Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After TDL4


  • This topic is locked This topic is locked
7 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 27 May 2015 - 09:34 AM

Just making sure there are no lingering after effects from a TDL4 infection. Various other infections were found and removed including a few Trojan droppers. Here is the log, thank you:DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by JOHN at 9:36:53 on 2015-05-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1527.1142 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E235BA63-0FEC-40B0-89AE-743228816E4C} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\bin\a2ddax86.sys [2015-3-4 22056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-3-3 23256]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-3-3 1080120]
S2 NecUsb3;USB3 Service;c:\windows\system32\svchost.exe -k NecUsb3Sevic [2004-8-10 14336]
S3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp32.sys [2015-3-4 50200]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-3-3 120024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 gupdate1c9e80e534903d0;Google Update Service (gupdate1c9e80e534903d0);c:\program files\google\update\GoogleUpdate.exe [2015-3-4 107848]
.
=============== Created Last 30 ================
.
2015-05-27 09:55:20 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2015-05-27 09:54:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2015-05-27 09:54:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2015-05-27 09:54:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2015-05-27 09:54:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2015-05-27 09:54:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2015-05-27 09:31:39 -------- d-----w- c:\documents and settings\all users\application data\CSIS
2015-05-26 15:15:37 -------- d-----w- C:\9371193b8bec6c0f02ce209f
.
==================== Find3M  ====================
.
2015-05-27 09:55:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2015-05-27 09:55:09 473520 ----a-w- c:\windows\system32\deployJava1.dll
2015-05-26 15:48:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-14 13:37:48 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 13:37:42 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-05 21:33:17 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-04 08:52:47 52440 ----a-w- c:\windows\system32\drivers\yxfcvrxf.sys
2015-03-03 03:32:07 0 ----a-w- c:\windows\Wcuguset.bin
.
============= FINISH:  9:38:15.29 ===============


 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 29 May 2015 - 07:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#3 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 29 May 2015 - 01:18 PM

Here are the results:
 

# AdwCleaner v4.111 - Logfile created 29/05/2015 at 13:51:54
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : JOHN - D49KHV91
# Running from : C:\Documents and Settings\JOHN\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3742 bytes] - [05/03/2015 16:30:49]
AdwCleaner[R1].txt - [943 bytes] - [06/03/2015 08:57:27]
AdwCleaner[R2].txt - [945 bytes] - [06/03/2015 09:02:46]
AdwCleaner[R3].txt - [1062 bytes] - [26/05/2015 15:35:07]
AdwCleaner[R4].txt - [867 bytes] - [29/05/2015 13:51:54]
AdwCleaner[S0].txt - [3868 bytes] - [05/03/2015 16:36:11]
AdwCleaner[S1].txt - [1010 bytes] - [06/03/2015 09:05:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1043 bytes] ##########

 

 

And Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by JOHN (administrator) on D49KHV91 on 29-05-2015 14:09:01
Running from C:\Documents and Settings\JOHN\Desktop
Loaded Profiles: JOHN (Available Profiles: JOHN & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Dell Inc.) C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2005-11-29] (Synaptics, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1347584 2005-12-19] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [393216 2005-09-10] (SigmaTel, Inc.)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-03-19] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3574918938-69134075-966399895-1006\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [206112 2008-10-24] (Macrovision Corporation)
HKU\S-1-5-21-3574918938-69134075-966399895-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk [2006-04-22]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
BootExecute: autocheck autochk * C:\WINDOWS\system32\eamclean.exe \??\C:\WINDOWS\system32\eamclean.dat eamcleanC:\WINDOWS\system32\eamclean.exe \??\C:\WINDOWS\system32\eamclean.dat eamclean

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3574918938-69134075-966399895-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3574918938-69134075-966399895-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3574918938-69134075-966399895-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3574918938-69134075-966399895-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3574918938-69134075-966399895-1006 -> {60F1A3B8-EC4F-4173-8DA7-0E26B6C2DBB4} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-19] (RealPlayer)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06] (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2015-05-27] (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-02-17] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2015-05-27] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2015-05-27] (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKU\S-1-5-21-3574918938-69134075-966399895-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 000000000004 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-07-27] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JOHN\Application Data\Mozilla\Firefox\Profiles\55r0tkr1.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF SelectedSearchEngine: Google
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-09-22] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2010-02-19] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2015-05-27] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2015-05-27] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll No File
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2010-03-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2010-03-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2010-03-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2010-03-19] (RealNetworks, Inc.)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2009-08-31] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-03-09] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-06-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-06-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-06-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-06-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-06-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-06-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009-06-07] (Apple Inc.)
FF Extension: No Name - C:\Documents and Settings\JOHN\Application Data\Mozilla\Firefox\Profiles\55r0tkr1.default\Extensions\staged-xpis [2007-11-16]
FF Extension: No Name - C:\Documents and Settings\JOHN\Application Data\Mozilla\Firefox\Profiles\55r0tkr1.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-11-16]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008-04-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-10-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008-12-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-08]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-18]
FF HKLM\...\Firefox\Extensions: [{77719AB5-CC68-40A0-B589-801F2E5EB3EE}] - C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE}
FF Extension: XULRunner - C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE} [2011-03-19]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2015-05-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [not found]
FF Extension: No Name - C:\Documents and Settings\JOHN\Application Data\Mozilla\Firefox\Profiles\55r0tkr1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Documents and Settings\JOHN\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-03-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S4 gupdate1c9e80e534903d0; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-03-04] (Google Inc.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2015-05-27] (Sun Microsystems, Inc.)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [380928 2005-12-15] (Dell Inc.) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S4 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
S4 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S2 NecUsb3; C:\WINDOWS\system32\NCUSBw32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2015-01-28] (Emsisoft GmbH)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2005-11-02] (Broadcom Corporation)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2009-09-30] (Avanquest Software) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-01-28] (Emsisoft GmbH)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-04-30] (Logitech Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2009-04-30] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1032472 2005-09-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [34808 2015-03-05] ()
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 14:09 - 2015-05-29 14:09 - 00020968 _____ () C:\Documents and Settings\JOHN\Desktop\FRST.txt
2015-05-29 14:08 - 2015-05-29 14:09 - 00000000 ____D () C:\FRST
2015-05-29 14:08 - 2015-05-29 14:08 - 01147392 _____ (Farbar) C:\Documents and Settings\JOHN\Desktop\FRST.exe
2015-05-27 09:38 - 2015-05-27 09:38 - 00008214 _____ () C:\Documents and Settings\JOHN\Desktop\dds.txt
2015-05-27 09:24 - 2015-05-27 09:24 - 00688992 ____R (Swearware) C:\Documents and Settings\JOHN\Desktop\dds.com
2015-05-27 05:55 - 2015-05-27 05:55 - 00477616 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\npdeployJava1.dll
2015-05-27 05:55 - 2015-05-27 05:55 - 00000000 ____D () C:\Program Files\Java
2015-05-27 05:54 - 2015-05-27 05:54 - 00000000 ____D () C:\Program Files\QuickTime
2015-05-27 05:54 - 2015-05-27 05:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-05-27 05:53 - 2015-05-27 05:53 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer
2015-05-27 05:31 - 2015-05-27 05:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CSIS
2015-05-27 00:27 - 2015-05-27 00:27 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-05-26 17:47 - 2015-05-29 13:59 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2015-05-26 17:47 - 2015-05-29 13:59 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2015-05-26 17:47 - 2015-05-29 13:56 - 00032620 ____N () C:\WINDOWS\SchedLgU.Txt
2015-05-26 17:47 - 2015-05-26 22:02 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2015-05-26 17:46 - 2015-05-29 13:59 - 00201109 ____N () C:\WINDOWS\WindowsUpdate.log
2015-05-26 17:42 - 2015-05-26 17:42 - 00021443 _____ () C:\ComboFix.txt
2015-05-26 17:42 - 2015-05-26 17:42 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-05-26 17:42 - 2015-05-26 17:42 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-05-26 17:42 - 2015-05-26 17:42 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2015-05-26 17:42 - 2015-05-26 17:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-05-26 11:15 - 2015-05-26 11:28 - 00000000 ____D () C:\9371193b8bec6c0f02ce209f

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 14:09 - 2009-07-01 14:39 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-29 14:09 - 2006-04-27 19:46 - 00000000 ____D () C:\Documents and Settings\JOHN\Local Settings\Temp
2015-05-29 14:08 - 2006-04-27 19:46 - 00000000 ____D () C:\Documents and Settings\JOHN
2015-05-29 13:59 - 2015-03-04 06:02 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3574918938-69134075-966399895-1006.job
2015-05-29 13:59 - 2010-03-19 19:25 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3574918938-69134075-966399895-1006.job
2015-05-29 13:59 - 2009-07-01 14:39 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 13:59 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-29 13:58 - 2015-03-06 08:18 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-29 13:58 - 2015-03-06 06:52 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3574918938-69134075-966399895-501.job
2015-05-29 13:58 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-29 13:56 - 2015-03-05 16:30 - 00000000 ____D () C:\AdwCleaner
2015-05-29 13:56 - 2006-04-27 19:46 - 00000178 ___SH () C:\Documents and Settings\JOHN\ntuser.ini
2015-05-27 09:48 - 2004-08-10 14:09 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-27 09:26 - 2004-08-10 13:57 - 00573526 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-27 05:55 - 2011-03-19 21:50 - 00162224 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javaws.exe
2015-05-27 05:55 - 2011-03-19 21:50 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javaw.exe
2015-05-27 05:55 - 2011-03-19 21:50 - 00149936 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\java.exe
2015-05-27 05:55 - 2010-07-05 23:02 - 00473520 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\deployJava1.dll
2015-05-27 05:55 - 2008-04-29 08:32 - 00073728 _____ (Sun Microsystems, Inc.) C:\WINDOWS\system32\javacpl.cpl
2015-05-27 05:55 - 2006-04-22 08:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-27 05:43 - 2010-08-19 22:58 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2015-05-27 05:43 - 2009-06-17 02:56 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Adobe
2015-05-27 05:43 - 2009-03-26 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-05-27 05:43 - 2006-04-22 09:06 - 00000000 ____D () C:\Program Files\Adobe
2015-05-26 23:24 - 2004-08-10 14:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-05-26 23:17 - 2004-08-10 14:02 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-05-26 19:24 - 2015-03-03 22:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-05-26 18:11 - 2015-03-05 17:16 - 00000000 ____D () C:\Program Files\Defraggler
2015-05-26 18:10 - 2015-03-05 17:16 - 00001580 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2015-05-26 18:08 - 2015-03-03 22:22 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-05-26 18:08 - 2015-03-03 22:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-26 17:50 - 2006-04-22 08:46 - 00000327 __RSH () C:\boot.ini
2015-05-26 17:50 - 2004-08-10 13:51 - 00000504 _____ () C:\WINDOWS\win.ini
2015-05-26 17:50 - 2004-08-10 13:51 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-26 17:47 - 2004-08-10 14:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-26 17:42 - 2015-03-04 23:04 - 00000000 ____D () C:\Qoobox
2015-05-26 17:16 - 2015-03-06 06:58 - 05628291 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2015-05-26 17:13 - 2015-03-03 22:01 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-05-26 11:58 - 2015-03-04 06:08 - 00000000 ____D () C:\EEK
2015-05-26 11:48 - 2015-03-03 22:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-26 11:44 - 2015-03-03 22:37 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-26 11:44 - 2015-03-03 22:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-26 10:24 - 2015-03-06 08:18 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-04-30 10:07 - 2006-04-30 17:41 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2011-03-04 10:17 - 2011-03-04 10:17 - 0001257 _____ () C:\Documents and Settings\JOHN\Application Data\BBMS_EXCEPTION.txt
2006-11-04 20:07 - 2011-07-24 04:36 - 0039424 ____C () C:\Documents and Settings\JOHN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-18 00:03 - 2010-08-19 22:48 - 0021080 _____ () C:\Documents and Settings\JOHN\Local Settings\Application Data\rx_audio.Cache
2010-08-18 00:03 - 2010-08-19 22:48 - 0385264 _____ () C:\Documents and Settings\JOHN\Local Settings\Application Data\rx_image.Cache

Some files in TEMP:
====================
C:\Documents and Settings\JOHN\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\JOHN\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

And the Farbar FRST Attach file:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by JOHN at 2015-05-29 14:10:13
Running from C:\Documents and Settings\JOHN\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3574918938-69134075-966399895-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-3574918938-69134075-966399895-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-3574918938-69134075-966399895-1005 - Limited - Disabled)
JOHN (S-1-5-21-3574918938-69134075-966399895-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JOHN
SUPPORT_388945a0 (S-1-5-21-3574918938-69134075-966399895-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Java™ 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{D8E876D2-1A1C-495c-8A7D-80CF0EDA3566}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-02-21 23:25 - 2015-03-06 07:25 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3574918938-69134075-966399895-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3574918938-69134075-966399895-501.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3574918938-69134075-966399895-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3574918938-69134075-966399895-501.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3574918938-69134075-966399895-1006\...\gromozon.com -> hxxp://gromozon.com
IE restricted site: HKU\S-1-5-21-3574918938-69134075-966399895-1006\...\gromozon.com -> hxxps://gromozon.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3574918938-69134075-966399895-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\JOHN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AOLDialer => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
MSCONFIG\startupreg: Corel Photo Downloader => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1182017079\ee\AOLSoftware.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: MimBoot => C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
MSCONFIG\startupreg: MMTray => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
MSCONFIG\startupreg: ModemOnHold => C:\Program Files\NetWaiting\NetWaiting.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: ShowLOMControl =>
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1370 WLAN Mini-PCI Card
Description: Dell Wireless 1370 WLAN Mini-PCI Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 05:56:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/06/2015 06:44:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/06/2015 06:44:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/06/2015 06:44:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/06/2015 06:44:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/05/2015 11:27:55 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/05/2015 11:27:55 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/05/2015 05:33:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/05/2015 05:33:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/05/2015 05:33:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

System errors:
=============
Error: (05/29/2015 02:09:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate1c9e80e534903d0 with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/29/2015 01:59:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (05/29/2015 01:39:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (05/29/2015 01:39:05 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.20 for the Network Card with network address 001422A690EE has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/27/2015 10:06:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (05/27/2015 09:31:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (05/27/2015 06:09:50 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate1c9e80e534903d0 with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/27/2015 00:09:22 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate1c9e80e534903d0 with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/26/2015 11:34:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (05/26/2015 11:20:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Microsoft Office:
=========================
Error: (05/26/2015 05:56:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/06/2015 06:44:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/06/2015 06:44:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/06/2015 06:44:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/06/2015 06:44:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/05/2015 11:27:55 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/05/2015 11:27:55 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/05/2015 05:33:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/05/2015 05:33:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/05/2015 05:33:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

==================== Memory info ===========================

Processor: Intel® Celeron® M processor 1.50GHz
Percentage of memory in use: 26%
Total physical RAM: 1527.37 MB
Available physical RAM: 1126.93 MB
Total Pagefile: 2905.41 MB
Available Pagefile: 2689.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.2 GB) (Free:1.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PIRATES_OF_THE_CARIBBEAN) (CDROM) (Total:6.59 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End of log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 30 May 2015 - 07:24 AM




ATTENTION: System Restore is disabled

To turn on System Restore, follow these steps:
Click Start, click Control Panel, and then double-click System.
Click the System Restore tab.
Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
Click OK.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKU\S-1-5-21-3574918938-69134075-966399895-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll No File
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008-04-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-10-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008-12-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-08]
FF HKLM\...\Firefox\Extensions: [{77719AB5-CC68-40A0-B589-801F2E5EB3EE}] - C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE}
FF Extension: XULRunner - C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE} [2011-03-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [not found]
FF Extension: No Name - C:\Documents and Settings\JOHN\Application Data\Mozilla\Firefox\Profiles\55r0tkr1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S2 NecUsb3; C:\WINDOWS\system32\NCUSBw32.dll [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr; No ImagePath
C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE}
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> No Filepath

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 01 June 2015 - 11:36 AM

Seems like it's running good now.
Here's the log file results:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by JOHN at 2015-06-01 12:30:27 Run:1
Running from C:\Documents and Settings\JOHN\Desktop
Loaded Profiles: JOHN (Available Profiles: JOHN & Administrator & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKU\S-1-5-21-3574918938-69134075-966399895-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll No File
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008-04-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-10-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008-12-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-08]
FF HKLM\...\Firefox\Extensions: [{77719AB5-CC68-40A0-B589-801F2E5EB3EE}] - C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE}
FF Extension: XULRunner - C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE} [2011-03-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [not found]
FF Extension: No Name - C:\Documents and Settings\JOHN\Application Data\Mozilla\Firefox\Profiles\55r0tkr1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S2 NecUsb3; C:\WINDOWS\system32\NCUSBw32.dll [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr; No ImagePath
C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE}
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> No Filepath

End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} => value Removed successfully.
HKCR\CLSID\{BA52B914-B692-46c4-B683-905236F6F655} => key not found.
HKU\S-1-5-21-3574918938-69134075-966399895-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value Removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key Removed successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" => key Removed successfully.
HKCR\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}" => key Removed successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}" => key Removed successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key Removed successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key Removed successfully.
"HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13" => key Removed successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{77719AB5-CC68-40A0-B589-801F2E5EB3EE} => value Removed successfully.
C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com => not found.
C:\Documents and Settings\JOHN\Application Data\Mozilla\Firefox\Profiles\55r0tkr1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => not found.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
getPlusHelper => Service Removed successfully.
NecUsb3 => Service Removed successfully.
catchme => Service Removed successfully.
TlntSvr => Service Removed successfully.
"C:\Documents and Settings\JOHN\Local Settings\Application Data\{77719AB5-CC68-40A0-B589-801F2E5EB3EE}" => File/Folder not found.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}" => key Removed successfully.
"HKU\S-1-5-21-3574918938-69134075-966399895-1006_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}" => key Removed successfully.

The system needed a reboot.

==== End of Fixlog 12:30:29 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 01 June 2015 - 12:42 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 02 June 2015 - 09:28 AM

Still good here Nasdaq. Thank you very much for your help and assistance. Greatly appreciated :) . You can close this one out.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 02 June 2015 - 09:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users