-12 16:45 - 00019005 _____ () C:\ComboFix.txt
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-01-12 16:45 - 2015-01-12 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-01-09 14:29 - 2015-01-09 14:29 - 00000000 ____D () C:\Documents and Settings\owner\di
2015-01-08 14:12 - 2015-01-08 14:12 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-01-08 14:12 - 2015-01-08 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-08 14:11 - 2015-01-08 14:12 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-08 14:05 - 2015-01-08 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-01-07 14:00 - 2015-01-07 14:00 - 00067208 _____ () C:\fatcat.zip
2015-01-05 13:49 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2015-01-05 13:49 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2015-01-02 14:52 - 2015-01-02 14:52 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-02 14:51 - 2015-01-02 14:51 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-02 14:51 - 2015-01-02 14:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 17:58 - 2014-08-15 11:55 - 00000000 ____D () C:\Documents and Settings\owner\Local Settings\temp
2015-01-18 17:33 - 2011-02-21 12:22 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 17:19 - 2013-03-21 14:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-18 14:52 - 2012-09-06 15:31 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-18 13:06 - 2010-06-04 10:31 - 01934886 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-18 13:02 - 2011-01-22 13:59 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\BitTorrent
2015-01-18 12:56 - 2014-03-30 11:59 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-18 12:56 - 2011-02-21 12:22 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 12:56 - 2010-06-04 10:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-18 12:56 - 2010-06-04 05:26 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-01-18 12:56 - 2010-06-04 05:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-18 12:56 - 2008-04-13 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-18 01:49 - 2014-06-26 21:17 - 00003753 _____ () C:\console.log
2015-01-18 01:09 - 2013-07-21 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-18 01:00 - 2010-06-04 11:26 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-17 15:59 - 2011-01-22 19:20 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\vlc
2015-01-17 15:25 - 2011-08-14 18:54 - 00097792 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-17 14:10 - 2010-06-04 10:36 - 00032532 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-17 14:10 - 2010-06-04 10:36 - 00000178 ___SH () C:\Documents and Settings\owner\ntuser.ini
2015-01-17 13:11 - 2010-06-04 05:23 - 00547901 _____ () C:\WINDOWS\setupapi.log
2015-01-16 21:05 - 2014-06-25 22:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 20:58 - 2010-06-04 11:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2015-01-16 20:04 - 2013-10-18 18:57 - 00000000 ____D () C:\AdwCleaner
2015-01-13 21:19 - 2013-03-21 14:29 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-13 21:19 - 2011-10-09 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-13 18:56 - 2013-02-17 13:50 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\PEG-Leased TV Stuff
2015-01-13 18:33 - 2012-05-10 08:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 13:33 - 2010-06-04 05:22 - 00000327 __RSH () C:\boot.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000619 _____ () C:\WINDOWS\win.ini
2015-01-13 13:33 - 2008-04-13 18:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-12 17:44 - 2010-06-04 10:36 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-12 16:45 - 2011-05-15 20:34 - 00000000 ____D () C:\Qoobox
2015-01-12 16:25 - 2013-09-04 19:51 - 05609736 ____R (Swearware) C:\Documents and Settings\owner\My Documents\ComboFix.exe
2015-01-11 20:07 - 2011-09-05 22:16 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\My Received Files
2015-01-09 14:29 - 2010-06-04 10:36 - 00000000 ____D () C:\Documents and Settings\owner
2015-01-08 15:00 - 2014-03-30 11:58 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-08 14:36 - 2010-06-04 11:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-08 14:11 - 2010-06-04 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-01-08 14:05 - 2013-09-27 19:16 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-01-07 14:00 - 2014-07-14 11:12 - 00034005 _____ () C:\flagseurope.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00024432 _____ () C:\flagsapac.zip
2015-01-07 14:00 - 2014-07-14 11:12 - 00014761 _____ () C:\flagsamericas.zip
2015-01-02 14:52 - 2011-05-16 21:40 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-02 14:52 - 2011-05-16 21:40 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-02 14:51 - 2014-05-10 17:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-02 14:51 - 2013-03-28 15:33 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-02 14:51 - 2011-05-16 21:40 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-12-27 19:19 - 2010-06-04 05:22 - 00173112 _____ () C:\WINDOWS\setupact.log

==================== Files in the root of some directories =======
2013-03-21 14:43 - 2013-03-21 14:43 - 0897448 _____ (Oracle Corporation) C:\Program Files\jre-7u17-windows-i586-iftw.exe
2011-01-11 17:27 - 2011-01-11 17:27 - 0418616 _____ (Yahoo! Inc.) C:\Program Files\msgr10us.exe
2011-10-09 12:35 - 2011-10-09 12:34 - 0423952 _____ (Yahoo! Inc.) C:\Program Files\msgr11us.exe
2011-01-11 20:57 - 2011-01-11 21:16 - 155184736 _____ () C:\Program Files\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
2011-05-16 19:55 - 2011-05-16 20:06 - 56923744 _____ () C:\Program Files\setup_av_free.exe
2011-10-05 15:15 - 2011-10-05 15:15 - 0000040 _____ () C:\Documents and Settings\owner\Application Data\cdr.ini
2011-08-14 18:54 - 2015-01-17 15:25 - 0097792 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\owner\TempWmicBatchFile.bat


Some content of TEMP:
====================
C:\Documents and Settings\owner\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\owner\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

It seems to be running much better.



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:22 PM

Posted 19 January 2015 - 12:52 AM

Can you please post the Fixlog? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users