Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% cpu usage, pages unresponsive


  • This topic is locked This topic is locked
51 replies to this topic

#1 dellposs

dellposs

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 05 June 2015 - 01:37 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/576893/100-cpu-usage-pages-unresponsive/ ~ OB

 

FRST and Additional logs

Attached Files


Edited by Orange Blossom, 05 June 2015 - 01:56 PM.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:08 PM

Posted 05 June 2015 - 04:57 PM

Hello dellposs and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
 

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


Uninstall programs

Please uninstall these programs:

Surfing Protection
Internet Download Manager


  • click Start, Settings, Control Panel, Add or Remove Programs
  • click on relevantknowledge and then on Uninstall. Repeat this for Sweetpacks, (any entry)

================================================

Run Zoek

Download zoek.exe to your Desktop:

Important : Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.
 

  • on Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    installedprogs;
    
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Satchfan
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 June 2015 - 03:51 AM

 

Uninstall programs

Please uninstall these programs:

Surfing Protection
Internet Download Manager


  • click Start, Settings, Control Panel, Add or Remove Programs
  • click on relevantknowledge and then on Uninstall. Repeat this for Sweetpacks, (any entry)

================================================
 

 

 

 

I do not have "Surfing Protection" nor "relevantknowledge" or "Sweetpacks"



#4 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:08 PM

Posted 06 June 2015 - 03:56 AM

Apologies for the confusion. Should have read:

 

Please uninstall these programs:

Surfing Protection
Internet Download Manager

  • click Start, Settings, Control Panel, Add or Remove Programs
  • click on Surfing Protection and then on Uninstall. Repeat this for Internet Download Manager

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 June 2015 - 04:14 AM

i do not have Surfing Protection installed or it is not visible in control panel


Edited by dellposs, 06 June 2015 - 04:17 AM.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:08 PM

Posted 06 June 2015 - 04:18 AM

Please proceed with the other instructions.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 June 2015 - 01:26 PM

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Sohaib Hassan on Sat 06/06/2015 at 15:32:58.48.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Sohaib Hassan\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
6/6/2015 3:43:29 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Program Files\DivX deleted successfully
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager deleted successfully
C:\Documents and Settings\Sohaib Hassan\Start Menu\Programs\Internet Download Manager deleted successfully
C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\SecTaskMan deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
µTorrent  
Adobe Reader XI (11.0.06)  
Adobe Refresh Manager  
Broadcom ASF Management Applications  
Broadcom Gigabit Integrated Controller  
C-Major Audio  
CCleaner  
Conexant D110 MDC V.92 Modem  
Definition Update for Microsoft Office 2010 (KB3015642) 32-Bit Edition  
Dell Wireless WLAN Card  
EaseUS Partition Master 10.5  
EaseUS Todo Backup Free 8.3   
Google Chrome  
Google Update Helper  
Hotfix for Windows XP (KB952287)  
Intel® Graphics Media Accelerator Driver for Mobile  
Java 7 Update 79  
KMPlayer (remove only)  
Malwarebytes Anti-Malware version 2.1.6.1022  
Microsoft Calculator Plus  
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office Groove MUI (English) 2010  
Microsoft Office InfoPath MUI (English) 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Visio Professional 2003  
Microsoft Office Word MUI (English) 2010  
Microsoft Silverlight  
Microsoft Software Update for Web Folders  (English) 14  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)  
MiKTeX 2.9  
Mozilla Firefox 34.0.5 (x86 en-US)  
Mozilla Maintenance Service  
MPC-HC 1.7.6  
NetMeter 1.1.3  
Proteus 7 Professional  
QQ International  
Revo Uninstaller 1.95  
SAMSUNG USB Driver for Mobile Phones  
Security Task Manager 2.0d  
Security Update for Microsoft Excel 2010 (KB2965240) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881073) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2965242) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2999412) 32-Bit Edition  
Security Update for Microsoft PowerPoint 2010 (KB2999420) 32-Bit Edition  
Security Update for Microsoft Windows (KB2564958)  
Security Update for Microsoft Word 2010 (KB2965237) 32-Bit Edition  
Security Update for Windows Media Player (KB2378111)  
Security Update for Windows Media Player (KB2803821-v2)  
Security Update for Windows Media Player (KB952069)  
Security Update for Windows Media Player (KB954155)  
Security Update for Windows Media Player (KB973540)  
Security Update for Windows Media Player (KB975558)  
Security Update for Windows Media Player (KB978695)  
Security Update for Windows XP (KB2115168)  
Security Update for Windows XP (KB2229593)  
Security Update for Windows XP (KB2296011)  
Security Update for Windows XP (KB2347290)  
Security Update for Windows XP (KB2387149)  
Security Update for Windows XP (KB2393802)  
Security Update for Windows XP (KB2419632)  
Security Update for Windows XP (KB2423089)  
Security Update for Windows XP (KB2443105)  
Security Update for Windows XP (KB2478960)  
Security Update for Windows XP (KB2478971)  
Security Update for Windows XP (KB2479943)  
Security Update for Windows XP (KB2481109)  
Security Update for Windows XP (KB2483185)  
Security Update for Windows XP (KB2485663)  
Security Update for Windows XP (KB2506212)  
Security Update for Windows XP (KB2507938)  
Security Update for Windows XP (KB2508429)  
Security Update for Windows XP (KB2509553)  
Security Update for Windows XP (KB2510581)  
Security Update for Windows XP (KB2535512)  
Security Update for Windows XP (KB2536276-v2)  
Security Update for Windows XP (KB2544893-v2)  
Security Update for Windows XP (KB2566454)  
Security Update for Windows XP (KB2570947)  
Security Update for Windows XP (KB2584146)  
Security Update for Windows XP (KB2585542)  
Security Update for Windows XP (KB2592799)  
Security Update for Windows XP (KB2598479)  
Security Update for Windows XP (KB2603381)  
Security Update for Windows XP (KB2619339)  
Security Update for Windows XP (KB2620712)  
Security Update for Windows XP (KB2631813)  
Security Update for Windows XP (KB2653956)  
Security Update for Windows XP (KB2655992)  
Security Update for Windows XP (KB2659262)  
Security Update for Windows XP (KB2661637)  
Security Update for Windows XP (KB2676562)  
Security Update for Windows XP (KB2686509)  
Security Update for Windows XP (KB2691442)  
Security Update for Windows XP (KB2698365)  
Security Update for Windows XP (KB2705219-v2)  
Security Update for Windows XP (KB2712808)  
Security Update for Windows XP (KB2719985)  
Security Update for Windows XP (KB2723135-v2)  
Security Update for Windows XP (KB2727528)  
Security Update for Windows XP (KB2757638)  
Security Update for Windows XP (KB2758857)  
Security Update for Windows XP (KB2770660)  
Security Update for Windows XP (KB2780091)  
Security Update for Windows XP (KB2802968)  
Security Update for Windows XP (KB2807986)  
Security Update for Windows XP (KB2813345)  
Security Update for Windows XP (KB2820917)  
Security Update for Windows XP (KB2834886)  
Security Update for Windows XP (KB2847311)  
Security Update for Windows XP (KB2850869)  
Security Update for Windows XP (KB2859537)  
Security Update for Windows XP (KB2862152)  
Security Update for Windows XP (KB2862330)  
Security Update for Windows XP (KB2862335)  
Security Update for Windows XP (KB2864063)  
Security Update for Windows XP (KB2868038)  
Security Update for Windows XP (KB2868626)  
Security Update for Windows XP (KB2876217)  
Security Update for Windows XP (KB2876331)  
Security Update for Windows XP (KB2879017)  
Security Update for Windows XP (KB2892075)  
Security Update for Windows XP (KB2893294)  
Security Update for Windows XP (KB2898715)  
Security Update for Windows XP (KB2900986)  
Security Update for Windows XP (KB2909212)  
Security Update for Windows XP (KB2914368)  
Security Update for Windows XP (KB2916036)  
Security Update for Windows XP (KB2922229)  
Security Update for Windows XP (KB2925418)  
Security Update for Windows XP (KB2929961)  
Security Update for Windows XP (KB2930275)  
Security Update for Windows XP (KB2936068)  
Security Update for Windows XP (KB2964358)  
Security Update for Windows XP (KB923561)  
Security Update for Windows XP (KB923789)  
Security Update for Windows XP (KB946648)  
Security Update for Windows XP (KB950762)  
Security Update for Windows XP (KB950974)  
Security Update for Windows XP (KB951376-v2)  
Security Update for Windows XP (KB952004)  
Security Update for Windows XP (KB952954)  
Security Update for Windows XP (KB956572)  
Security Update for Windows XP (KB956844)  
Security Update for Windows XP (KB959426)  
Security Update for Windows XP (KB960803)  
Security Update for Windows XP (KB960859)  
Security Update for Windows XP (KB969059)  
Security Update for Windows XP (KB970430)  
Security Update for Windows XP (KB971657)  
Security Update for Windows XP (KB972270)  
Security Update for Windows XP (KB973507)  
Security Update for Windows XP (KB973869)  
Security Update for Windows XP (KB973904)  
Security Update for Windows XP (KB974112)  
Security Update for Windows XP (KB974318)  
Security Update for Windows XP (KB974392)  
Security Update for Windows XP (KB974571)  
Security Update for Windows XP (KB975025)  
Security Update for Windows XP (KB975467)  
Security Update for Windows XP (KB975560)  
Security Update for Windows XP (KB975713)  
Security Update for Windows XP (KB977816)  
Security Update for Windows XP (KB977914)  
Security Update for Windows XP (KB978338)  
Security Update for Windows XP (KB978542)  
Security Update for Windows XP (KB978706)  
Security Update for Windows XP (KB979309)  
Security Update for Windows XP (KB979482)  
Security Update for Windows XP (KB979687)  
Security Update for Windows XP (KB981997)  
Security Update for Windows XP (KB982132)  
Security Update for Windows XP (KB982665)  
Send Anywhere  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition  
Skype™ 6.14  
TeamViewer 10  
Texas Instruments PCIxx21/x515/xx12 drivers.  
Texmaker  
TinyCAD 2.80.06  
TIPCI  
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition  
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition  
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2965291) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2999439) 32-Bit Edition  
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition  
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition  
Update for Microsoft Outlook 2010 (KB3015585) 32-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition  
Update for Microsoft Visio 2010 (KB2965292) 32-Bit Edition  
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition  
Update for Windows XP (KB2345886)  
Update for Windows XP (KB2749655)  
Update for Windows XP (KB2904266)  
Update for Windows XP (KB2934207)  
Update for Windows XP (KB898461)  
Update for Windows XP (KB951978)  
Update for Windows XP (KB955759)  
Update for Windows XP (KB968389)  
Update for Windows XP (KB971029)  
Update for Windows XP (KB973815)  
VC80CRTRedist - 8.0.50727.6195  
Visual Studio 2012 x86 Redistributables  
VLC media player 2.1.3  
WebFldrs XP  
Windows XP Service Pack 3  
WinRAR 5.10 beta 4 (32-bit)  
Xming-fonts 7.5.0.11  
Xming 6.9.0.31  
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Program Files\DivX not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivX deleted
C:\Program Files\GUT6.tmp deleted
C:\Program Files\GUM5.tmp deleted
C:\Documents and Settings\Sohaib Hassan\Application Data\ProductData deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg_Update_1014av deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ProductData deleted
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Documents and Settings\Sohaib Hassan\Application Data\Mozilla\Firefox\Profiles\eotpz452.default-1425406338750
FDC657B919E096F67B8EB0B5F4900B0E - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U79
B661A82EBAE17E3EE90FEC6D52421AA4 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.790.15
08ACECEB47FAF053C468D8AFE44709AD - C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.81
 
 
Bookmark Manager - Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Empty IE Cache ======================
 
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Sohaib Hassan\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Sohaib Hassan\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Mozilla\Firefox\Profiles\eotpz452.default-1425406338750\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Opera Software\Opera Stable\Cache emptied successfully
C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=80 folders=11 15956057 bytes)
 
==== Empty Temp Folders ======================
 
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\Documents and Settings\Sohaib Hassan\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\SOHAIB~1\LOCALS~1\Temp successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\Sohaib Hassan\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
 
==== EOF on Sat 06/06/2015 at 23:13:39.21 ======================


#8 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:08 PM

Posted 06 June 2015 - 04:01 PM

P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.


Please run FRST again and send the new log.

Can you also tell me how your computer is now.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 07 June 2015 - 04:05 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015
Ran by Sohaib Hassan (administrator) on JOOKAWARK on 07-06-2015 14:02:13
Running from C:\Softwares\FRST
Loaded Profiles: Sohaib Hassan (Available Profiles: Sohaib Hassan)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
() C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\NetMeter\NetMeter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Documents and Settings\Sohaib Hassan\Application Data\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe [2089056 2015-04-14] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Run: [EaseUS TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKU\S-1-5-21-1220945662-1965331169-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-1965331169-839522115-1003\...\Run: [C:\Program Files\NetMeter\NetMeter.exe] => C:\Program Files\NetMeter\NetMeter.exe [331264 2007-08-11] ()
HKU\S-1-5-21-1220945662-1965331169-839522115-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1220945662-1965331169-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1220945662-1965331169-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1220945662-1965331169-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1220945662-1965331169-839522115-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-05-25] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{7EB1B642-3496-4C38-987C-5F00E61DAE5C}: [NameServer] 10.9.21.140
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sohaib Hassan\Application Data\Mozilla\Firefox\Profiles\eotpz452.default-1425406338750
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @qq.com/npchrome -> C:\Program Files\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF HKU\S-1-5-21-1220945662-1965331169-839522115-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Sohaib Hassan\Application Data\IDM\idmmzcc3
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-05]
CHR Extension: (Google Docs) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-05]
CHR Extension: (Google Search) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-05]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-05]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Gmail) - C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-05]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.) [File not signed]
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-05-25] (Oracle Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation) [File not signed]
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation) [File not signed]
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2014-12-15] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188328 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2209408 2007-02-08] (Intel® Corporation)
S3 catchme; \??\C:\DOCUME~1\SOHAIB~1\LOCALS~1\Temp\catchme.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S4 s24trans; system32\DRIVERS\s24trans.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 UIUSys; system32\drivers\UIUSys.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-06 19:53 - 2015-06-07 14:02 - 00000000 ____D C:\Documents and Settings\Sohaib Hassan\Local Settings\Temp
2015-06-06 19:53 - 2015-06-06 19:53 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-06-06 19:53 - 2015-06-06 19:53 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-06-06 19:53 - 2015-06-06 19:53 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp
2015-06-06 19:53 - 2015-06-06 15:27 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-06-06 15:42 - 2015-06-06 23:13 - 00018199 _____ C:\zoek-results.log
2015-06-06 15:27 - 2015-06-06 18:37 - 00000000 ____D C:\zoek_backup
2015-06-06 15:07 - 2015-06-06 15:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SecTaskMan
2015-06-06 13:43 - 2015-06-06 13:44 - 01308672 _____ C:\Documents and Settings\Sohaib Hassan\Desktop\zoek.exe
2015-06-06 00:43 - 2015-06-06 00:43 - 00090112 _____ C:\WINDOWS\Minidump\Mini060615-01.dmp
2015-06-06 00:37 - 2015-06-06 00:40 - 00000000 ___SD C:\ComboFix
2015-06-04 21:35 - 2015-06-04 21:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini060415-01.dmp
2015-06-03 20:17 - 2015-06-03 20:17 - 00000917 _____ C:\Documents and Settings\Sohaib Hassan\Desktop\Revo Uninstaller.lnk
2015-06-03 20:17 - 2015-06-03 20:17 - 00000000 ____D C:\Program Files\VS Revo Group
2015-06-02 23:52 - 2015-06-02 23:52 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 8.3 .lnk
2015-06-02 23:52 - 2015-06-02 23:52 - 00000000 ____D C:\My Backups
2015-06-02 23:52 - 2015-06-02 23:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup Free 8.3
2015-06-02 23:52 - 2014-12-15 00:56 - 00188328 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EuFdDisk.sys
2015-06-02 23:52 - 2014-12-15 00:56 - 00052008 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eubakup.sys
2015-06-02 23:52 - 2014-12-15 00:56 - 00040744 _____ C:\WINDOWS\system32\Drivers\EUBKMON.sys
2015-06-02 23:52 - 2014-12-15 00:56 - 00014888 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eudskacs.sys
2015-06-02 23:32 - 2014-12-15 01:03 - 00019496 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2015-06-02 23:12 - 2015-06-02 23:33 - 00000000 ____D C:\Program Files\EaseUS
2015-06-02 23:12 - 2015-06-02 23:12 - 00001015 _____ C:\Documents and Settings\All Users\Desktop\EaseUS Partition Master 10.5.lnk
2015-06-02 23:12 - 2015-06-02 23:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Partition Master 10.5
2015-06-02 23:12 - 2015-04-16 11:15 - 02536072 _____ C:\WINDOWS\system32\BootMan.exe
2015-06-02 23:12 - 2014-11-18 14:46 - 00021088 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2015-06-02 23:12 - 2014-11-18 14:39 - 00014944 _____ C:\WINDOWS\system32\epmntdrv.sys
2015-06-02 23:12 - 2014-11-18 14:39 - 00010208 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2015-06-02 23:12 - 2014-11-18 14:38 - 00088160 _____ C:\WINDOWS\system32\setupempdrv03.exe
2015-05-31 13:22 - 2015-05-31 13:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini053115-01.dmp
2015-05-28 23:57 - 2015-05-30 03:10 - 00000214 _____ C:\WINDOWS\wiadebug.log
2015-05-28 23:57 - 2015-05-30 03:10 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-05-28 23:57 - 2015-05-28 23:57 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-05-28 23:31 - 2015-06-02 23:53 - 00017697 _____ C:\WINDOWS\setupapi.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00029891 _____ C:\WINDOWS\iis6.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00014320 _____ C:\WINDOWS\ocgen.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00009481 _____ C:\WINDOWS\FaxSetup.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00006700 _____ C:\WINDOWS\tsoc.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00003739 _____ C:\WINDOWS\imsins.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00003605 _____ C:\WINDOWS\comsetup.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00002975 _____ C:\WINDOWS\ntdtcsetup.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00001061 _____ C:\WINDOWS\MedCtrOC.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00000743 _____ C:\WINDOWS\msgsocm.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00000701 _____ C:\WINDOWS\ocmsn.log
2015-05-28 23:26 - 2015-05-28 23:45 - 00000311 _____ C:\WINDOWS\tabletoc.log
2015-05-28 23:26 - 2015-05-28 23:38 - 00001868 _____ C:\WINDOWS\netfxocm.log
2015-05-28 23:26 - 2015-05-28 23:31 - 00009046 _____ C:\WINDOWS\msmqinst.log
2015-05-28 23:26 - 2015-05-28 23:26 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-05-28 23:26 - 2015-05-28 23:26 - 00000000 _____ C:\WINDOWS\setupact.log
2015-05-27 20:31 - 2015-05-27 20:31 - 00000706 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-05-27 20:31 - 2015-05-27 20:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-05-25 17:42 - 2015-05-25 16:58 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-05-25 17:42 - 2015-05-25 16:58 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-25 17:03 - 2015-05-25 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-05-25 17:03 - 2015-05-25 16:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-05-25 17:03 - 2015-05-25 16:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-05-25 17:03 - 2015-05-25 16:58 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-25 16:55 - 2015-05-25 16:55 - 00000000 ____D C:\Program Files\Java
2015-05-25 16:45 - 2015-05-25 16:45 - 00000000 ____D C:\Documents and Settings\Sohaib Hassan\Application Data\Sun
2015-05-24 14:16 - 2015-05-24 14:16 - 00000000 ____D C:\f59e0d9f626896c4da5ad001ed12
2015-05-23 00:19 - 2015-05-23 00:19 - 00000288 _____ C:\Documents and Settings\Sohaib Hassan\Desktop\ESETScan.txt
2015-05-22 15:12 - 2015-05-22 15:12 - 00000000 ____D C:\Program Files\ESET
2015-05-22 02:23 - 2015-05-22 02:23 - 00001145 _____ C:\Documents and Settings\Sohaib Hassan\Desktop\JRT.txt
2015-05-22 02:13 - 2015-05-22 02:13 - 00000000 ____D C:\RegBackup
2015-05-22 01:16 - 2015-05-22 01:20 - 00023515 _____ C:\Documents and Settings\Sohaib Hassan\Desktop\Result.txt
2015-05-20 17:40 - 2015-05-20 17:40 - 00000000 _RSHD C:\cmdcons
2015-05-20 17:40 - 2014-03-22 01:48 - 00000211 _____ C:\Boot.bak
2015-05-20 17:40 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-05-20 17:18 - 2011-06-26 11:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-05-20 17:18 - 2010-11-07 22:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-05-20 17:18 - 2009-04-20 09:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-20 17:18 - 2000-08-31 05:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-20 17:18 - 2000-08-31 05:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-20 17:18 - 2000-08-31 05:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-20 17:18 - 2000-08-31 05:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-05-20 17:18 - 2000-08-31 05:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-05-20 17:18 - 2000-08-31 05:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-05-20 15:34 - 2015-05-20 17:13 - 00000000 ____D C:\Qoobox
2015-05-20 15:28 - 2015-05-20 15:28 - 00000000 ____D C:\WINDOWS\erdnt
2015-05-19 21:42 - 2015-05-19 21:42 - 00002321 _____ C:\Documents and Settings\Sohaib Hassan\Desktop\anti.txt
2015-05-19 17:03 - 2015-05-20 20:17 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-19 16:55 - 2015-05-19 16:55 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-19 16:54 - 2015-05-19 16:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 16:53 - 2015-05-19 16:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-05-19 16:53 - 2015-05-19 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-05-19 16:53 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-19 16:53 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-19 16:21 - 2015-05-22 02:10 - 00000000 ____D C:\AdwCleaner
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-07 14:02 - 2015-03-15 01:30 - 00000000 ____D C:\FRST
2015-06-07 14:02 - 2014-11-15 20:19 - 00000000 ____D C:\Documents and Settings\Sohaib Hassan\Application Data\uTorrent
2015-06-07 14:01 - 2014-03-23 21:52 - 00000000 ____D C:\Softwares
2015-06-07 13:16 - 2015-03-05 13:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 12:41 - 2014-03-22 01:54 - 01205039 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-07 02:02 - 2014-03-25 15:39 - 00000000 ____D C:\Program Files\TeamViewer
2015-06-06 23:13 - 2015-03-05 13:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-06 23:13 - 2014-03-24 10:37 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-06 23:13 - 2014-03-21 16:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-06 23:12 - 2014-03-21 16:23 - 00000178 ___SH C:\Documents and Settings\Sohaib Hassan\ntuser.ini
2015-06-06 23:12 - 2014-03-21 16:22 - 00032552 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-06 14:24 - 2014-10-25 14:33 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-06-06 00:35 - 2014-10-25 14:33 - 00000000 ____D C:\Documents and Settings\Sohaib Hassan\Application Data\DMCache
2015-06-04 21:35 - 2014-11-01 20:36 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-02 12:00 - 2001-10-04 12:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-01 16:30 - 2014-10-03 01:00 - 00000000 ____D C:\KMPlayer
2015-05-31 03:10 - 2014-03-24 12:01 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-05-29 22:52 - 2014-04-02 18:31 - 00000000 ____D C:\Documents and Settings\Sohaib Hassan\Application Data\Skype
2015-05-29 20:49 - 2014-04-02 18:31 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-05-27 00:42 - 2014-03-21 16:23 - 00000000 ____D C:\Documents and Settings\Sohaib Hassan
2015-05-26 14:00 - 2015-03-05 15:22 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-05-24 19:57 - 2014-03-24 11:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-05-24 19:57 - 2001-10-04 12:16 - 00000615 _____ C:\WINDOWS\win.ini
2015-05-20 17:40 - 2014-03-21 20:51 - 00000327 __RSH C:\boot.ini
2015-05-20 00:36 - 2015-03-21 12:12 - 00018705 _____ C:\Documents and Settings\Sohaib Hassan\Desktop\Addition.txt
2015-05-20 00:36 - 2015-03-21 12:10 - 00020073 _____ C:\Documents and Settings\Sohaib Hassan\Desktop\FRST.txt
2015-05-19 21:15 - 2014-03-24 10:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2909212$
2015-05-14 15:41 - 2014-03-24 10:42 - 00000000 ____D C:\sohaib
2015-05-08 15:00 - 2014-03-24 10:37 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Files in the root of some directories =======
 
2014-03-22 02:49 - 2014-08-25 21:00 - 0005632 _____ () C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-22 16:31 - 2015-04-30 17:42 - 0000600 _____ () C:\Documents and Settings\Sohaib Hassan\Local Settings\Application Data\PUTTY.RND
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-06-2015
Ran by Sohaib Hassan at 2015-06-07 14:03:37
Running from C:\Softwares\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1220945662-1965331169-839522115-500 - Administrator - Enabled)
Guest (S-1-5-21-1220945662-1965331169-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1220945662-1965331169-839522115-1000 - Limited - Disabled)
Sohaib Hassan (S-1-5-21-1220945662-1965331169-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Sohaib Hassan
SUPPORT_388945a0 (S-1-5-21-1220945662-1965331169-839522115-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Advanced SystemCare Ultimate (Enabled - Out of date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1220945662-1965331169-839522115-1003\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Broadcom ASF Management Applications (HKLM\...\InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}) (Version: 5.09.01 - Broadcom)
Broadcom ASF Management Applications (Version: 5.09.01 - Broadcom) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
EaseUS Partition Master 10.5 (HKLM\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 8.3  (HKLM\...\EaseUS Todo Backup_is1) (Version: 8.3 - CHENGDU YIWO Tech Development Co., Ltd)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
Java 7 Update 79 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.0.128 - PandoraTV)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MPC-HC 1.7.6 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
NetMeter 1.1.3 (HKLM\...\NetMeter_is1) (Version:  - ReadError)
Proteus 7 Professional (HKLM\...\{13C4E8F0-B747-4C7C-9090-884832F9F90A}) (Version: 7.01.0200 - Labcenter Electronics)
QQ International (HKLM\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 2.0d (HKLM\...\Security Task Manager) (Version: 2.0d - Neuber Software)
Send Anywhere (HKLM\...\{4C09F722-410A-481D-A488-D56FBE34334F}_is1) (Version: 1.3.26 - Estmob Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}) (Version: 2.00.0000 - Texas Instruments Inc.)
Texmaker (HKLM\...\Texmaker) (Version:  - )
TinyCAD 2.80.06 (HKLM\...\TinyCAD) (Version: 2.80.06 - TinyCAD)
TIPCI (Version: 2.00.0000 - Texas Instruments Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xming 6.9.0.31 (HKLM\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
Xming-fonts 7.5.0.11 (HKLM\...\Xming-fonts_is1) (Version: 7.5.0.11 - Colin Harrison)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
09-04-2015 00:48:09 System Checkpoint
12-04-2015 16:46:30 System Checkpoint
13-04-2015 20:13:11 System Checkpoint
16-04-2015 21:01:32 System Checkpoint
18-04-2015 23:20:23 System Checkpoint
19-04-2015 23:44:30 System Checkpoint
21-04-2015 04:55:02 System Checkpoint
28-04-2015 21:09:09 System Checkpoint
29-04-2015 21:22:26 System Checkpoint
01-05-2015 01:02:35 System Checkpoint
02-05-2015 17:26:52 System Checkpoint
03-05-2015 23:55:15 System Checkpoint
06-05-2015 13:27:00 System Checkpoint
08-05-2015 19:40:59 System Checkpoint
09-05-2015 19:58:22 System Checkpoint
13-05-2015 15:22:35 System Checkpoint
15-05-2015 21:04:10 First Restore Point
16-05-2015 16:41:23 Removed Kaspersky Anti-Virus 2013.
17-05-2015 19:05:06 System Checkpoint
18-05-2015 21:32:59 System Checkpoint
20-05-2015 21:10:55 ComboFix created restore point
21-05-2015 12:48:49 Installed OPSWAT GEARS
23-05-2015 03:04:08 Software Distribution Service 3.0
24-05-2015 13:35:52 Software Distribution Service 3.0
24-05-2015 19:40:36 Software Distribution Service 3.0
25-05-2015 16:55:26 Installed Java 7 Update 79
27-05-2015 20:36:00 System Checkpoint
29-05-2015 19:45:54 System Checkpoint
30-05-2015 23:14:23 System Checkpoint
01-06-2015 17:19:53 System Checkpoint
04-06-2015 00:53:18 System Checkpoint
06-06-2015 00:39:31 ComboFix created restore point
06-06-2015 15:43:29 zoek.exe restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2001-10-04 12:14 - 2001-10-04 12:14 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-21 17:01 - 2007-03-16 18:10 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2014-03-21 17:01 - 2007-03-16 18:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-29 16:31 - 2014-12-16 19:26 - 00118520 _____ () C:\Program Files\Send Anywhere\WindowsShellExt.dll
2015-06-02 23:12 - 2014-11-18 14:44 - 00255072 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe
2015-06-02 23:12 - 2014-02-13 15:27 - 00222792 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\traynet.dll
2015-06-02 23:12 - 2014-02-13 15:27 - 00275528 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\libcurl.dll
2015-06-02 23:12 - 2014-02-13 15:27 - 00113166 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\zlib1.dll
2015-06-02 23:12 - 2014-02-13 15:27 - 00249928 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\uexper.dll
2015-06-02 23:33 - 2014-12-15 01:04 - 00253992 _____ () C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
2015-06-02 23:33 - 2014-12-15 01:04 - 00223272 _____ () C:\Program Files\EaseUS\TrayPopup\traynet.dll
2015-06-02 23:33 - 2014-12-15 01:04 - 00275496 _____ () C:\Program Files\EaseUS\TrayPopup\libcurl.dll
2015-06-02 23:33 - 2014-12-15 01:04 - 00118328 _____ () C:\Program Files\EaseUS\TrayPopup\zlib1.dll
2015-06-02 23:33 - 2015-03-14 12:05 - 00249896 _____ () C:\Program Files\EaseUS\TrayPopup\uexper.dll
2014-04-02 19:39 - 2007-08-11 15:50 - 00331264 _____ () C:\Program Files\NetMeter\NetMeter.exe
2015-06-02 23:30 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-06-02 23:30 - 2015-03-14 11:53 - 00107560 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\logsys.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files\EaseUS\Todo Backup\bin\MountImg.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ImgFile.dll
2015-06-02 23:30 - 2015-03-14 11:54 - 00281128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-06-02 23:30 - 2015-03-14 11:54 - 00072232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckImg.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files\EaseUS\Todo Backup\bin\BootDriver.dll
2015-06-02 23:30 - 2015-03-14 11:54 - 00759848 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FatLib.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\RegLib.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00137256 _____ () C:\Program Files\EaseUS\Todo Backup\bin\Device.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00146984 _____ () C:\Program Files\EaseUS\Todo Backup\bin\Partition.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-06-02 23:30 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files\EaseUS\Todo Backup\bin\Common.dll
2015-06-02 23:31 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2015-06-02 23:31 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-06-02 23:31 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files\EaseUS\Todo Backup\bin\SmartBackup.dll
2014-03-22 01:25 - 2013-01-02 11:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2001-10-04 12:13 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2001-10-04 12:15 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-05-26 14:00 - 2015-05-23 01:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1220945662-1965331169-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.100.1 - 10.9.21.140
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Xming\Xming.exe] => Enabled:Xming X Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Sohaib Hassan\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Sohaib Hassan\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe] => Enabled:QQSetupEX
StandardProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQIntl\Bin\QQ.exe] => Enabled:QQ International
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\119\Tencentdl.exe] => Enabled:ÌÚѶ²úÆ·ÏÂÔØ×é¼þ
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe] => Enabled:TbService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe] => Enabled:Local TBConsoleUI.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe] => Enabled:Local TodoBackupService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe] => Enabled:Agent.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/07/2015 00:23:40 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/07/2015 00:23:40 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/07/2015 00:23:39 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/07/2015 00:23:39 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/07/2015 01:09:39 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/07/2015 01:09:39 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/07/2015 01:09:39 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/07/2015 01:09:39 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/06/2015 11:13:37 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (06/06/2015 11:13:37 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (06/07/2015 00:33:04 PM) (Source: 0) (EventID: 4199) (User: )
Description: 192.168.1.648:5A:B6:B0:70:11
 
Error: (06/07/2015 00:33:04 PM) (Source: 0) (EventID: 4199) (User: )
Description: 192.168.1.648:5A:B6:B0:70:11
 
Error: (06/06/2015 03:00:29 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.100.15 for the Network Card with network address 00166F763A79 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (06/06/2015 02:02:18 AM) (Source: 0) (EventID: 4319) (User: )
Description: 
 
Error: (06/06/2015 01:37:01 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf85fc9e, parameter3 f564dac4, parameter4 00000000.
 
Error: (06/06/2015 01:36:13 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 00166F763A79 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (06/06/2015 00:44:23 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.5 for the Network Card with network address 00166F763A79 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (06/06/2015 00:35:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EaseUS Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/05/2015 03:19:42 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf8c3453, parameter3 f5dbeab4, parameter4 00000000.
 
Error: (06/05/2015 03:13:31 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.100.72 for the Network Card with network address 00166F763A79 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
 
Microsoft Office:
=========================
Error: (06/07/2015 00:23:40 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (06/07/2015 00:23:40 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (06/07/2015 00:23:39 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (06/07/2015 00:23:39 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (06/07/2015 01:09:39 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (06/07/2015 01:09:39 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (06/07/2015 01:09:39 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (06/07/2015 01:09:39 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (06/06/2015 11:13:37 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (06/06/2015 11:13:37 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® M processor 2.13GHz
Percentage of memory in use: 62%
Total physical RAM: 1015.36 MB
Available physical RAM: 379.27 MB
Total Pagefile: 2419.57 MB
Available Pagefile: 1376.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.66 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.29 GB) (Free:4.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Local Disk) (Fixed) (Total:7.97 GB) (Free:0.6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 23382338)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=OF Extended)
 
==================== End of log ============================


#10 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 07 June 2015 - 04:11 AM

the laptop is behaving good and didnt teased me with 100% cpu usage since yesterday scan of zoek 



#11 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:08 PM

Posted 07 June 2015 - 06:49 AM

Glad things are better but there are a few things to deal with.

It’s a good idea to move Farbar Recovery Scan Tool to your desktop otherwise future fixes may not work.

  • go to C:\Softwares\FRST, right click on FRST and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.


HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
FF HKU\S-1-5-21-1220945662-1965331169-839522115-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Sohaib Hassan\Application Data\IDM\idmmzcc3
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
C:\Documents and Settings\Sohaib Hassan\Application Data\IDM
C:\Program Files\AVG

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with the next post:

Fixlog.txt
Mbam.txt
checkup.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 07 June 2015 - 08:25 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 03-06-2015
Ran by Sohaib Hassan at 2015-06-07 18:21:24 Run:1
Running from C:\Documents and Settings\Sohaib Hassan\Desktop
Loaded Profiles: Sohaib Hassan (Available Profiles: Sohaib Hassan)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
FF HKU\S-1-5-21-1220945662-1965331169-839522115-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Sohaib Hassan\Application Data\IDM\idmmzcc3
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
C:\Documents and Settings\Sohaib Hassan\Application Data\IDM
C:\Program Files\AVG
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\S-1-5-21-1220945662-1965331169-839522115-1003\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2015\avgmfapx.exe => value removed successfully.
C:\Documents and Settings\Sohaib Hassan\Application Data\IDM => moved successfully.
"C:\Program Files\AVG" => File/Folder not found.
 
==== End of Fixlog 18:21:27 ====


#13 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 07 June 2015 - 08:55 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/7/2015
Scan Time: 6:30:38 PM
Logfile: Mbam.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.20.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Sohaib Hassan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303508
Time Elapsed: 20 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 07 June 2015 - 08:58 AM

 Results of screen317's Security Check version 1.003  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Please wait while WMIC is being installed.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 79  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#15 dellposs

dellposs
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 07 June 2015 - 09:04 AM

the last time i scanned with Malwarebytes Anti-Malware, it has taken around 2 hours, now its done in 20 minutes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users