Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if i have a virus again


  • Please log in to reply
35 replies to this topic

#1 jenn3

jenn3

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 13 March 2015 - 02:39 PM

I was on here a few months back with a virus and the help here was great in getting rid of my virus.  I was on a website and something came up that looked like something saying i had a virus and wanted me to click something i did not click anything and immediately shut my computer off.  Turned it back home and ran my malaware scan which came up with alot of tracking cookies and then ran my microsoft essentials which did not come up with anything.  Is this good enough to use in finding out if i have a virus or not.  

thanks in advance

JC



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 13 March 2015 - 04:12 PM

Hello jenn3 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
-------------------------------------------------------------------------------------------------------------------------------

 

Let's check out system.

------
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt

Good day  :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 13 March 2015 - 05:24 PM

thanks so much!

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 11.25.2
Run by Chari at 18:21:16 on 2015-03-13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.709 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - 
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8DE18CDA-541D-4DBF-8189-6BC55B4C82D8} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\41.0.2272.89\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]
R1 MpKsla82d00f9;MpKsla82d00f9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74280598-72ef-48c8-aac9-f16e4695ca5a}\MpKsla82d00f9.sys [2015-3-13 39464]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 142648]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-10 114904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-10-20 808448]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-12-10 54360]
UnknownUnknown MpKsl6fc908e6;MpKsl6fc908e6; [x]
.
=============== Created Last 30 ================
.
2015-03-13 04:13:18 39464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74280598-72ef-48c8-aac9-f16e4695ca5a}\MpKsla82d00f9.sys
2015-03-13 00:58:07 9041640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74280598-72ef-48c8-aac9-f16e4695ca5a}\mpengine.dll
2015-03-11 06:34:25 9041640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-03-09 01:20:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2015-03-09 01:20:26 -------- d-----w- c:\windows\system32\wbem\Repository
2015-02-18 13:47:58 17323192 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
.
==================== Find3M  ====================
.
2015-03-10 18:34:28 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 13:16:52 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-05 07:22:22 701616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 07:22:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-14 20:56:34 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-14 20:56:30 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-12-14 20:56:29 895912 ----a-w- c:\windows\system32\npdeployJava1.dll
2014-12-14 20:56:29 816552 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 18:22:39.28 ===============


#4 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 13 March 2015 - 05:28 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2008 8:29:42 AM
System Uptime: 3/8/2015 7:30:52 PM (119 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core™2 CPU         T7200  @ 2.00GHz | N/A | 997/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 74.017 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_820F104D&REV_03\3&B1BFB68&0&10
Manufacturer: 
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_820F104D&REV_03\3&B1BFB68&0&10
Service: 
.
Class GUID: 
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_820F104D&REV_03\3&B1BFB68&0&11
Manufacturer: 
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_820F104D&REV_03\3&B1BFB68&0&11
Service: 
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_820F104D&REV_13\4&192AC53F&0&00E0
Manufacturer: Marvell
Name: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_820F104D&REV_13\4&192AC53F&0&00E0
Service: yukonwxp
.
==== System Restore Points ===================
.
RP1646: 12/14/2014 4:01:15 PM - Removed AVG 2014
RP1647: 12/14/2014 4:01:15 PM - Restore Operation
RP1648: 12/14/2014 4:01:16 PM - Software Distribution Service 3.0
RP1649: 12/14/2014 4:01:16 PM - tech help
RP1650: 12/14/2014 4:01:16 PM - Software Distribution Service 3.0
RP1651: 12/14/2014 4:01:16 PM - Malwarebytes Anti-Rootkit Restore Point
RP1652: 12/14/2014 4:01:17 PM - Software Distribution Service 3.0
RP1653: 12/14/2014 4:01:17 PM - Software Distribution Service 3.0
RP1654: 12/14/2014 4:01:17 PM - System Checkpoint
RP1655: 12/14/2014 4:01:17 PM - Software Distribution Service 3.0
RP1656: 12/14/2014 4:01:17 PM - Installed Sophos Virus Removal Tool.
RP1657: 12/14/2014 4:01:17 PM - Software Distribution Service 3.0
RP1658: 12/14/2014 4:01:23 PM - End of disinfection
RP1659: 12/15/2014 2:27:42 AM - Software Distribution Service 3.0
RP1660: 12/16/2014 7:38:31 AM - Software Distribution Service 3.0
RP1661: 12/17/2014 8:06:11 AM - System Checkpoint
RP1662: 12/17/2014 8:04:08 PM - Software Distribution Service 3.0
RP1663: 12/18/2014 8:01:30 PM - Software Distribution Service 3.0
RP1664: 12/19/2014 8:34:32 PM - System Checkpoint
RP1665: 12/20/2014 1:59:49 AM - Software Distribution Service 3.0
RP1666: 12/20/2014 7:37:47 PM - Software Distribution Service 3.0
RP1667: 12/21/2014 8:04:30 PM - System Checkpoint
RP1668: 12/22/2014 2:06:58 AM - Software Distribution Service 3.0
RP1669: 12/23/2014 3:05:55 AM - System Checkpoint
RP1670: 12/23/2014 7:09:58 PM - Software Distribution Service 3.0
RP1671: 12/24/2014 7:43:58 PM - System Checkpoint
RP1672: 12/25/2014 1:53:49 AM - Software Distribution Service 3.0
RP1673: 12/26/2014 2:03:31 AM - System Checkpoint
RP1674: 12/26/2014 8:33:10 PM - Software Distribution Service 3.0
RP1675: 12/27/2014 9:09:18 PM - System Checkpoint
RP1676: 12/28/2014 2:26:12 AM - Software Distribution Service 3.0
RP1677: 12/29/2014 2:54:59 AM - System Checkpoint
RP1678: 12/29/2014 7:57:51 PM - Software Distribution Service 3.0
RP1679: 12/30/2014 8:05:55 PM - System Checkpoint
RP1680: 12/31/2014 8:54:58 AM - Software Distribution Service 3.0
RP1681: 1/1/2015 8:57:58 AM - Software Distribution Service 3.0
RP1682: 1/2/2015 9:32:26 AM - System Checkpoint
RP1683: 1/3/2015 2:28:09 AM - Software Distribution Service 3.0
RP1684: 1/4/2015 1:43:34 AM - Software Distribution Service 3.0
RP1685: 1/5/2015 2:34:20 AM - System Checkpoint
RP1686: 1/5/2015 6:42:29 AM - Software Distribution Service 3.0
RP1687: 1/6/2015 7:24:41 AM - System Checkpoint
RP1688: 1/7/2015 2:21:55 AM - Software Distribution Service 3.0
RP1689: 1/8/2015 2:28:25 AM - Software Distribution Service 3.0
RP1690: 1/9/2015 2:49:30 AM - System Checkpoint
RP1691: 1/9/2015 5:56:14 AM - Software Distribution Service 3.0
RP1692: 1/10/2015 6:05:19 AM - System Checkpoint
RP1693: 1/10/2015 3:08:42 PM - Software Distribution Service 3.0
RP1694: 1/11/2015 1:54:16 AM - Software Distribution Service 3.0
RP1695: 1/12/2015 2:24:08 AM - System Checkpoint
RP1696: 1/12/2015 2:24:17 PM - Software Distribution Service 3.0
RP1697: 1/13/2015 4:38:26 PM - System Checkpoint
RP1698: 1/14/2015 1:39:46 AM - Software Distribution Service 3.0
RP1699: 1/14/2015 3:00:19 AM - Software Distribution Service 3.0
RP1700: 1/15/2015 3:39:10 AM - System Checkpoint
RP1701: 1/15/2015 1:46:33 PM - Software Distribution Service 3.0
RP1702: 1/16/2015 2:24:43 PM - System Checkpoint
RP1703: 1/17/2015 1:30:21 AM - Software Distribution Service 3.0
RP1704: 1/18/2015 1:38:21 AM - Software Distribution Service 3.0
RP1705: 1/19/2015 2:28:56 AM - System Checkpoint
RP1706: 1/19/2015 9:10:18 AM - Software Distribution Service 3.0
RP1707: 1/20/2015 9:48:46 AM - System Checkpoint
RP1708: 1/20/2015 7:59:38 PM - Software Distribution Service 3.0
RP1709: 1/21/2015 8:40:20 PM - System Checkpoint
RP1710: 1/22/2015 1:39:05 AM - Software Distribution Service 3.0
RP1711: 1/23/2015 2:31:57 AM - System Checkpoint
RP1712: 1/24/2015 2:28:27 AM - Software Distribution Service 3.0
RP1713: 1/25/2015 2:22:48 AM - Software Distribution Service 3.0
RP1714: 1/26/2015 2:30:12 AM - System Checkpoint
RP1715: 1/26/2015 4:36:42 PM - Software Distribution Service 3.0
RP1716: 1/27/2015 5:04:41 PM - System Checkpoint
RP1717: 1/28/2015 2:08:01 AM - Software Distribution Service 3.0
RP1718: 1/29/2015 2:30:16 AM - System Checkpoint
RP1719: 1/29/2015 9:38:02 AM - Software Distribution Service 3.0
RP1720: 1/30/2015 10:18:07 AM - System Checkpoint
RP1721: 1/31/2015 2:08:52 AM - Software Distribution Service 3.0
RP1722: 2/1/2015 2:27:55 AM - Software Distribution Service 3.0
RP1723: 2/2/2015 3:25:58 AM - System Checkpoint
RP1724: 2/2/2015 3:32:03 PM - Software Distribution Service 3.0
RP1725: 2/3/2015 4:26:15 PM - System Checkpoint
RP1726: 2/3/2015 10:18:36 PM - Software Distribution Service 3.0
RP1727: 2/4/2015 10:56:32 PM - System Checkpoint
RP1728: 2/5/2015 1:53:30 AM - Software Distribution Service 3.0
RP1729: 2/6/2015 1:59:03 AM - System Checkpoint
RP1730: 2/6/2015 1:05:21 PM - Software Distribution Service 3.0
RP1731: 2/7/2015 2:29:31 PM - System Checkpoint
RP1732: 2/8/2015 1:57:24 AM - Software Distribution Service 3.0
RP1733: 2/9/2015 2:29:15 AM - System Checkpoint
RP1734: 2/9/2015 12:37:06 PM - Software Distribution Service 3.0
RP1735: 2/10/2015 8:38:02 PM - Software Distribution Service 3.0
RP1736: 2/11/2015 3:00:33 AM - Software Distribution Service 3.0
RP1737: 2/11/2015 8:26:44 PM - Software Distribution Service 3.0
RP1738: 2/12/2015 9:21:00 PM - System Checkpoint
RP1739: 2/13/2015 1:50:59 AM - Software Distribution Service 3.0
RP1740: 2/14/2015 1:57:00 AM - System Checkpoint
RP1741: 2/15/2015 1:10:17 AM - Software Distribution Service 3.0
RP1742: 2/15/2015 2:31:29 AM - Software Distribution Service 3.0
RP1743: 2/16/2015 2:58:12 AM - System Checkpoint
RP1744: 2/16/2015 12:53:01 PM - Software Distribution Service 3.0
RP1745: 2/17/2015 1:31:44 PM - System Checkpoint
RP1746: 2/18/2015 2:03:05 AM - Software Distribution Service 3.0
RP1747: 2/18/2015 12:33:46 PM - Software Distribution Service 3.0
RP1748: 2/18/2015 9:31:57 PM - Software Distribution Service 3.0
RP1749: 2/19/2015 12:35:48 PM - Software Distribution Service 3.0
RP1750: 2/20/2015 12:36:02 PM - Software Distribution Service 3.0
RP1751: 2/21/2015 12:36:17 PM - Software Distribution Service 3.0
RP1752: 2/22/2015 2:31:14 AM - Software Distribution Service 3.0
RP1753: 2/22/2015 12:35:48 PM - Software Distribution Service 3.0
RP1754: 2/23/2015 12:36:07 PM - Software Distribution Service 3.0
RP1755: 2/24/2015 12:36:14 PM - Software Distribution Service 3.0
RP1756: 2/25/2015 12:36:05 PM - Software Distribution Service 3.0
RP1757: 2/26/2015 12:34:55 PM - Software Distribution Service 3.0
RP1758: 2/27/2015 12:36:07 PM - Software Distribution Service 3.0
RP1759: 2/28/2015 12:37:02 PM - Software Distribution Service 3.0
RP1760: 3/1/2015 2:31:30 AM - Software Distribution Service 3.0
RP1761: 3/1/2015 12:36:21 PM - Software Distribution Service 3.0
RP1762: 3/2/2015 12:36:15 PM - Software Distribution Service 3.0
RP1763: 3/3/2015 12:35:50 PM - Software Distribution Service 3.0
RP1764: 3/4/2015 1:26:53 PM - System Checkpoint
RP1765: 3/5/2015 2:26:53 PM - System Checkpoint
RP1766: 3/5/2015 6:07:35 PM - Software Distribution Service 3.0
RP1767: 3/6/2015 6:50:49 PM - System Checkpoint
RP1768: 3/7/2015 2:34:11 AM - Software Distribution Service 3.0
RP1769: 3/8/2015 2:44:09 AM - System Checkpoint
RP1770: 3/8/2015 5:46:34 PM - Software Distribution Service 3.0
RP1771: 3/8/2015 6:00:15 PM - Software Distribution Service 3.0
RP1772: 3/8/2015 8:14:52 PM - Software Distribution Service 3.0
RP1773: 3/8/2015 8:19:35 PM - Restore Operation
RP1774: 3/9/2015 8:26:10 PM - Software Distribution Service 3.0
RP1775: 3/10/2015 9:06:23 PM - System Checkpoint
RP1776: 3/11/2015 1:34:14 AM - Software Distribution Service 3.0
RP1777: 3/12/2015 1:54:22 AM - System Checkpoint
RP1778: 3/12/2015 2:00:23 AM - Software Distribution Service 3.0
RP1779: 3/12/2015 7:57:56 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.08)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
eSupportQFolder
F2200
F2200_Help
Google Chrome
Google Update Helper
GPBaseService
GradeQuick Web Plugin
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Intel® PROSet/Wireless Software
iTunes
Java 8 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.4.1028
MarketResearch
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PowerDVD
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
RuneScape Launcher 1.0.4
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrintingOC
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Activation Module
Sophos Virus Removal Tool
Status
SUPERAntiSpyware
Toolbox
TrayApp
Tweak UI
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.2
WebFldrs XP
WebReg
Windows Driver Package - Intel Corporation (ialm) Display  (03/23/2006 6.14.10.4543)
Windows Driver Package - Marvell (yukonwxp) Net  (05/23/2006 8.56.1.3)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
3/8/2015 8:23:21 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
3/8/2015 8:23:21 PM, error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/8/2015 8:23:21 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/8/2015 8:22:55 PM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
3/8/2015 8:21:36 PM, error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/8/2015 8:21:31 PM, error: Service Control Manager [7000]  - The Java Quick Starter service failed to start due to the following error:  The system cannot find the file specified.
3/8/2015 8:21:07 PM, error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified.   Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
.
==== End Of File ===========================
 
 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 14 March 2015 - 06:15 AM

Hi

Uninstall: Sophos Virus Removal Tool

---------------------------------------------------

Step1:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Sincerely

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 March 2015 - 08:37 AM

# AdwCleaner v4.112 - Logfile created 14/03/2015 at 09:32:18
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - CHARID
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner_4.112 (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\Chari\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
File Found : C:\Documents and Settings\Chari\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 172.16.8.4:8080
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\bearsharemediabartb
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{38420AFB-3B73-4576-BE90-9875E9B53DD1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v41.0.2272.89
 
*************************
 
AdwCleaner[R0].txt - [1903 bytes] - [14/03/2015 09:27:52]
AdwCleaner[R1].txt - [1828 bytes] - [14/03/2015 09:32:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1887 bytes] ##########


#7 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 March 2015 - 08:51 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Sat 03/14/2015 at  9:46:14.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/14/2015 at  9:48:55.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 March 2015 - 09:12 AM

ComboFix 15-03-14.03 - Administrator 03/14/2015   9:55.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1284 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-14 to 2015-03-14  )))))))))))))))))))))))))))))))
.
.
2015-03-14 13:27 . 2015-03-14 13:39 -------- d-----w- C:\AdwCleaner
2015-03-14 06:23 . 2015-01-29 09:49 9041640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FE0A2F9-06EC-4E2F-A1A8-EE370F80BCCD}\mpengine.dll
2015-03-13 23:08 . 2015-01-29 09:49 9041640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-09 01:20 . 2015-03-09 01:20 -------- d-----w- c:\windows\system32\wbem\Repository
2015-02-18 13:47 . 2015-02-18 13:47 17323192 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-10 18:34 . 2014-12-11 03:20 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 13:16 . 2012-12-29 17:02 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-05 07:22 . 2012-05-23 10:52 701616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 07:22 . 2011-12-05 22:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-14 20:56 . 2014-12-14 20:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-14 20:56 . 2012-07-09 23:38 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-12-14 20:56 . 2014-12-14 20:57 895912 ----a-w- c:\windows\system32\npdeployJava1.dll
2014-12-14 20:56 . 2014-12-14 20:57 816552 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-12-28 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Chari^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Chari\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 1:54 PM 142648]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [10/20/2008 9:17 AM 808448]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/10/2014 11:20 PM 54360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [12/10/2014 11:20 PM 114904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-12 12:13 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 07:22]
.
2015-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 16:56]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 16:56]
.
2015-03-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2015-03-14 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2015-03-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-14 10:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-789336058-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,45,c1,0d,f2,46,63,43,a9,21,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,59,83,c2,1e,d6,16,4e,8d,0d,aa,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2560)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2015-03-14  10:11:12 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-14 14:11
.
Pre-Run: 79,362,502,656 bytes free
Post-Run: 79,229,083,648 bytes free
.
- - End Of File - - BD86AA3AD130D96DD3BA498F0990EA70
8F558EB6672622401DA993E1E865C861


#9 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 14 March 2015 - 09:45 AM

Step 1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Step 3:

SecurityCheck
Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 March 2015 - 04:21 PM

I ran malaware bytes and it did not give a log after, but it did say no malicious threats were found.

 

Next scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Administrator (administrator) on CHARID on 14-03-2015 17:28:55
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available profiles: Chari & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Roxio) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [118784 2004-11-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-08-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-789336058-1801674531-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1715567821-789336058-1801674531-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-14] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-500 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-12-28] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\WINDOWS\system32\npdeployJava1.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-06]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-13]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-12-08] (SUPERAntiSpyware.com)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208256 2006-07-24] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-24] (Conexant Systems, Inc.)
S3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1166972 2006-04-05] (Intel Corporation) [File not signed]
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsla613f644; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6072C6B-A762-4FD7-956F-FF59D1E0954F}\MpKsla613f644.sys [39464 2015-03-14] (Microsoft Corporation)
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1706752 2006-07-02] (Intel® Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-12-28] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-12-28] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 ti21sony; C:\WINDOWS\System32\drivers\ti21sony.sys [808448 2007-01-24] (Texas Instruments)
S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
R3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47488 2006-02-10] (TOSHIBA Corporation) [File not signed]
R3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-04-13] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [37632 2006-03-16] (TOSHIBA Corporation) [File not signed]
R1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
R3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-02-08] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [52864 2006-03-15] (TOSHIBA Corporation) [File not signed]
R3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [40192 2006-02-24] (TOSHIBA CORPORATION) [File not signed]
S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [245248 2006-05-23] (Marvell)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 17:28 - 2015-03-14 17:28 - 00000000 ____D () C:\FRST
2015-03-14 10:11 - 2015-03-14 17:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-03-14 10:11 - 2015-03-14 10:14 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-03-14 10:11 - 2015-03-14 10:11 - 00011357 _____ () C:\ComboFix.txt
2015-03-14 10:11 - 2015-03-14 10:11 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-03-14 10:11 - 2015-03-14 10:11 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-03-14 10:11 - 2015-03-14 10:11 - 00000000 ____D () C:\Documents and Settings\Chari\Local Settings\temp
2015-03-14 10:03 - 2015-03-14 10:03 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-03-14 10:03 - 2015-03-14 10:03 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-03-14 10:03 - 2015-03-14 10:03 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-03-14 10:03 - 2015-03-14 10:03 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-03-14 10:03 - 2015-03-14 10:03 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-03-14 09:52 - 2015-03-14 10:11 - 00000000 ____D () C:\Qoobox
2015-03-14 09:52 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-03-14 09:52 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-03-14 09:52 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-03-14 09:52 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-03-14 09:52 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-03-14 09:52 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-03-14 09:52 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-03-14 09:52 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-03-14 09:52 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-03-14 09:48 - 2015-03-14 09:48 - 00000744 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2015-03-14 09:27 - 2015-03-14 09:39 - 00000000 ____D () C:\AdwCleaner
2015-03-13 18:22 - 2015-03-13 18:22 - 00009965 _____ () C:\Documents and Settings\Chari\Desktop\dds.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 17:22 - 2012-05-23 06:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-14 17:12 - 2012-08-05 19:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-14 17:08 - 2014-12-10 23:20 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 17:07 - 2014-12-10 23:20 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-14 17:07 - 2014-12-10 23:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-14 17:07 - 2014-12-10 23:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-14 17:05 - 2008-10-20 08:30 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-14 10:14 - 2013-02-27 04:10 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-03-14 10:06 - 2014-04-01 07:24 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-14 10:06 - 2012-08-05 19:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 10:06 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-14 10:06 - 2004-08-04 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-03-14 10:05 - 2008-10-20 08:25 - 01402052 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-14 10:04 - 2008-10-20 08:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-14 10:04 - 2008-10-20 04:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-14 10:04 - 2008-10-20 04:16 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-14 10:03 - 2008-10-21 07:34 - 00000278 ___SH () C:\Documents and Settings\Chari\ntuser.ini
2015-03-14 10:03 - 2008-10-21 07:30 - 00000278 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2015-03-14 10:03 - 2008-10-20 04:12 - 38535168 _____ () C:\WINDOWS\system32\config\software.bak
2015-03-14 10:03 - 2008-10-20 04:12 - 09699328 _____ () C:\WINDOWS\system32\config\system.bak
2015-03-14 10:03 - 2008-10-20 04:12 - 00339968 _____ () C:\WINDOWS\system32\config\default.bak
2015-03-14 10:03 - 2008-10-20 04:12 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-03-14 10:03 - 2008-10-20 04:12 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-03-14 10:02 - 2014-12-11 20:18 - 00000000 ____D () C:\WINDOWS\erdnt
2015-03-14 09:52 - 2008-10-20 08:31 - 00032470 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-13 18:22 - 2014-12-10 23:55 - 00029142 _____ () C:\Documents and Settings\Chari\Desktop\attach.txt
2015-03-12 03:17 - 2013-08-15 03:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 03:01 - 2008-10-20 10:22 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-08 21:27 - 2008-10-20 04:14 - 00774928 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-08 21:20 - 2008-10-21 07:34 - 00000000 ____D () C:\Documents and Settings\Chari
2015-03-08 21:20 - 2008-10-21 07:30 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-03-08 21:20 - 2008-10-20 08:31 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-03-08 21:20 - 2008-10-20 08:22 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-08 18:51 - 2011-06-24 17:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-08 15:00 - 2014-04-01 07:24 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-03-07 19:41 - 2012-06-02 14:28 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-03 09:16 - 2012-12-29 13:02 - 00246920 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
next:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Administrator at 2015-03-14 17:29:45
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F2200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
F2200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GradeQuick Web Plugin (HKLM\...\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}) (Version: 1.00.0000 - Edline)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{D77D43B5-ED55-426b-B67B-E21F804F6102}) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version:  - Intel Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
mDriver (Version: 7.00.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSN Toolbar Platform (Version: 4.0.0357.1 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5268 - Realtek Semiconductor Corp.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
RuneScape Launcher 1.0.4 (HKLM\...\{5D87C09F-512F-474A-A306-0FE3B89C396F}) (Version: 1.0.4 - Jagex Ltd)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700) (Version:  - )
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.54.1000 - SUPERAntiSpyware.com)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - Intel Corporation (ialm) Display  (03/23/2006 6.14.10.4543) (HKLM\...\8098B27A42D62758176B34DA12C58EA558120A43) (Version: 03/23/2006 6.14.10.4543 - Intel Corporation)
Windows Driver Package - Marvell (yukonwxp) Net  (05/23/2006 8.56.1.3) (HKLM\...\A43CFA4B36AFAC445B311D32C227FD46BAB30299) (Version: 05/23/2006 8.56.1.3 - Marvell)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-12-2014 03:27:42 Software Distribution Service 3.0
16-12-2014 08:38:31 Software Distribution Service 3.0
17-12-2014 09:06:11 System Checkpoint
17-12-2014 21:04:08 Software Distribution Service 3.0
18-12-2014 21:01:30 Software Distribution Service 3.0
19-12-2014 21:34:32 System Checkpoint
20-12-2014 02:59:49 Software Distribution Service 3.0
20-12-2014 20:37:47 Software Distribution Service 3.0
21-12-2014 21:04:30 System Checkpoint
22-12-2014 03:06:58 Software Distribution Service 3.0
23-12-2014 04:05:55 System Checkpoint
23-12-2014 20:09:58 Software Distribution Service 3.0
24-12-2014 20:43:58 System Checkpoint
25-12-2014 02:53:49 Software Distribution Service 3.0
26-12-2014 03:03:31 System Checkpoint
26-12-2014 21:33:10 Software Distribution Service 3.0
27-12-2014 22:09:18 System Checkpoint
28-12-2014 03:26:12 Software Distribution Service 3.0
29-12-2014 03:54:59 System Checkpoint
29-12-2014 20:57:51 Software Distribution Service 3.0
30-12-2014 21:05:55 System Checkpoint
31-12-2014 09:54:58 Software Distribution Service 3.0
01-01-2015 09:57:58 Software Distribution Service 3.0
02-01-2015 10:32:26 System Checkpoint
03-01-2015 03:28:09 Software Distribution Service 3.0
04-01-2015 02:43:34 Software Distribution Service 3.0
05-01-2015 03:34:20 System Checkpoint
05-01-2015 07:42:29 Software Distribution Service 3.0
06-01-2015 08:24:41 System Checkpoint
07-01-2015 03:21:55 Software Distribution Service 3.0
08-01-2015 03:28:25 Software Distribution Service 3.0
09-01-2015 03:49:30 System Checkpoint
09-01-2015 06:56:14 Software Distribution Service 3.0
10-01-2015 07:05:19 System Checkpoint
10-01-2015 16:08:42 Software Distribution Service 3.0
11-01-2015 02:54:16 Software Distribution Service 3.0
12-01-2015 03:24:08 System Checkpoint
12-01-2015 15:24:17 Software Distribution Service 3.0
13-01-2015 17:38:26 System Checkpoint
14-01-2015 02:39:46 Software Distribution Service 3.0
14-01-2015 04:00:19 Software Distribution Service 3.0
15-01-2015 04:39:10 System Checkpoint
15-01-2015 14:46:33 Software Distribution Service 3.0
16-01-2015 15:24:43 System Checkpoint
17-01-2015 02:30:21 Software Distribution Service 3.0
18-01-2015 02:38:21 Software Distribution Service 3.0
19-01-2015 03:28:56 System Checkpoint
19-01-2015 10:10:18 Software Distribution Service 3.0
20-01-2015 10:48:46 System Checkpoint
20-01-2015 20:59:38 Software Distribution Service 3.0
21-01-2015 21:40:20 System Checkpoint
22-01-2015 02:39:05 Software Distribution Service 3.0
23-01-2015 03:31:57 System Checkpoint
24-01-2015 03:28:27 Software Distribution Service 3.0
25-01-2015 03:22:48 Software Distribution Service 3.0
26-01-2015 03:30:12 System Checkpoint
26-01-2015 17:36:42 Software Distribution Service 3.0
27-01-2015 18:04:41 System Checkpoint
28-01-2015 03:08:01 Software Distribution Service 3.0
29-01-2015 03:30:16 System Checkpoint
29-01-2015 10:38:02 Software Distribution Service 3.0
30-01-2015 11:18:07 System Checkpoint
31-01-2015 03:08:52 Software Distribution Service 3.0
01-02-2015 03:27:55 Software Distribution Service 3.0
02-02-2015 04:25:58 System Checkpoint
02-02-2015 16:32:03 Software Distribution Service 3.0
03-02-2015 17:26:15 System Checkpoint
03-02-2015 23:18:36 Software Distribution Service 3.0
04-02-2015 23:56:32 System Checkpoint
05-02-2015 02:53:30 Software Distribution Service 3.0
06-02-2015 02:59:03 System Checkpoint
06-02-2015 14:05:21 Software Distribution Service 3.0
07-02-2015 15:29:31 System Checkpoint
08-02-2015 02:57:24 Software Distribution Service 3.0
09-02-2015 03:29:15 System Checkpoint
09-02-2015 13:37:06 Software Distribution Service 3.0
10-02-2015 21:38:02 Software Distribution Service 3.0
11-02-2015 04:00:33 Software Distribution Service 3.0
11-02-2015 21:26:44 Software Distribution Service 3.0
12-02-2015 22:21:00 System Checkpoint
13-02-2015 02:50:59 Software Distribution Service 3.0
14-02-2015 02:57:00 System Checkpoint
15-02-2015 02:10:17 Software Distribution Service 3.0
15-02-2015 03:31:29 Software Distribution Service 3.0
16-02-2015 03:58:12 System Checkpoint
16-02-2015 13:53:01 Software Distribution Service 3.0
17-02-2015 14:31:44 System Checkpoint
18-02-2015 03:03:05 Software Distribution Service 3.0
18-02-2015 13:33:46 Software Distribution Service 3.0
18-02-2015 22:31:57 Software Distribution Service 3.0
19-02-2015 13:35:48 Software Distribution Service 3.0
20-02-2015 13:36:02 Software Distribution Service 3.0
21-02-2015 13:36:17 Software Distribution Service 3.0
22-02-2015 03:31:14 Software Distribution Service 3.0
22-02-2015 13:35:48 Software Distribution Service 3.0
23-02-2015 13:36:07 Software Distribution Service 3.0
24-02-2015 13:36:14 Software Distribution Service 3.0
25-02-2015 13:36:05 Software Distribution Service 3.0
26-02-2015 13:34:55 Software Distribution Service 3.0
27-02-2015 13:36:07 Software Distribution Service 3.0
28-02-2015 13:37:02 Software Distribution Service 3.0
01-03-2015 03:31:30 Software Distribution Service 3.0
01-03-2015 13:36:21 Software Distribution Service 3.0
02-03-2015 13:36:15 Software Distribution Service 3.0
03-03-2015 13:35:50 Software Distribution Service 3.0
04-03-2015 14:26:53 System Checkpoint
05-03-2015 15:26:53 System Checkpoint
05-03-2015 19:07:35 Software Distribution Service 3.0
06-03-2015 19:50:49 System Checkpoint
07-03-2015 03:34:11 Software Distribution Service 3.0
08-03-2015 03:44:09 System Checkpoint
08-03-2015 18:46:34 Software Distribution Service 3.0
08-03-2015 19:00:15 Software Distribution Service 3.0
08-03-2015 21:14:52 Software Distribution Service 3.0
08-03-2015 21:19:35 Restore Operation
09-03-2015 21:26:10 Software Distribution Service 3.0
10-03-2015 22:06:23 System Checkpoint
11-03-2015 02:34:14 Software Distribution Service 3.0
12-03-2015 02:54:22 System Checkpoint
12-03-2015 03:00:23 Software Distribution Service 3.0
12-03-2015 20:57:56 Software Distribution Service 3.0
13-03-2015 21:29:20 System Checkpoint
14-03-2015 02:23:37 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 08:00 - 2015-03-14 10:06 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-10-20 10:27 - 2006-08-18 13:17 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL
2004-08-04 08:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 08:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-03-12 08:14 - 2015-03-07 02:13 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1715567821-789336058-1801674531-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^Chari^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1715567821-789336058-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1715567821-789336058-1801674531-1004 - Limited - Enabled)
Chari (S-1-5-21-1715567821-789336058-1801674531-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Chari
Guest (S-1-5-21-1715567821-789336058-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-789336058-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-789336058-1801674531-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Video Controller
Description: Video Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Marvell
Service: yukonwxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2015 05:29:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 05:29:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 05:05:53 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (03/14/2015 10:00:55 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
 
Error: (03/14/2015 10:00:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 10:00:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 10:00:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 09:26:35 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (03/13/2015 06:20:57 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (03/10/2015 02:34:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.0.1.711, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (03/14/2015 10:05:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (03/14/2015 10:04:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error: 
%%2
 
Error: (03/14/2015 09:41:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (03/14/2015 09:40:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error: 
%%2
 
Error: (03/08/2015 09:23:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (03/08/2015 09:23:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
 
Error: (03/08/2015 09:23:21 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/08/2015 09:22:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (03/08/2015 09:21:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
 
Error: (03/08/2015 09:21:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (03/14/2015 05:29:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 05:29:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 05:05:53 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (03/14/2015 10:00:55 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established
 
Error: (03/14/2015 10:00:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 10:00:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 10:00:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (03/14/2015 09:26:35 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (03/13/2015 06:20:57 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (03/10/2015 02:34:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 2038.11 MB
Available physical RAM: 1269.75 MB
Total Pagefile: 3930.78 MB
Available Pagefile: 3183.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:74.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 70077007)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#11 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 March 2015 - 04:22 PM

results of security check:

 Results of screen317's Security Check version 0.99.98  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Google Chrome (40.0.2214.115) 
 Google Chrome (41.0.2272.89) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#12 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 14 March 2015 - 05:33 PM

Hi jenn3,
 
 Step 1:
 FRST Script:
 Please download this attached txt.gif  fixlist.txt   2.21KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

Step 2:

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.
  • Then RESTART THE COMPUTER

Attached Files


Edited by olgun52, 14 March 2015 - 07:43 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 March 2015 - 06:00 PM

when i downloaded this:   Please download this attached txt.gif  fixlist.txt   2.21KB   0 downloads and save it in the same directory as FRST.

there was no fix button it just came up with a notepad text below:

CreateRestorePoint:
CloseProcesses:
 HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1715567821-789336058-1801674531-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-500 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]
2015-03-08 15:00 - 2014-04-01 07:24 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:


#14 jenn3

jenn3
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 March 2015 - 06:06 PM

and then after i uninstalled java and tried to download the java you had it said the web page was unavailable



#15 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 14 March 2015 - 06:11 PM

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

  • Start FRST with Administrator privileges.
  • Press the Fix button.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users