Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads popping up everywhere


  • This topic is locked This topic is locked
6 replies to this topic

#1 Slomo1020

Slomo1020

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Milwaukee, Wisconsin
  • Local time:11:54 PM

Posted 21 August 2015 - 01:52 AM

I started a post under this heading as I am new to this place, it started where all of a sudden I was getting ads covering my computer mostly on google chrome. I had a really nice gentleman help me and we did malware bytes, adwaRE, Junk Removal, and Esen, after I posted him the logs from that he told me that I should come over to this forum and run Farbar Recovery Scan Tool, this is the result of those logs, at the end I will put the original link to the forum I started so if you want to see the results of all he helped me with and all the results of the other scans, thank you for your help.

 

Results of Farbar Recovery Scan Tool First Scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015
Ran by User (administrator) on LAPTOP1 (21-08-2015 01:33:36)
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(Dropbox, Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-01] (AVAST Software)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [89541 2006-06-30] (Agere Systems)
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\...\Run: [Dropbox Update] => C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2015-07-28]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-01] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  No File
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKU\.DEFAULT -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-1547161642-1637723038-839522115-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-1637723038-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1547161642-1637723038-839522115-1003 -> {B5FF8C26-FE5F-4E3E-ACB7-2F5D18631AB6} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-1637723038-839522115-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-01] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-19] (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1423511948609
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9F9E584E-335E-4F17-A115-42B1D2619BF6}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\e80q66bw.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-19] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\e80q66bw.default\searchplugins\google-avast.xml [2015-08-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-10]
FF HKU\S-1-5-21-1547161642-1637723038-839522115-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\User\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\User\Application Data\IDM\idmmzcc5 [2015-04-21]
FF HKU\S-1-5-21-1547161642-1637723038-839522115-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\User\Application Data\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (A Quotation) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aafpohheobbibbehfjogminpinjhlpmg [2015-03-25]
CHR Extension: (Musix) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahidimbgfemjmhhicghnkodhgbljklcp [2015-06-25]
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (academic-publications.com) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aokpkekafcaifmkgijfagenngookcpod [2015-03-25]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Cast) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-06]
CHR Extension: (EasyBib) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe [2015-03-25]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (PrivateWriting.com) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\enpfjhlimcdbfoglpniigekjmmilinac [2015-03-25]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-07-29]
CHR Extension: (MusixLib) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifhnjalcekbmmeknpgnkpghldbbhanen [2015-06-25]
CHR Extension: (Dropbox) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-03-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-03-25]
CHR Extension: (Outlook.com) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-03-25]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-01] (AVAST Software)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R5 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-01] (AVAST Software)
R5 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-01] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-01] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-01] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2015-02-10] (The OpenVPN Project)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-01] (AVAST Software)
R5 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-01] (AVAST Software)
R5 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
R5 Compbatt; C:\WINDOWS\System32\DRIVERS\compbatt.sys [10240 2008-04-14] (Microsoft Corporation)
R5 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
R5 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-14] (Microsoft Corporation)
R5 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [126968 2015-03-26] (Tonec Inc.)
R5 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
R5 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-21] (Malwarebytes Corporation)
R5 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
R5 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R5 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1707776 2006-07-25] (Intel® Corporation)
S3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R5 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-14] (Microsoft Corporation)
R5 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
R5 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
R5 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R5 Pcmcia; C:\WINDOWS\System32\DRIVERS\pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
R5 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
R5 Thpevm; C:\WINDOWS\System32\DRIVERS\Thpevm.SYS [6528 2007-09-04] (TOSHIBA Corporation)
R5 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; system32\drivers\Ambfilt.sys [X]
S4 IntelIde; no ImagePath
S3 Monfilt; system32\drivers\Monfilt.sys [X]
S4 s24trans; system32\DRIVERS\s24trans.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-21 01:33 - 2015-08-21 01:34 - 00000000 ____D C:\FRST
2015-08-20 19:21 - 2015-08-20 19:21 - 00000971 _____ C:\Documents and Settings\User\My Documents\Eset Scan.txt
2015-08-20 18:14 - 2015-08-20 18:14 - 00000000 ____D C:\Program Files\ESET
2015-08-20 16:06 - 2015-08-20 20:19 - 00002423 _____ C:\Documents and Settings\User\My Documents\smokeys.txt
2015-08-19 15:56 - 2015-08-19 15:56 - 00002426 _____ C:\Documents and Settings\User\Desktop\JRT.txt
2015-08-19 15:51 - 2015-08-19 14:14 - 01798576 _____ (Malwarebytes Corporation) C:\Documents and Settings\User\Desktop\JRT.exe
2015-08-19 15:00 - 2015-08-21 01:25 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-19 14:59 - 2015-08-19 15:37 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-19 14:59 - 2015-08-19 15:37 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-19 14:59 - 2015-08-19 15:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-19 14:59 - 2015-06-18 08:52 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-19 14:59 - 2015-06-18 08:52 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-19 14:58 - 2015-08-19 14:58 - 00003036 _____ C:\Documents and Settings\User\My Documents\VolumeC.txt
2015-08-19 14:44 - 2015-08-19 22:49 - 00002674 _____ C:\Documents and Settings\User\My Documents\computer info.txt
2015-08-19 12:47 - 2015-08-19 12:50 - 00000000 ____D C:\AdwCleaner
2015-08-19 00:58 - 2015-08-20 22:10 - 00001488 _____ C:\WINDOWS\setupapi.log
2015-08-18 21:46 - 2015-08-18 21:47 - 00004098 _____ C:\Documents and Settings\User\Desktop\Rkill.txt
2015-08-18 20:11 - 2015-08-18 20:11 - 00006460 _____ C:\Documents and Settings\User\My Documents\cc_20150818_201139.reg
2015-08-18 15:40 - 2015-08-18 15:40 - 00000000 ____D C:\Qoobox
2015-08-18 15:38 - 2015-08-18 15:38 - 00000000 ____D C:\WINDOWS\erdnt
2015-08-17 22:58 - 2015-08-17 22:58 - 00001098 _____ C:\Documents and Settings\User\My Documents\cc_20150817_225843.reg
2015-08-17 18:54 - 2015-08-17 18:54 - 00017354 _____ C:\Documents and Settings\User\My Documents\cc_20150817_185419.reg
2015-08-17 16:26 - 2015-08-17 16:26 - 00000877 _____ C:\Documents and Settings\User\Desktop\chrome.lnk
2015-08-17 00:10 - 2015-08-21 01:24 - 00000480 _____ C:\WINDOWS\Tasks\BZRBHA1.job
2015-08-17 00:10 - 2015-08-17 00:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-08-16 21:18 - 2015-08-16 21:26 - 00000000 ____D C:\901d75e645373ef060
2015-08-14 11:05 - 2015-08-14 11:05 - 00000324 _____ C:\Documents and Settings\User\My Documents\Wicked.txt
2015-08-14 05:11 - 2015-08-14 05:11 - 00001574 _____ C:\Documents and Settings\User\My Documents\startup.txt
2015-08-14 05:09 - 2015-08-14 05:09 - 00009622 _____ C:\Documents and Settings\User\My Documents\cc_20150814_050857.reg
2015-08-13 16:30 - 2015-08-13 16:30 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2015-08-13 16:30 - 2015-08-13 16:30 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-08-12 12:32 - 2015-08-12 12:32 - 00000027 _____ C:\Documents and Settings\User\My Documents\pres.txt
2015-08-10 15:04 - 2015-08-10 15:04 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-08-10 15:00 - 2015-08-01 06:03 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-08 06:09 - 2015-08-08 06:09 - 00000180 _____ C:\Documents and Settings\User\My Documents\links to resumes.txt
2015-08-08 04:38 - 2015-08-08 04:38 - 00000754 _____ C:\WINDOWS\WORDPAD.INI
2015-08-07 14:27 - 2015-08-07 14:27 - 00000033 _____ C:\Documents and Settings\User\My Documents\brad yahoo.txt
2015-08-06 19:55 - 2015-08-13 17:27 - 00000093 _____ C:\Documents and Settings\User\My Documents\Personal Credit Information for Liam.txt
2015-08-06 17:14 - 2015-08-06 17:17 - 00000395 _____ C:\Documents and Settings\User\My Documents\MDVP.txt
2015-08-05 14:42 - 2015-08-05 23:41 - 00010014 _____ C:\Documents and Settings\User\My Documents\Red Cross Class Info.txt
2015-08-01 06:03 - 2015-08-01 06:03 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-01 05:47 - 2015-08-10 15:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-08-01 05:23 - 2015-08-01 05:23 - 00000634 _____ C:\Documents and Settings\User\My Documents\Wireless connection.txt
2015-07-30 20:46 - 2015-07-30 20:46 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2015-07-30 19:03 - 2015-07-30 19:03 - 00000432 _____ C:\Documents and Settings\User\My Documents\cc_20150730_190339.reg
2015-07-29 22:52 - 2015-07-29 22:52 - 00003494 _____ C:\Documents and Settings\User\My Documents\duplicate.txt
2015-07-29 22:44 - 2015-07-29 22:44 - 00001916 _____ C:\Documents and Settings\User\My Documents\cc_20150729_224410.reg
2015-07-29 22:43 - 2015-08-14 05:16 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-07-29 22:38 - 2015-07-29 22:38 - 00084048 _____ C:\Documents and Settings\User\My Documents\cc_20150729_223803.reg
2015-07-29 21:37 - 2015-07-29 21:37 - 00000000 ____D C:\Documents and Settings\User\Application Data\HMYGSetting
2015-07-29 21:37 - 2015-07-29 21:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Wondershare
2015-07-28 11:12 - 2015-07-28 11:12 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2015-07-28 11:12 - 2015-07-28 11:12 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Wondershare
2015-07-28 11:06 - 2015-07-28 11:06 - 00022823 _____ C:\WINDOWS\unins000.msg
2015-07-28 11:06 - 2012-11-29 14:02 - 00000427 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2015-07-28 11:05 - 2015-07-28 11:06 - 00042982 _____ C:\WINDOWS\unins000.dat
2015-07-28 11:05 - 2015-07-28 11:05 - 01180048 _____ C:\WINDOWS\unins000.exe
2015-07-28 04:43 - 2015-07-28 04:43 - 00302011 _____ C:\Documents and Settings\User\My Documents\WindowsUpdateDiagnostic.diagcab
2015-07-28 02:24 - 2015-07-29 21:55 - 00000000 __SHD C:\WINDOWS\CSC
2015-07-28 02:05 - 2015-07-28 02:05 - 00002216 _____ C:\Documents and Settings\User\My Documents\Microsoft Update Fix.txt
2015-07-28 01:19 - 2015-07-28 01:19 - 00032596 ____H C:\WINDOWS\system32\mlfcache.dat
2015-07-24 00:02 - 2015-07-24 00:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-07-24 00:02 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-07-24 00:01 - 2015-08-01 06:03 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-07-22 23:47 - 2015-07-22 23:47 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSS
2015-07-22 23:47 - 2015-07-22 23:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-21 01:35 - 2015-04-19 17:59 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{D99FC9E0-E2E6-406C-AD6E-226825F10D76}.job
2015-08-21 01:35 - 2015-02-06 16:02 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2015-08-21 01:34 - 2015-07-05 22:45 - 03543416 _____ C:\WINDOWS\pfirewall.log
2015-08-21 01:34 - 2015-06-17 16:24 - 00000984 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1547161642-1637723038-839522115-1003UA.job
2015-08-21 01:26 - 2015-02-06 15:38 - 01086360 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-21 01:25 - 2015-02-10 14:33 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-21 01:25 - 2004-08-04 07:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-21 01:24 - 2015-07-07 12:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-21 01:24 - 2015-02-10 11:56 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-21 01:24 - 2015-02-06 15:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-20 23:34 - 2015-02-06 16:02 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini
2015-08-20 23:34 - 2015-02-06 15:43 - 00032040 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-20 23:13 - 2015-02-09 16:23 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C8F77C65-2801-4F01-A6E7-D74D4A5B1E97}.job
2015-08-20 22:50 - 2015-07-07 12:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 22:44 - 2015-04-13 00:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-20 18:34 - 2015-06-17 16:24 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1547161642-1637723038-839522115-1003Core.job
2015-08-20 16:04 - 2015-07-05 22:45 - 04194332 _____ C:\WINDOWS\pfirewall.log.old
2015-08-19 22:49 - 2015-07-18 03:39 - 00002724 _____ C:\Documents and Settings\User\My Documents\lisa resume skills.txt
2015-08-19 15:34 - 2015-02-10 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2015-08-19 15:32 - 2015-03-20 02:55 - 00000000 ____D C:\Program Files\Windows Network Accelerater
2015-08-19 14:38 - 2015-02-06 09:11 - 00000000 ____D C:\WINDOWS\Help
2015-08-18 16:53 - 2015-02-06 15:35 - 00000000 ____D C:\WINDOWS\Registration
2015-08-17 23:15 - 2015-04-21 13:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-17 22:41 - 2015-03-17 01:34 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Google
2015-08-17 19:35 - 2015-02-06 09:19 - 00000212 __RSH C:\boot.ini
2015-08-17 17:02 - 2015-07-18 17:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2015-08-17 05:01 - 2015-03-20 01:44 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-08-14 05:16 - 2015-02-10 14:22 - 00000000 ____D C:\Program Files\CCleaner
2015-08-14 03:56 - 2015-02-10 14:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 03:48 - 2015-02-09 16:09 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-14 03:27 - 2015-02-09 13:45 - 00000000 ____D C:\WINDOWS\system32\Lang
2015-08-13 20:33 - 2015-06-25 13:39 - 00001770 _____ C:\Documents and Settings\User\My Documents\My IMPuseID&PSWDS.txt
2015-08-13 16:30 - 2015-04-17 01:36 - 00000712 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-13 16:30 - 2015-04-17 01:36 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-11 16:45 - 2015-04-13 00:16 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-11 16:45 - 2015-04-13 00:16 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-11 16:44 - 2015-07-15 04:44 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-08-11 02:20 - 2015-06-09 11:47 - 00001268 _____ C:\Documents and Settings\User\My Documents\My User & Pass.txt
2015-08-01 06:03 - 2015-02-10 14:33 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-01 06:03 - 2015-02-10 14:33 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-01 06:03 - 2015-02-10 14:33 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-01 06:03 - 2015-02-10 14:33 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-01 06:03 - 2015-02-10 14:33 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-01 06:03 - 2015-02-10 14:33 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-01 06:03 - 2015-02-10 14:33 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-01 06:03 - 2015-02-10 14:33 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-01 05:40 - 2015-02-06 15:43 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-08-01 05:40 - 2015-02-06 15:43 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-01 05:39 - 2015-02-09 17:02 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-07-31 16:32 - 2015-04-13 22:12 - 00000000 ___RD C:\Documents and Settings\User\My Documents\Dropbox
2015-07-30 21:30 - 2015-02-06 15:36 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-07-30 20:46 - 2015-04-13 22:03 - 00000000 ____D C:\Documents and Settings\User\Application Data\Dropbox
2015-07-30 19:00 - 2015-03-18 23:24 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-29 21:56 - 2004-08-04 07:00 - 00000507 _____ C:\WINDOWS\win.ini
2015-07-29 21:56 - 2004-08-04 07:00 - 00000246 _____ C:\WINDOWS\system.ini
2015-07-29 21:37 - 2015-03-17 03:35 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-29 20:11 - 2015-02-10 12:18 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-07-29 20:05 - 2015-02-06 09:21 - 00581850 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-28 05:19 - 2015-02-06 09:11 - 00000000 ____D C:\WINDOWS\security
2015-07-28 04:54 - 2015-02-09 16:22 - 00000000 ____D C:\WINDOWS\pss
2015-07-28 03:50 - 2004-08-04 07:00 - 00093389 _____ C:\WINDOWS\system32\services.msc
 
==================== Files in the root of some directories =======
 
2015-03-21 20:28 - 2015-03-21 20:28 - 0000000 _____ () C:\Documents and Settings\User\Application Data\wklnhst.dat
 
Some files in TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1znojw.dll
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifyjw0.dll
C:\Documents and Settings\User\Local Settings\Temp\jre-8u45-windows-au.exe
C:\Documents and Settings\User\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================
 
Results of Additional Scan from Farbar Recovery Scan Tool:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2015
Ran by User (2015-08-21 01:35:52)
Running from C:\Documents and Settings\User\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1547161642-1637723038-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1547161642-1637723038-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-1547161642-1637723038-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1547161642-1637723038-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1547161642-1637723038-839522115-1002 - Limited - Disabled)
User (S-1-5-21-1547161642-1637723038-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Dropbox (HKU\S-1-5-21-1547161642-1637723038-839522115-1003\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.46 - Google Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC}) (Version: 18.3.62.0 - Intel)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.1.22 - Wondershare, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Sawbuck (HKLM\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM\...\{88F7886A-9EF6-4AEB-99C5-32955D4252AB}) (Version: 6.1.5.0 - Husdawg, LLC)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.72 (SM2172ALD03) - )
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Intel (w29n51) net  (06/26/2006 9.0.4.17) (HKLM\...\D16AA00FE65B9D2C6E0A57F54400303BF3259CC3) (Version: 06/26/2006 9.0.4.17 - Intel)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547161642-1637723038-839522115-1003_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 07:00 - 2015-02-27 13:46 - 00450675 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\BZRBHA1.job => C:\Documents and Settings\All Users\Application Data\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1547161642-1637723038-839522115-1003Core.job => C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1547161642-1637723038-839522115-1003UA.job => C:\Documents and Settings\User\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C8F77C65-2801-4F01-A6E7-D74D4A5B1E97}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{D99FC9E0-E2E6-406C-AD6E-226825F10D76}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-17 00:51 - 2015-08-01 06:03 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 00:51 - 2015-08-01 06:03 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-20 10:35 - 2015-08-20 10:35 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15082001\algo.dll
2015-02-10 14:32 - 2015-03-17 00:51 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-04 14:25 - 2015-05-04 14:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2004-08-04 07:00 - 2008-04-14 06:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 07:00 - 2008-04-14 06:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\User\My Documents\Lisa Majdecki-Weiss_Resume.docx:com.dropbox.attributes
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7868 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\My Documents\Downloads\ChromeSetup.exe] => Enabled:ChromeSetup
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe] => Enabled:FreeFileViewerUpdateChecker
StandardProfile\AuthorizedApplications: [C:\Program Files\File Type Assistant\tsassist.exe] => Enabled:ProgramUpdateCheck
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management 
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:Policy
 
==================== Faulty Device Manager Devices =============
 
Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Video Controller
Description: Video Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Intel® PRO/1000 PL Network Connection
Description: Intel® PRO/1000 PL Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: e1express
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Biometric Coprocessor
Description: Biometric Coprocessor
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2015 12:50:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/18/2015 09:36:04 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.37;lang=;guid=5260BD959F404857957757E46361ADF8;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e09da31e-5ee9-4aaa-9803-6316c1ee917c.dmp
 
Error: (08/18/2015 08:54:06 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.37;lang=;guid=5260BD959F404857957757E46361ADF8;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\9d3382b5-8d2d-4e5e-8292-f7f698424f1c.dmp
 
Error: (08/18/2015 11:44:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome_cleanup_tool.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [chrome_cleanup_tool.exe!ws!]
 
Error: (08/18/2015 03:37:11 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.37;lang=;guid=5260BD959F404857957757E46361ADF8;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e3f42464-92bd-4e1e-81cc-bdd42dfb4f78.dmp
 
Error: (08/17/2015 11:18:09 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\USER\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/17/2015 11:18:08 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\USER\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/17/2015 06:52:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 148456494.
 
Error: (08/17/2015 06:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 40.0.2.5702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/17/2015 06:23:06 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
 
Context: Windows Application, SystemIndex Catalog
 
 
System errors:
=============
Error: (08/20/2015 07:54:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/20/2015 07:54:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/20/2015 06:34:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
 
Error: (08/20/2015 11:18:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/19/2015 03:52:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/19/2015 03:52:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/19/2015 03:52:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Network DDE DSDM service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/19/2015 03:52:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/19/2015 03:35:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
gfilterdrv
 
Error: (08/19/2015 12:53:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
gfilterdrv
ppfd_vt_1_10_0_21
 
 
Microsoft Office:
=========================
Error: (08/19/2015 12:50:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE
 
Error: (08/18/2015 09:36:04 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.37;lang=;guid=5260BD959F404857957757E46361ADF8;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e09da31e-5ee9-4aaa-9803-6316c1ee917c.dmp
 
Error: (08/18/2015 08:54:06 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.37;lang=;guid=5260BD959F404857957757E46361ADF8;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\9d3382b5-8d2d-4e5e-8292-f7f698424f1c.dmp
 
Error: (08/18/2015 11:44:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome_cleanup_tool.exe0.0.0.00.0.0.000000000
 
Error: (08/18/2015 03:37:11 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.37;lang=;guid=5260BD959F404857957757E46361ADF8;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e3f42464-92bd-4e1e-81cc-bdd42dfb4f78.dmp
 
Error: (08/17/2015 11:18:09 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\USER\RECENT\DESKTOP.INI
 
Error: (08/17/2015 11:18:08 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\USER\RECENT\DESKTOP.INI
 
Error: (08/17/2015 06:52:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 148456494
 
Error: (08/17/2015 06:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe40.0.2.5702hungapp0.0.0.000000000
 
Error: (08/17/2015 06:23:06 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 77%
Total physical RAM: 1015.17 MB
Available physical RAM: 232.62 MB
Total Virtual: 2443.11 MB
Available Virtual: 1549.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.09 GB) (Free:278.11 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A18CA18C)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
Here is the link if you would like to look at the other scans
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 AM

Posted 22 August 2015 - 10:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove the program in bold using the Add/Remove programs applet.

Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-1637723038-839522115-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-1637723038-839522115-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\e80q66bw.default\searchplugins\google-avast.xml [2015-08-13]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
S3 Ambfilt; system32\drivers\Ambfilt.sys [X]
S4 IntelIde; no ImagePath
S3 Monfilt; system32\drivers\Monfilt.sys [X]
S4 s24trans; system32\DRIVERS\s24trans.sys [X]
Task: C:\WINDOWS\Tasks\BZRBHA1.job => C:\Documents and Settings\All Users\Application Data\FlashBeat\FlashBeat.exe <==== ATTENTION
C:\Documents and Settings\All Users\Application Data\FlashBeat
cmd: ipconfig /flushdns

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.


How is the computer running now?

#3 Slomo1020

Slomo1020
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Milwaukee, Wisconsin
  • Local time:11:54 PM

Posted 22 August 2015 - 07:57 PM

Ok I copied what you told me to notepad and named it fixlist. I am not sure what to do from there I am sorry, and I do not own a printr.



#4 Slomo1020

Slomo1020
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Milwaukee, Wisconsin
  • Local time:11:54 PM

Posted 22 August 2015 - 08:47 PM

I figured it out I think, here are the results to Fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:21-08-2015 03
Ran by User (2015-08-22 20:29:00) Run:1
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-1637723038-839522115-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1547161642-1637723038-839522115-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\e80q66bw.default\searchplugins\google-avast.xml [2015-08-13]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
S3 Ambfilt; system32\drivers\Ambfilt.sys [X]
S4 IntelIde; no ImagePath
S3 Monfilt; system32\drivers\Monfilt.sys [X]
S4 s24trans; system32\DRIVERS\s24trans.sys [X]
Task: C:\WINDOWS\Tasks\BZRBHA1.job => C:\Documents and Settings\All Users\Application Data\FlashBeat\FlashBeat.exe <==== ATTENTION
C:\Documents and Settings\All Users\Application Data\FlashBeat
cmd: ipconfig /flushdns
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension" => key removed successfully.
HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully.
HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. 
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-1547161642-1637723038-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
Firefox DefaultSearchEngine removed successfully.
Firefox DefaultSearchEngine.US removed successfully.
Firefox DefaultSearchUrl removed successfully.
Firefox SearchEngineOrder.1 removed successfully.
Firefox SelectedSearchEngine removed successfully.
Firefox "homepage" removed successfully.
Firefox "Keyword.URL" removed successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\e80q66bw.default\searchplugins\google-avast.xml => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
Ambfilt => service removed successfully.
IntelIde => service removed successfully.
Monfilt => service removed successfully.
s24trans => service removed successfully.
C:\WINDOWS\Tasks\BZRBHA1.job => moved successfully
"C:\Documents and Settings\All Users\Application Data\FlashBeat" => File/Folder not found.
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
EmptyTemp: => 1.4 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-22 20:32:34)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 20:32:35 ====


#5 Slomo1020

Slomo1020
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Milwaukee, Wisconsin
  • Local time:11:54 PM

Posted 22 August 2015 - 08:57 PM

Seems to be running fine. Let me know if you see anything on that log I should be concerned with or if I did wrong, Otherwise its running great, so far so good. Thanks for your help! Slomo



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 AM

Posted 23 August 2015 - 07:08 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:54 AM

Posted 29 August 2015 - 07:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users