Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recycler Virus / Malware / Nastiness


  • This topic is locked This topic is locked
12 replies to this topic

#1 IBForked

IBForked

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 AM

Posted 20 April 2015 - 06:23 PM

I finally decided to upgrade to a newer computer from xp to 7. I was wanting to transfer many of my files over, but was not happy with the Windows Easy Transfer program. So, I decided to buy a new usb drive to transfer the files. I did a virus scan and removed a couple of hits that were from old files that I did not even remember. Anyway...I cleaned that up - downloaded / uploaded the files and thought we were sailing along smoothly. Then, one of my aol email accounts (I have others as well) was not retrieving emails as the login was wrong. I had to call aol to regain control of that account as it was somehow compromised. I figured this had to be related to me somehow activating an old dormant virus with the downloading / uploading of files - or I somehow picked up something recently with the searching and downloading I've done to help me transfer the files from old to new. I did a full scan of the old computer. It found locked files that could not be scanned and they were recycler files.

 

A day or so ago I downloaded the FARBAR scan tool from here and I will post those logs below. I've been busy at work and unable to post until today. The old computer has been disconnected from internet and not touched again until now. When I tried to go online today, Avast popped up a warning about this website saying it blocked an infection. (infection details: Win32:Evo-gen[susp]  from downloads.bleepingcomputer.com/dll/7641a329719c6c75ebc1887068......) I'm guessing this is all related. 

 

I've scanned my new pc completely twice and it shows clean still somehow. I would still like to rid this old pc of whatever has inhabited it. Anyways....HELP!

 

Logs from FRST (from old XP computer):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by Munson (administrator) on MUNSONHOMEPC on 17-04-2015 18:54:07
Running from C:\Documents and Settings\Munson\My Documents
Loaded Profiles: Munson (Available profiles: Munson)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Smart Link) C:\WINDOWS\system32\slserv.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files\Microsoft Office\Office\OSA.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
() C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-04-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-17] (Avast Software s.r.o.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\...\Run: [TClockEx] => C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-09] (Dale Nurden)
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\...\Run: [cdloader] => C:\Documents and Settings\Munson\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-01-05] (Google Inc.)
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-23] (BillP Studios)
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE ()
Startup: C:\Documents and Settings\Munson\Start Menu\Programs\Startup\GVJackApp.lnk
ShortcutTarget: GVJackApp.lnk -> C:\Documents and Settings\Munson\Local Settings\Application Data\GVJackApp\GVJackApp.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netvibes.com/privatepage/1#187071416
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
BHO: No Name -> {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-17] (Avast Software s.r.o.)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-03] (Google Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default
FF DefaultSearchEngine: Google Default
FF DefaultSearchEngine.US: Google Default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google Default
FF Homepage: hxxp://www.netvibes.com/privatepage/1#187071416
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-12-18] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2010-11-08] (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1547161642-2000478354-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Munson\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-1547161642-2000478354-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Munson\Application Data\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-1547161642-2000478354-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1547161642-2000478354-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Munson\Application Data\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Munson\Application Data\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF SearchPlugin: C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\aol-web-search.xml [2013-07-23]
FF SearchPlugin: C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\az-lba-com.xml [2013-07-23]
FF SearchPlugin: C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\duckduckgo.xml [2012-04-10]
FF SearchPlugin: C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\google-default.xml [2013-07-23]
FF SearchPlugin: C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\google-ssl.xml [2013-07-23]
FF Extension: DoNotTrackMe - C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\Extensions\donottrackplus@abine(2).com [2013-07-18]
FF Extension: Ghostery - C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\Extensions\firefox@ghostery(2).com [2013-06-29]
FF Extension: No Name - C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2) [2011-03-02]
FF Extension: No Name - C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(3) [2011-03-10]
FF Extension: Greasemonkey - C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2) [2012-03-03]
FF Extension: No Name - C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-04-27]
FF Extension: Adblock Plus - C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-04]
FF Extension: Greasemonkey - C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}(2) [2015-04-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-06]
FF HKLM\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files\Symantec\VIP Access Client
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.netvibes.com/privatepage/1#187071416"
CHR Profile: C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-29]
CHR Extension: (YouTube) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-29]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-29]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Social Fixer for Facebook) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-09-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Ghostery) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-10-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-17] (Avast Software s.r.o.)
S4 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SLService; C:\WINDOWS\system32\slserv.exe [73796 2008-04-14] (Smart Link)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-17] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-04-17] (Avast Software s.r.o.)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-17] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-04-17] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427736 2015-04-17] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-17] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208024 2015-04-17] ()
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [247968 2015-03-25] (IObit)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [126686 2008-04-13] (Smart Link)
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [180360 2008-04-13] (Smart Link)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R0 RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2015-03-25] (IObit.com)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1213632 2011-11-14] (Ralink Technology, Corp.)
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [404990 2008-04-13] (Smart Link)
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [95424 2008-04-13] (Smart Link)
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [26112 2010-10-06] (The OpenVPN Project) [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2015-03-25] (IObit.com)
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-17 18:54 - 2015-04-17 18:54 - 00023320 _____ () C:\Documents and Settings\Munson\My Documents\FRST.txt
2015-04-17 18:52 - 2015-04-17 18:54 - 00000000 ____D () C:\FRST
2015-04-17 18:52 - 2015-04-17 18:52 - 01137152 _____ (Farbar) C:\Documents and Settings\Munson\My Documents\FRST.exe
2015-04-17 10:26 - 2015-04-17 10:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SlimWare Utilities, Inc
2015-04-17 10:19 - 2015-04-17 10:19 - 00000000 ____D () C:\Documents and Settings\Munson\Local Settings\Application Data\SlimWare Utilities Inc
2015-04-17 10:18 - 2015-04-17 10:18 - 00981592 _____ (SlimWare Utilities, Inc.) C:\Documents and Settings\Munson\My Documents\SlimDrivers-setup.exe
2015-04-17 09:48 - 2015-04-17 09:48 - 00000675 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2015-04-17 09:48 - 2015-04-17 09:48 - 00000675 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2015-04-17 09:30 - 2015-04-17 13:12 - 00000000 ____D () C:\Program Files\Glarysoft
2015-04-17 09:23 - 2015-04-17 09:23 - 00000000 ____D () C:\Documents and Settings\Munson\Local Settings\Application Data\Innovative Solutions
2015-04-17 09:23 - 2015-04-17 09:23 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\Innovative Solutions
2015-04-17 09:01 - 2015-04-17 09:01 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-04-17 09:01 - 2015-04-17 09:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-04-17 09:00 - 2015-04-17 09:01 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-17 08:37 - 2015-04-17 08:37 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\ProductData
2015-04-17 08:35 - 2015-04-17 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-04-17 08:35 - 2015-04-17 08:36 - 00000000 ____D () C:\Program Files\IObit
2015-04-17 08:35 - 2015-04-17 08:36 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\IObit
2015-04-17 08:35 - 2015-04-17 08:35 - 00000826 _____ () C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
2015-04-17 08:35 - 2015-04-17 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
2015-04-17 08:00 - 2015-04-17 08:00 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-17 08:00 - 2015-04-17 08:00 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-15 09:02 - 2015-04-15 09:11 - 00008588 _____ () C:\Documents and Settings\Munson\Desktop\FileZilla.xml
2015-04-15 08:05 - 2015-04-15 08:06 - 00000000 ____D () C:\Documents and Settings\Munson\Desktop\New Folder (3)
2015-04-15 05:26 - 2015-04-15 08:51 - 00000000 ____D () C:\Documents and Settings\Munson\Desktop\live email
2015-04-15 05:20 - 2015-04-15 05:24 - 00000000 ____D () C:\Documents and Settings\Munson\Desktop\email accounts
2015-04-15 05:01 - 2015-04-15 05:01 - 02606226 _____ () C:\Munson1 2015-04-15 04-59-25.sqz
2015-04-15 05:01 - 2015-04-15 05:01 - 00023507 _____ () C:\WINDOWS\DYNAZIP.LOG
2015-04-15 04:55 - 2005-02-03 18:41 - 00119089 _____ () C:\Documents and Settings\Munson\Desktop\Munson1__11.sqz
2015-04-15 04:50 - 2014-09-07 13:50 - 00002692 _____ () C:\Documents and Settings\Munson\Desktop\Munson1__.PJC
2015-04-14 22:09 - 2015-04-14 22:09 - 00001056 _____ () C:\Documents and Settings\Munson\Desktop\Continue installation .lnk
2015-04-14 14:05 - 2015-04-14 14:11 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\Duplicate File Hunter
2015-04-14 13:45 - 2015-04-14 13:45 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\DigitalVolcano
2015-04-13 09:17 - 2015-04-13 09:31 - 00000000 ____D () C:\move
2015-04-09 22:04 - 2015-04-09 22:04 - 00000864 _____ () C:\Documents and Settings\Munson\Desktop\munson.greg@gmail.com.iaf
2015-04-09 22:03 - 2015-04-09 22:03 - 00001004 _____ () C:\Documents and Settings\Munson\Desktop\munson@stempy.net.iaf
2015-04-09 16:24 - 2015-04-12 05:36 - 00005770 _____ () C:\WINDOWS\adfsmig.log
2015-04-09 15:55 - 2015-04-09 15:55 - 00000000 ____D () C:\a64c740fa7ab039c63cdcc12349b00
2015-04-09 15:52 - 2015-04-09 15:55 - 00001673 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Easy Transfer for Windows 7.lnk
2015-04-09 15:52 - 2015-04-09 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWET7Cable$
2015-04-09 15:52 - 2015-04-09 15:52 - 00000000 ____D () C:\Program Files\Windows Easy Transfer 7
2015-04-09 15:51 - 2015-04-09 15:55 - 00050602 _____ () C:\WINDOWS\WET7Cable.log
2015-04-09 10:07 - 2015-04-09 10:07 - 00001324 _____ () C:\WINDOWS\system32\RaCoInst.log
2015-04-09 10:07 - 2015-04-09 10:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Kinivo Wireless
2015-04-09 10:06 - 2015-04-09 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kinivo Driver
2015-04-09 10:06 - 2011-11-14 11:48 - 01213632 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\rt2870.sys
2015-04-09 10:06 - 2011-11-14 11:45 - 00238944 _____ (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll
2015-04-09 10:06 - 2011-11-14 11:45 - 00014119 _____ () C:\WINDOWS\system32\RaCoInst.dat
2015-04-09 00:42 - 2015-04-09 00:42 - 00006111 _____ () C:\Documents and Settings\Munson\My Documents\License Key for _GVJack [STD VERSION] - Google Voice Calling App for magicJack_ (Share-it order number_ 434061905).eml
2015-04-09 00:13 - 2015-04-09 00:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-02 03:18 - 2015-04-02 03:18 - 00331150 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-03-26 17:15 - 2015-04-17 08:10 - 00000000 ___RD () C:\Documents and Settings\Munson\My Documents\Dropbox
2015-03-26 16:54 - 2015-04-17 09:52 - 00000000 ____D () C:\Program Files\Dropbox
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-17 18:54 - 2013-10-29 18:04 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-17 18:54 - 2011-04-06 01:30 - 00000000 ____D () C:\Documents and Settings\Munson\Local Settings\temp
2015-04-17 18:49 - 2013-10-04 19:01 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-17 18:13 - 2014-05-03 06:41 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2000478354-1417001333-1003UA.job
2015-04-17 17:12 - 2013-09-17 03:02 - 00013870 _____ () C:\WINDOWS\system32\nvAppTimestamps
2015-04-17 15:32 - 2015-03-15 19:32 - 00000440 _____ () C:\WINDOWS\Tasks\AviatorUpdateTask.job
2015-04-17 14:49 - 2010-08-19 03:32 - 00032640 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-17 13:22 - 2010-08-19 03:27 - 01103455 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-17 13:18 - 2013-05-06 15:32 - 00000316 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-04-17 13:17 - 2008-04-14 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-17 13:16 - 2013-10-04 19:01 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-17 13:16 - 2010-08-19 03:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-17 13:16 - 2010-08-18 22:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-17 13:16 - 2010-08-18 22:02 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-17 13:15 - 2010-08-19 03:33 - 00000178 ___SH () C:\Documents and Settings\Munson\ntuser.ini
2015-04-17 13:15 - 2010-08-18 21:51 - 00000000 ____D () C:\WINDOWS\security
2015-04-17 10:37 - 2010-08-19 04:16 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-04-17 10:37 - 2010-08-18 21:59 - 00080866 _____ () C:\WINDOWS\setupapi.log
2015-04-17 10:35 - 2010-08-19 03:41 - 00000000 ____D () C:\Program Files\Realtek
2015-04-17 10:05 - 2010-08-18 21:59 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-17 09:53 - 2013-11-18 17:40 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\Dropbox
2015-04-17 09:49 - 2014-06-07 01:16 - 00000000 ____D () C:\Documents and Settings\Munson\Local Settings\Application Data\Opera Software
2015-04-17 09:49 - 2014-06-07 01:16 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\Opera Software
2015-04-17 09:49 - 2014-06-07 01:15 - 00000000 ____D () C:\Program Files\Opera
2015-04-17 08:36 - 2013-01-15 09:28 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\Apple Computer
2015-04-17 08:36 - 2010-08-19 03:33 - 00000000 ____D () C:\Documents and Settings\Munson
2015-04-17 08:00 - 2014-05-03 04:49 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-17 08:00 - 2013-05-06 15:32 - 00427736 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-17 08:00 - 2013-05-06 15:32 - 00208024 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-17 08:00 - 2013-05-06 15:32 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-17 08:00 - 2013-05-06 15:32 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-04-17 08:00 - 2013-05-06 15:32 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-04-17 08:00 - 2013-05-06 15:32 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-17 07:59 - 2013-05-06 15:32 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-17 07:46 - 2013-12-11 04:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2015-04-17 06:39 - 2014-07-25 13:18 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-17 03:13 - 2014-05-03 06:41 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2000478354-1417001333-1003Core.job
2015-04-16 21:51 - 2013-08-29 17:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-15 16:23 - 2014-02-07 23:10 - 00000049 _____ () C:\WINDOWS\TaxACT13.ini
2015-04-15 16:22 - 2015-02-01 05:53 - 00000049 _____ () C:\WINDOWS\TaxACT14.ini
2015-04-15 16:21 - 2013-02-06 02:16 - 00000061 _____ () C:\WINDOWS\TaxACT12.ini
2015-04-15 09:15 - 2010-09-21 03:57 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\FileZilla
2015-04-15 05:01 - 2011-06-26 14:21 - 00000000 ____D () C:\Program Files\The Master Genealogist
2015-04-15 03:10 - 2013-08-15 03:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 03:01 - 2010-08-19 06:27 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 13:54 - 2013-04-19 23:31 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-14 13:54 - 2013-04-19 23:31 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-12 06:01 - 2010-08-18 21:59 - 00718375 _____ () C:\WINDOWS\comsetup.log
2015-04-12 05:42 - 2010-09-17 23:32 - 00109056 _____ () C:\Documents and Settings\Munson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-10 16:36 - 2010-08-18 21:58 - 00187552 _____ () C:\WINDOWS\setupact.log
2015-04-09 18:21 - 2010-08-19 03:25 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-09 18:01 - 2010-08-18 21:51 - 00000000 ____D () C:\WINDOWS\repair
2015-04-09 15:55 - 2010-08-18 21:59 - 00976802 _____ () C:\WINDOWS\tsoc.log
2015-04-09 15:55 - 2010-08-18 21:59 - 00431100 _____ () C:\WINDOWS\ntdtcsetup.log
2015-04-09 15:55 - 2010-08-18 21:59 - 00350637 _____ () C:\WINDOWS\iis6.log
2015-04-09 15:55 - 2010-08-18 21:59 - 00118484 _____ () C:\WINDOWS\ocmsn.log
2015-04-09 15:55 - 2010-08-18 21:59 - 00106412 _____ () C:\WINDOWS\tabletoc.log
2015-04-09 15:55 - 2010-08-18 21:59 - 00001355 _____ () C:\WINDOWS\imsins.log
2015-04-09 15:52 - 2010-08-18 21:59 - 02114844 _____ () C:\WINDOWS\FaxSetup.log
2015-04-09 15:52 - 2010-08-18 21:59 - 01040036 _____ () C:\WINDOWS\ocgen.log
2015-04-09 15:52 - 2010-08-18 21:59 - 01030362 _____ () C:\WINDOWS\setupapi.log.0.old
2015-04-09 15:52 - 2010-08-18 21:59 - 00653880 _____ () C:\WINDOWS\msmqinst.log
2015-04-09 15:52 - 2010-08-18 21:59 - 00371509 _____ () C:\WINDOWS\netfxocm.log
2015-04-09 15:52 - 2010-08-18 21:59 - 00147006 _____ () C:\WINDOWS\MedCtrOC.log
2015-04-09 15:52 - 2010-08-18 21:59 - 00106570 _____ () C:\WINDOWS\msgsocm.log
2015-04-09 10:08 - 2010-08-18 21:59 - 00861216 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-09 10:06 - 2010-08-19 03:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-09 09:14 - 2010-08-20 22:31 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\Mozilla
2015-04-02 03:37 - 2010-08-19 06:51 - 00000000 ____D () C:\Documents and Settings\Munson\Local Settings\Application Data\Adobe
2015-04-02 03:35 - 2013-09-17 15:02 - 00000015 _____ () C:\WINDOWS\system32\nvModes.dat
2015-04-02 03:35 - 2013-09-17 02:58 - 01098236 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2015-04-02 03:35 - 2013-09-17 02:58 - 01098236 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2015-04-02 03:35 - 2013-09-17 02:58 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2015-04-02 03:18 - 2015-03-13 10:14 - 00424676 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1547161642-2000478354-1417001333-1003-0.dat
2015-04-01 21:16 - 2014-06-15 19:08 - 00000000 ____D () C:\Program Files\KompoZer
2015-04-01 16:54 - 2013-11-13 03:35 - 00000000 ____D () C:\bkground
2015-03-31 02:59 - 2015-02-05 23:19 - 00000000 ____D () C:\Documents and Settings\Munson\My Documents\agreedordersrecd-feb2015
2015-03-22 01:22 - 2013-11-09 03:22 - 00000000 ____D () C:\other hd files
2015-03-19 23:27 - 2010-11-14 13:30 - 00000000 ____D () C:\Documents and Settings\Munson\My Documents\linda
2015-03-19 23:24 - 2015-03-08 06:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2015-03-19 20:00 - 2015-03-08 06:38 - 00000000 ____D () C:\Documents and Settings\Munson\Application Data\Canon
2015-03-19 19:51 - 2014-07-25 13:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-19 15:17 - 2014-07-25 13:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-19 15:17 - 2012-12-12 06:10 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
 
==================== Files in the root of some directories =======
 
2013-09-17 01:42 - 2013-09-17 01:42 - 0889416 _____ (Microsoft Corporation) C:\Documents and Settings\Munson\Application Data\dotNetFx40_Full_setup.exe
2011-10-14 02:18 - 2011-10-14 05:29 - 0164428 _____ () C:\Documents and Settings\Munson\Local Settings\Application Data\ars.cache
2011-10-14 02:18 - 2011-10-14 05:29 - 0311818 _____ () C:\Documents and Settings\Munson\Local Settings\Application Data\census.cache
2010-09-17 23:32 - 2015-04-12 05:42 - 0109056 _____ () C:\Documents and Settings\Munson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-14 02:11 - 2011-10-14 02:11 - 0000036 _____ () C:\Documents and Settings\Munson\Local Settings\Application Data\housecall.guid.cache
 
Some content of TEMP:
====================
C:\Documents and Settings\Munson\Local Settings\temp\anypia32.exe
C:\Documents and Settings\Munson\Local Settings\temp\difxapi.dll
C:\Documents and Settings\Munson\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl0sd2l.dll
C:\Documents and Settings\Munson\Local Settings\temp\ebfcabfbdfhb.exe
C:\Documents and Settings\Munson\Local Settings\temp\hpqrrx08.exe
C:\Documents and Settings\Munson\Local Settings\temp\hpzmsi01.exe
C:\Documents and Settings\Munson\Local Settings\temp\hpzscr01.EXE
C:\Documents and Settings\Munson\Local Settings\temp\ICReinstall_WECPSetup.exe
C:\Documents and Settings\Munson\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Munson\Local Settings\temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\Munson\Local Settings\temp\MSETUP4.EXE
C:\Documents and Settings\Munson\Local Settings\temp\optimize.exe
C:\Documents and Settings\Munson\Local Settings\temp\PC_173908.en_78.exe
C:\Documents and Settings\Munson\Local Settings\temp\uninstall.exe
C:\Documents and Settings\Munson\Local Settings\temp\UnityWebPlayer8567839512746954407.exe
C:\Documents and Settings\Munson\Local Settings\temp\ydetect.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by Munson at 2015-04-17 18:55:23
Running from C:\Documents and Settings\Munson\My Documents
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2215 - AVAST Software)
Avery Template (HKLM\...\{A760067A-C07E-1033-0000-A764AC000010}) (Version: 2.0.0.0 - Avery)
Aviator (HKLM\...\{B0E4AA1D-76A7-48B5-AAA1-D68BDBB1FF99}) (Version: 2.6 - WhiteHat Security, Inc.)
Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
BlueGriffon version 1.7.2 (HKLM\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.7.2 - Disruptive Innovations SAS)
BookSmart® 3.2.1 3.2.1 (HKLM\...\BookSmart® 3.2.1 3.2.1) (Version:  - Blurb, Inc)
CAM UnZip 4.5 (HKLM\...\CUZ4_is1) (Version:  - CAM Development)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX470 series User Registration (HKLM\...\Canon MX470 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cogniview PDF2XL Evaluation (Version: 4.8.10.204 - Cogniview) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell System Detect (HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\...\9204f5692a8faf3b) (Version: 5.1.0.41 - Dell)
Dell System Detect Bootstrapper (HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\...\8e3135b376bd523e) (Version: 5.1.0.41 - Dell)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GVJackApp Release 1.10 (HKLM\...\{GVJackApp-94F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1) (Version:  - PCPhoneSoft.com)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.12.0 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kinivo WID340 Card (HKLM\...\{29D13775-BCFD-423D-84C9-7A745C044655}) (Version: 1.5.12.0 - Kinivo)
KompoZer 0.8b3 (HKLM\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version:  - KompoZer)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version:  - )
magicJack (HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework Client Profile (HKLM\...\Microsoft.Net.Client.3.5) (Version: 3.5 - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9 - ahead software gmbh)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Nvu 1.0PR (HKLM\...\Nvu_is1) (Version: 1.0PR - Linspire Inc.)
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
Opera Stable 28.0.1750.51 (HKLM\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Photo Viewer V2.4 (HKLM\...\Photo Viewer) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Process Revealer Free Edition 1.0 (HKLM\...\Process Revealer Free Edition) (Version: 1.0 - Logixoft)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5408 - Realtek Semiconductor Corp.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TaxACT 2010 (HKLM\...\TaxACT 2010) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 - 1040 Edition (HKLM\...\TaxACT 2012 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2013 - 1040 Edition (HKLM\...\TaxACT 2013 - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2014 - 1040 Edition (HKLM\...\TaxACT 2014 - 1040 Edition) (Version: 1.02 - TaxACT, Inc.)
TClockEx (HKLM\...\TClockEx_is1) (Version:  - )
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
the LATEST VERSION OF THE GVJACKAPP (HKLM\...\{GVJackAppUpdate-94F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1) (Version:  - PCPhoneSoft.com)
The Master Genealogist (for All Users) (HKLM\...\The Master Genealogist (for All Users)) (Version: 6.x - Wholly Genes Software)
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Easy Transfer for Windows 7 (HKLM\...\WET7Cable) (Version:  - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.0.2014.0 - BillP Studios)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-2000478354-1417001333-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
 
==================== Restore Points  =========================
 
18-01-2015 07:07:17 System Checkpoint
19-01-2015 07:48:12 System Checkpoint
20-01-2015 08:26:08 System Checkpoint
21-01-2015 13:59:52 System Checkpoint
22-01-2015 14:32:11 System Checkpoint
23-01-2015 17:35:30 System Checkpoint
24-01-2015 17:48:45 System Checkpoint
25-01-2015 19:03:04 System Checkpoint
26-01-2015 19:45:10 System Checkpoint
27-01-2015 21:15:26 System Checkpoint
28-01-2015 21:35:05 System Checkpoint
30-01-2015 04:15:09 System Checkpoint
31-01-2015 10:48:29 System Checkpoint
01-02-2015 21:51:25 System Checkpoint
02-02-2015 22:26:52 System Checkpoint
04-02-2015 00:21:22 System Checkpoint
05-02-2015 03:40:27 System Checkpoint
06-02-2015 04:27:04 System Checkpoint
07-02-2015 11:24:55 System Checkpoint
07-02-2015 16:42:18 Installed SPAMfighter.
07-02-2015 16:59:52 Removed SPAMfighter.
07-02-2015 17:34:37 Installed Spamihilator 1.5.0 (32 bit)
07-02-2015 17:41:57 Removed Spamihilator 1.5.0 (32 bit)
09-02-2015 00:49:57 System Checkpoint
10-02-2015 02:20:14 System Checkpoint
11-02-2015 02:54:26 System Checkpoint
11-02-2015 04:00:21 Software Distribution Service 3.0
12-02-2015 07:16:47 System Checkpoint
13-02-2015 18:26:25 System Checkpoint
14-02-2015 20:14:43 System Checkpoint
15-02-2015 21:24:16 System Checkpoint
16-02-2015 21:55:29 System Checkpoint
17-02-2015 22:45:39 System Checkpoint
19-02-2015 12:11:25 System Checkpoint
20-02-2015 21:51:09 System Checkpoint
22-02-2015 17:35:16 System Checkpoint
23-02-2015 17:35:35 System Checkpoint
25-02-2015 05:41:18 System Checkpoint
26-02-2015 22:56:17 System Checkpoint
28-02-2015 02:32:47 System Checkpoint
01-03-2015 02:57:27 System Checkpoint
02-03-2015 04:11:31 System Checkpoint
03-03-2015 04:46:35 System Checkpoint
04-03-2015 04:56:26 System Checkpoint
05-03-2015 07:25:29 System Checkpoint
06-03-2015 07:57:16 System Checkpoint
07-03-2015 12:17:40 System Checkpoint
08-03-2015 02:36:56 Removed HP Deskjet 3510 series Basic Device Software
08-03-2015 02:40:05 Removed HP Deskjet 3510 series Help
08-03-2015 02:40:35 Removed HP Update.
08-03-2015 04:35:29 Software Distribution Service 3.0
08-03-2015 05:07:10 Installed QuickTime 7
08-03-2015 05:15:23 Removed QuickTime 7
08-03-2015 05:18:20 Installed QuickTime
09-03-2015 05:24:19 System Checkpoint
10-03-2015 06:24:19 System Checkpoint
11-03-2015 03:00:24 Software Distribution Service 3.0
12-03-2015 03:07:37 System Checkpoint
13-03-2015 05:28:58 System Checkpoint
14-03-2015 16:09:16 System Checkpoint
15-03-2015 19:31:17 Installed Aviator.
17-03-2015 03:38:33 System Checkpoint
18-03-2015 04:14:53 System Checkpoint
19-03-2015 05:18:27 System Checkpoint
20-03-2015 10:04:35 System Checkpoint
21-03-2015 19:05:28 System Checkpoint
22-03-2015 23:25:31 System Checkpoint
24-03-2015 01:59:56 System Checkpoint
25-03-2015 02:06:52 System Checkpoint
26-03-2015 05:26:04 System Checkpoint
27-03-2015 07:18:37 System Checkpoint
28-03-2015 07:20:58 System Checkpoint
30-03-2015 03:03:13 System Checkpoint
31-03-2015 09:52:46 System Checkpoint
01-04-2015 23:10:57 System Checkpoint
03-04-2015 01:44:40 System Checkpoint
04-04-2015 02:33:50 System Checkpoint
05-04-2015 07:54:37 System Checkpoint
06-04-2015 08:20:44 System Checkpoint
08-04-2015 22:56:37 System Checkpoint
09-04-2015 10:06:45 Installed Kinivo WID340
09-04-2015 15:52:23 Installed Windows Windows Easy Transfer for Windows 7.
09-04-2015 15:55:46 Installed Windows Windows Easy Transfer for Windows 7.
10-04-2015 16:25:30 System Checkpoint
11-04-2015 16:32:57 System Checkpoint
12-04-2015 23:12:35 System Checkpoint
14-04-2015 01:32:24 System Checkpoint
15-04-2015 03:00:31 Software Distribution Service 3.0
16-04-2015 03:37:05 System Checkpoint
17-04-2015 07:36:55 System Checkpoint
17-04-2015 07:54:40 avast! antivirus system restore point
17-04-2015 10:04:57 Removed Windows Live Sign-in Assistant
17-04-2015 10:25:28 SlimDrivers Installing Drivers
17-04-2015 10:37:50 Installed Realtek High Definition Audio Driver
17-04-2015 13:11:50 Removed SlimDrivers
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 07:00 - 2014-06-04 12:48 - 00000081 ____A C:\WINDOWS\system32\Drivers\etc\hosts
??????????????????????????(????????????
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\AviatorUpdateTask.job => C:\Program Files\WhiteHat\Aviator\Update\BatchLauncher.vbs C:\Program Files\WhiteHat\Aviator\Update\AviatorAutoUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2000478354-1417001333-1003Core.job => C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2000478354-1417001333-1003UA.job => C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-17 08:00 - 2015-04-17 08:00 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-17 08:00 - 2015-04-17 08:00 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-17 06:22 - 2015-04-17 06:22 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041700\algo.dll
2014-03-28 04:35 - 2014-03-28 04:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-03-13 17:16 - 2015-04-17 08:00 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-08-28 17:54 - 2013-12-24 17:14 - 00642016 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 00051984 _____ () C:\Program Files\Microsoft Office\Office\OSA.EXE
1997-07-11 00:00 - 1997-07-11 00:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
2015-04-17 09:48 - 2015-04-07 02:13 - 00484472 _____ () C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
2015-04-17 09:48 - 2015-04-07 02:13 - 09625720 _____ () C:\Program Files\Opera\28.0.1750.51\pdf.dll
2015-04-14 13:54 - 2015-04-14 13:54 - 16863920 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Munson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1547161642-2000478354-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1547161642-2000478354-1417001333-1036 - Limited - Enabled)
Guest (S-1-5-21-1547161642-2000478354-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1547161642-2000478354-1417001333-1000 - Limited - Disabled)
Munson (S-1-5-21-1547161642-2000478354-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Munson
SUPPORT_388945a0 (S-1-5-21-1547161642-2000478354-1417001333-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/17/2015 05:10:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 37.0.1.5570, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/17/2015 10:33:24 AM) (Source: MsiInstaller) (EventID: 1013) (User: MUNSONHOMEPC)
Description: Product: Intel® Network Connections -- The installed version of Intel® Network Connections is not supported for upgrades. You must uninstall it before installing this version.
 
Error: (04/17/2015 10:01:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/12/2015 09:48:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 37.0.1.5570, faulting module , version 37.0.1.5570, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]
 
Error: (04/09/2015 04:27:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application migwiz.exe, version 6.1.7600.16385, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [migwiz.exe!ws!]
 
Error: (04/01/2015 09:09:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application nvu.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/31/2015 03:00:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application filezilla.exe, version 3.8.0.0, faulting module filezilla.exe, version 3.8.0.0, fault address 0x0009c4d1.
Processing media-specific event for [filezilla.exe!ws!]
 
Error: (03/29/2015 11:30:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
 
Error: (03/27/2015 07:13:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
 
Error: (03/22/2015 01:25:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application nvu.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (04/02/2015 03:31:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McciCMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/02/2015 03:20:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McciServiceHost service failed to start due to the following error: 
%%2
 
Error: (04/02/2015 03:19:48 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (03/22/2015 01:24:54 AM) (Source: Print) (EventID: 6161) (User: MUNSONHOMEPC)
Description: The document SPT_SPH-L710T_Galaxy_S3_English_User_Manual_KK_NE5_F3_AC.pdf owned by Munson failed to print on printer Canon MX470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 142384488. Number of bytes printed: 20678276. Total number of pages in the document: 74. Number of pages printed: 0. Client machine: \\MUNSONHOMEPC. Win32 error code returned by the print processor: SPT_SPH-L710T_Galaxy_S3_English_User_Manual_KK_NE5_F3_AC.pdf0. SPT_SPH-L710T_Galaxy_S3_English_User_Manual_KK_NE5_F3_AC.pdf1
 
Error: (03/19/2015 07:52:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McciServiceHost service failed to start due to the following error: 
%%2
 
Error: (03/19/2015 07:52:06 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (03/17/2015 02:12:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McciCMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/13/2015 05:13:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McciServiceHost service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (04/17/2015 05:10:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe37.0.1.5570hungapp0.0.0.000000000
 
Error: (04/17/2015 10:33:24 AM) (Source: MsiInstaller) (EventID: 1013) (User: MUNSONHOMEPC)
Description: Product: Intel® Network Connections -- The installed version of Intel® Network Connections is not supported for upgrades. You must uninstall it before installing this version.(NULL)(NULL)(NULL)
 
Error: (04/17/2015 10:01:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (04/12/2015 09:48:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.557037.0.1.557000001aa1
 
Error: (04/09/2015 04:27:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: migwiz.exe6.1.7600.16385ntdll.dll5.1.2600.605500019af2
 
Error: (04/01/2015 09:09:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nvu.exe0.0.0.0hungapp0.0.0.000000000
 
Error: (03/31/2015 03:00:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: filezilla.exe3.8.0.0filezilla.exe3.8.0.00009c4d1
 
Error: (03/29/2015 11:30:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b
 
Error: (03/27/2015 07:13:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b
 
Error: (03/22/2015 01:25:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nvu.exe0.0.0.0hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 2046.1 MB
Available physical RAM: 683.66 MB
Total Pagefile: 3938.86 MB
Available Pagefile: 2121.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.92 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.88 GB) (Free:141.2 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Fixed) (Total:149 GB) (Free:104.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: C682F044)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 25 April 2015 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===




Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} -  No File
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF SearchPlugin: C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\duckduckgo.xml [2012-04-10]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}(2) [2015-04-09]
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR Extension: (Ghostery) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-10-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-17]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U1 WS2IFSL; No ImagePath
C:\Users\Lynn\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Lynn\AppData\Local\Temp\Uninstaller-6204.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Any remaining issues?

#3 IBForked

IBForked
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 AM

Posted 25 April 2015 - 11:52 PM

First ~ THANK YOU for your kind assistance! It is greatly appreciated!

 

Can you tell me what exactly was my XP computer infected with and if any of my information was potentially compromised? I am wondering if the AOL email hack was a result of the malware on my computer?

 

Also, I am concerned about the previously mentioned USB drive being infected when I was downloading / uploading files from my XP computer to my new (to me) Windows 7 computer. Of course, if the USB drive is infected, well, LOL, then I am also worried that my Windows 7 computer could also be infected. :-(  Can you guide me through checking and, if needed, cleaning them as well? I had already uploaded the files on the USB drive to my Windows 7 computer, so it's not necessary to save anything that is presently on the USB drive.

 

Again, THANK YOU so much for your kind assistance! The logs you requested are below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-04-2015
Ran by Munson at 2015-04-25 23:07:21 Run:1
Running from C:\Documents and Settings\Munson\My Documents
Loaded Profiles: Munson (Available profiles: Munson)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} -  No File
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF SearchPlugin: C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\duckduckgo.xml [2012-04-10]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}(2) [2015-04-09]
CHR Extension: (Ghostery) - C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-10-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-17]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U1 WS2IFSL; No ImagePath
C:\Users\Lynn\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Lynn\AppData\Local\Temp\Uninstaller-6204.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-1547161642-2000478354-1417001333-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}" => Key deleted successfully.
HKCR\CLSID\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5093EB4C-3E93-40AB-9266-B607BA87BDC8} => value deleted successfully.
HKCR\CLSID\{5093EB4C-3E93-40AB-9266-B607BA87BDC8} => Key not found. 
Firefox SearchEngineOrder.1 deleted successfully.
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\duckduckgo.xml => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}(2) => Moved successfully.
Chrome HomePage deleted successfully.
C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
cerc6 => Service deleted successfully.
IntelIde => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
PCASp50 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
"C:\Users\Lynn\AppData\Local\Temp\EsgInstallerx64Stub.exe" => File/Directory not found.
"C:\Users\Lynn\AppData\Local\Temp\Uninstaller-6204.exe" => File/Directory not found.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-25 23:09:28)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.
 
==== End of Fixlog 23:09:29 ====
 
# AdwCleaner v4.202 - Logfile created 25/04/2015 at 23:26:36
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Munson - MUNSONHOMEPC
# Running from : C:\Documents and Settings\Munson\Desktop\adwcleaner_4.202.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\Munson\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Munson\Local Settings\Application Data\Innovative Solutions
Folder Deleted : C:\Documents and Settings\Munson\Application Data\StumbleUpon
Folder Deleted : C:\Documents and Settings\Munson\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Munson\Application Data\Innovative Solutions
File Deleted : C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Munson\Application Data\Mozilla\Firefox\Profiles\ce5iz1a1.default\searchplugins\aol-web-search.xml
File Deleted : C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage
File Deleted : C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\StumbleUpon
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\StumbleUpon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
 
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Munson\\Application Data\\Mozilla\\Firefox\\Profiles\\ce5iz1a1.default\\conduitCommon\\modules\\3.5.0.12");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 09 2011 07:01:38 GMT-0500 (Central Daylight Time)");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "5fe0c26e-89fb-4a40-ad42-b4c6f3849566");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 09 2011 07:01:37 GMT-0500 (Central Daylight Time)");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 09 2011 07:01:46 GMT-0500 (Central Daylight Time)");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 09 2011 07:01:32 GMT-0500 (Central Daylight Time)");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "355a77e4-49d0-4313-b8c3-66466004a0d7");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[ce5iz1a1.default\prefs.js] - Line Deleted : user_pref("socialfixer.1280565567/cached_content/donate_pagelet", "{\"expires_on\":1411912120927,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #cccc99;padding:5px;-moz-border-[...]
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Munson\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
-\\ Opera v28.0.1750.51
 
 
*************************
 
AdwCleaner[R0].txt - [9697 bytes] - [25/04/2015 23:20:42]
AdwCleaner[S0].txt - [10128 bytes] - [25/04/2015 23:26:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10188  bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 26 April 2015 - 08:20 AM

The infection as far as I can was not contagious.
Not a worm.

What was removed by your security malware before you submit the log I cannot tell.

===

If you want me to check your new computer you will have to start a new topic.
Run the Farbar tool on this new computer and post a FRST log.

When the topic is created post the link here and I will expedite the matter.

#5 IBForked

IBForked
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 AM

Posted 26 April 2015 - 08:51 AM

http://www.bleepingcomputer.com/forums/t/574450/checking-for-carryover-malwareinfection-from-other-computer/

 

New topic created. :-)

 

Does this mean my old computer is clean?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 26 April 2015 - 12:42 PM

To me it is.

There could be some remnant items.
Run this online scan and remove everyting that will be identified.
It may take some time. Do it when you know you will not need the computer for a few hours.

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

#7 IBForked

IBForked
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 AM

Posted 26 April 2015 - 07:07 PM

eset found quite a few...

 

C:\Documents and Settings\Munson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\59\47363e7b-51f55759 a variant of Java/JShrink.A potentially unsafe application
C:\Documents and Settings\Munson\Local Settings\Application Data\Temp\avastBCLTMP\firefox\johoxkkfdg@johoxkkfdg.org\chrome\performance.jar JS/Redirector.NCA trojan
C:\Documents and Settings\Munson\My Documents\Downloads\avc-free(1).exe Win32/OpenCandy potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\avc-free(2).exe Win32/OpenCandy potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\cbsidlm-cbsi134-Facebook_Unfriend_Finder-SEO-75940351.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\cbsidlm-cbsi145-JobTabs_Free_Resume_Builder-SEO-75914596 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\cbsidlm-cbsi145-JobTabs_Free_Resume_Builder-SEO-75914596.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\cbsidlm-cbsi5_0_0_78-Business_Card_Templates_for_Word-SEO-75325641.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\drivermax_7_54_cnet.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\FCTBSetup.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\FreeVideoFlipAndRotate.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\IObit-Malware-Fighter-Setup.exe Win32/MyPCBackup.C potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\LimeWireWin.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\Pazera_Free_MOV_to_AVI_Converter(1).exe Win32/InstallMonetizer.AF potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\Pazera_Free_MOV_to_AVI_Converter.exe Win32/InstallMonetizer.AF potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\Shockwave_Installer_Slim(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\Spamihilator-win32-1.5.0-22695978.exe a variant of Win32/WinWrapper.A potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\U_0113_01_P.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\Munson\My Documents\Downloads\WECPSetup.exe a variant of Win32/InstallCore.AY potentially unwanted application
C:\Documents and Settings\Munson\My Documents\Downloads\XlsXViewer-26002173.exe a variant of Win32/WinWrapper.A potentially unwanted application
C:\System Volume Information\_restore{A5CA77DB-D086-4ECB-A47B-274DC2A13FCA}\RP1624\A0330093.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\System Volume Information\_restore{A5CA77DB-D086-4ECB-A47B-274DC2A13FCA}\RP1625\A0330178.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\System Volume Information\_restore{A5CA77DB-D086-4ECB-A47B-274DC2A13FCA}\RP1625\A0330179.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\WINDOWS\Installer\1211a92.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\documents old\Downloads\avc-free(1).exe Win32/OpenCandy potentially unsafe application
F:\documents old\Downloads\avc-free(2).exe Win32/OpenCandy potentially unsafe application
F:\documents old\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
F:\documents old\Downloads\cbsidlm-cbsi134-Facebook_Unfriend_Finder-SEO-75940351.exe a variant of Win32/CNETInstaller.B potentially unwanted application
F:\documents old\Downloads\cbsidlm-cbsi145-JobTabs_Free_Resume_Builder-SEO-75914596 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
F:\documents old\Downloads\cbsidlm-cbsi145-JobTabs_Free_Resume_Builder-SEO-75914596.exe a variant of Win32/CNETInstaller.B potentially unwanted application
F:\documents old\Downloads\cbsidlm-cbsi5_0_0_78-Business_Card_Templates_for_Word-SEO-75325641.exe a variant of Win32/CNETInstaller.B potentially unwanted application
F:\documents old\Downloads\FCTBSetup.exe Win32/Toolbar.Zugo potentially unwanted application
F:\documents old\Downloads\FreeVideoFlipAndRotate.exe Win32/Toolbar.Conduit potentially unwanted application
F:\documents old\Downloads\LimeWireWin.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
F:\documents old\Downloads\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\documents old\Downloads\Pazera_Free_MOV_to_AVI_Converter(1).exe Win32/InstallMonetizer.AF potentially unwanted application
F:\documents old\Downloads\Pazera_Free_MOV_to_AVI_Converter.exe Win32/InstallMonetizer.AF potentially unwanted application
F:\documents old\Downloads\Shockwave_Installer_Slim(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\documents old\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\documents old\Downloads\Spamihilator-win32-1.5.0-22695978.exe a variant of Win32/WinWrapper.A potentially unwanted application
F:\documents old\Downloads\U_0113_01_P.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\documents old\Downloads\WECPSetup.exe a variant of Win32/InstallCore.AY potentially unwanted application
F:\documents old\Downloads\XlsXViewer-26002173.exe a variant of Win32/WinWrapper.A potentially unwanted application


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 27 April 2015 - 07:01 AM

You can clean it all.

#9 IBForked

IBForked
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 AM

Posted 27 April 2015 - 07:46 AM

You can clean it all.

....by deleting each individual file?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 27 April 2015 - 08:08 AM

No. Run the scan again and clean all.

#11 IBForked

IBForked
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 AM

Posted 27 April 2015 - 04:52 PM

All done. THANK YOU for your help!!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 28 April 2015 - 09:52 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 04 May 2015 - 07:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users