Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyWebSearch


  • This topic is locked This topic is locked
25 replies to this topic

#1 SolusUmbra

SolusUmbra

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 24 August 2015 - 01:09 PM

And so starts day 2 of trying to clean and fix my friends laptop. Normally not a big deal, until I met my match of My Web Search!!! I have search and tried just about every solution I found. My friend doesn't have a backup of his OS so swiping the computer isn't an option at this point in time, Unless someone know where I can order a CD for a Dell Latitude D610, Windows XP professional. (I did find one site (www.restorediscks.com) but it doesn't show much on their site so I'm worried about ordering through them)

 

Also just a side note, the computer "seems" to run really well given its age and size ( I'm using it right now / not sure how smart that is.... ) Can't seem to find any problems with the browers (firefox and IE) but every time I look at the registery or run CCleaner 3 items of My Web Search come up.

 

Missing Startup Software    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Missing Startup Software    "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Missing Startup Software    rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

 

Ok so now onto what I have tried: (hopefully I wont leave any out)

 

Windows Defender (didn't find)

Avast (found other virus but not MyWeb)

Malwarebytes (didn't find at all)

Spybot (finds it 6 times/ each file twice, but can't remove even after restart)

Manually going into registery (files just pop back)

Manually going into registery under safe mode (files just pop back)

Manually going into registery under safe mode with restore system off (takes alittle longer but files just come back)

Hijackthis (log listed below)

Revo Uninstaller (no help)

SpyBHORemover (no help)

No Myweb or Fun listed under uninstall programs optioin

No Myweb or Fun folders found under windows

Blocked Myweb in IE and looked under about:config in Firefox (wasn't found)

 

(ok ok I know I'm missing a few but can't think of them)

 

Anyways point is I'm going crazy trying to track down these darn files and get them off. I'm going to hope someone on here has a clue as to what I am missing.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:57:42 PM, on 8/24/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

FIREFOX: 40.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\LerP8@aol.com\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: (no name) - {28AED1AF-B164-44CD-B435-CF04AA955015} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Filter hijack: text/html - {9dfbb115-ad7b-48dd-be45-0e5c498747bb} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10420 bytes
 


Edited by SolusUmbra, 24 August 2015 - 01:11 PM.


BC AdBot (Login to Remove)

 


m

#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 24 August 2015 - 08:25 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 24 August 2015 - 09:00 PM

So after playing around on the system more, the more I feel like I wish I could swip it and re install the OS but since I don't have a cd I figured I should at list go ahead and post the first couple of files to find out better how bad/or not bad it really is. Scans to follow.



#4 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 24 August 2015 - 09:03 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2015
Ran by LerP8@aol.com (2015-08-24 22:15:55)
Running from C:\Documents and Settings\LerP8@aol.com\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2226508713-1759082878-975767817-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-2226508713-1759082878-975767817-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2226508713-1759082878-975767817-1003 - Limited - Disabled)
LerP8@aol.com (S-1-5-21-2226508713-1759082878-975767817-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\LerP8@aol.com
SUPPORT_388945a0 (S-1-5-21-2226508713-1759082878-975767817-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Reader XI (11.0.02) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
AGEIA PhysX v7.07.24 (HKLM\...\{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}) (Version: 7.07.24 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Akamai) (Version:  - Akamai Technologies, Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5154 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.131.1.2-050706a-025030C-Dell - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative System Information (HKLM\...\SysInfo) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
HP Software Update (HKLM\...\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}) (Version: 2.0.37.20031205 - Hewlett-Packard)
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Processor ID Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 3.8.0000 - Intel® Corporation)
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mDrWiFi (Version: 9.03.0000 - Intel Corporation) Hidden
Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)
Memeo Send (HKLM\...\{81784157-3D4D-4bc1-B988-B24C32A26DA8}) (Version:  - Memeo Inc.)
Memeo Share (HKLM\...\{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}) (Version: 3.1.0.3265 - Memeo Inc.)
mHlpDell (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 9.03.0000 - Intel Corporation) Hidden
mLogView (Version: 9.03.0000 - Intel Corporation) Hidden
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Motorola Driver Installation (HKLM\...\{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}) (Version: 2.7.2 - Motorola Inc.)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
mPfWiz (Version: 9.03.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 9.03.0000 - Intel Corporation) Hidden
mSSO (Version: 9.03.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.00.3883.8 - Microsoft Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
mZConfig (Version: 9.03.0000 - Intel Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PSUsage (Version: 1.30.0000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.0.10 - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.0.0.809 - Memeo Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

24-08-2015 13:50:47 System Checkpoint
24-08-2015 15:58:02 Revo Uninstaller's restore point - Sierra Utilities
24-08-2015 16:14:59 Revo Uninstaller's restore point - ZENcast Organizer
24-08-2015 18:01:29 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-12 09:19 - 2015-08-23 15:12 - 00451352 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1001namen.com
127.0.0.1    1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeLerP8@aol.com
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe-cLerP8@aol.com
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exeLerP8@aol.com
Task: C:\WINDOWS\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe
Task: C:\WINDOWS\Tasks\PCConfidential.job => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

==================== Loaded Modules (Whitelisted) ==============

2007-02-21 11:13 - 2007-02-21 11:13 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2015-08-23 10:46 - 2015-08-23 10:46 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-23 10:46 - 2015-08-23 10:46 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-24 16:06 - 2015-08-24 16:06 - 02960896 _____ () C:\Program Files\AVAST Software\Avast\defs\15082404\algo.dll
2011-07-28 19:08 - 2011-07-28 19:08 - 01259376 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2011-07-28 19:09 - 2011-07-28 19:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2015-08-23 10:47 - 2015-08-23 10:47 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-10-17 16:13 - 2006-10-17 16:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7882 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1 - 216.170.153.146
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CTSyncU.exe => "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: Memeo Send => C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe --silent
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe] => Enabled:AOLTsMon
StandardProfile\AuthorizedApplications: [C:\Program Files\FrostWire\FrostWire.exe] => Enabled:FrostWire
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe] => Enabled:Neverwinter Nights 2 Main
StandardProfile\AuthorizedApplications: [C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe] => Enabled:Neverwinter Nights 2 AMD
StandardProfile\AuthorizedApplications: [C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe] => Enabled:Neverwinter Nights 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe] => Enabled:Neverwinter Nights 2 Server
StandardProfile\AuthorizedApplications: [C:\Program Files\MySpace\IM\MySpaceIM.exe] => Enabled:MySpaceIM
StandardProfile\AuthorizedApplications: [C:\Program Files\Xfire\Xfire.exe] => Enabled:Xfire
StandardProfile\AuthorizedApplications: [C:\Program Files\Trillian\trillian.exe] => Enabled:Trillian
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\LerP8@aol.com\Application Data\mjusbsp\magicJack.exe] => Enabled:magicJack
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Interface
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1122:TCP] => Enabled:Akamai NetSession Interface
StandardProfile\GloballyOpenPorts: [5000:UDP] => Enabled:Akamai NetSession Interface

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2015 05:59:32 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 05:59:32 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 05:59:32 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 05:59:32 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 04:19:31 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 04:19:31 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 04:19:31 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 04:19:31 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 04:01:09 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/24/2015 04:01:09 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (08/24/2015 07:45:48 AM) (Source: 0) (EventID: 5010) (User: )
Description: Intel® PRO/Wireless 2200BG Network Connection

Error: (08/24/2015 07:45:48 AM) (Source: 0) (EventID: 5031) (User: )
Description: Intel® PRO/Wireless 2200BG Network Connection

Error: (08/23/2015 07:58:20 PM) (Source: DCOM) (EventID: 10010) (User: WXP-14VKS71)
Description: The server {E85062FB-914A-40A2-8801-5DD803045204} did not register with DCOM within the required timeout.

Error: (08/23/2015 06:37:17 PM) (Source: DCOM) (EventID: 10010) (User: WXP-14VKS71)
Description: The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register with DCOM within the required timeout.

Error: (08/23/2015 06:23:48 PM) (Source: 0) (EventID: 5010) (User: )
Description: Intel® PRO/Wireless 2200BG Network Connection

Error: (08/23/2015 06:23:48 PM) (Source: 0) (EventID: 5031) (User: )
Description: Intel® PRO/Wireless 2200BG Network Connection

Error: (08/23/2015 06:21:59 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).

Error: (08/23/2015 06:21:32 PM) (Source: DCOM) (EventID: 10010) (User: WXP-14VKS71)
Description: The server {A02ED9E9-8D36-473A-98ED-C253A40765DE} did not register with DCOM within the required timeout.

Error: (08/23/2015 11:20:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/23/2015 11:20:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate Dashboard Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (08/24/2015 05:59:32 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (08/24/2015 05:59:32 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (08/24/2015 05:59:32 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (08/24/2015 05:59:32 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (08/24/2015 04:19:31 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (08/24/2015 04:19:31 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (08/24/2015 04:19:31 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (08/24/2015 04:19:31 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (08/24/2015 04:01:09 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (08/24/2015 04:01:09 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.60GHz
Percentage of memory in use: 45%
Total physical RAM: 2047.36 MB
Available physical RAM: 1112.99 MB
Total Virtual: 2661.36 MB
Available Virtual: 1825.42 MB

==================== Drives ================================

Drive c: (Hard drive) (Fixed) (Total:27.94 GB) (Free:15.69 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (GET_HARD) (CDROM) (Total:4.18 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 27.9 GB) (Disk ID: C42CC42C)
Partition 1: (Active) - (Size=27.9 GB) - (Type=07 NTFS)

==================== End of FRST.txt ============================


Edited by SolusUmbra, 24 August 2015 - 09:09 PM.


#5 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 24 August 2015 - 09:10 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2015
Ran by LerP8@aol.com (administrator) on WXP-14VKS71 (24-08-2015 22:15:13)
Running from C:\Documents and Settings\LerP8@aol.com\Desktop
Loaded Profiles: LerP8@aol.com (Available Profiles: LerP8@aol.com & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel® Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ShowLOMControl] =>
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [176128 2005-07-08] (HP)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2003-12-22] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2003-12-05] (Hewlett-Packard)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [819200 2007-02-21] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [970752 2007-02-21] (Intel Corporation)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-23] (AVAST Software)
HKLM\...\Run: [MyWebSearch Email Plugin] => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-07] (ATI Technologies Inc.)
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://downloads.yahoo.com/internetexplorer/welcome
SearchScopes: HKU\.DEFAULT -> {3460B994-CF3F-4704-9944-652F9F9B7B3C} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-23] (AVAST Software)
Toolbar: HKLM - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKLM - No Name - {28AED1AF-B164-44CD-B435-CF04AA955015} -  No File
Toolbar: HKU\S-1-5-21-2226508713-1759082878-975767817-1004 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company)
Filter: text/html - {9dfbb115-ad7b-48dd-be45-0e5c498747bb} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.170.153.146
Tcpip\..\Interfaces\{661204B1-CD06-467A-B6CC-BC3B710B67F9}: [DhcpNameServer] 192.168.0.1 216.170.153.146

FireFox:
========
FF ProfilePath: C:\Documents and Settings\LerP8@aol.com\Application Data\Mozilla\Firefox\Profiles\ymrhbzna.default-1440420570781
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @raidcall.kr/RCplugin -> C:\Documents and Settings\LerP8@aol.com\Application Data\RCKR\plugins\nprcplugin.dll [2012-08-09] (Raidcall)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\LerP8@aol.com\Application Data\Mozilla\Firefox\Profiles\ymrhbzna.default-1440420570781\user.js [2015-08-24]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-06-29] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-06-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-06-29]
FF HKLM\...\Firefox\Extensions: [myspacefftb@myspace.com] - C:\Program Files\MySpace\Toolbar\1.0.56.0
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-12]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-06-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-23]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-23] (AVAST Software)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-19] (HP) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-02-21] (Intel Corporation ) [File not signed]
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-02-21] (Intel® Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 a320raid; C:\WINDOWS\System32\DRIVERS\a320raid.sys [218112 2005-02-18] (Adaptec, Inc.) [File not signed]
S4 aac; C:\WINDOWS\System32\DRIVERS\aac.sys [48140 2004-04-07] (Adaptec, Inc.) [File not signed]
R0 aarich; C:\WINDOWS\System32\DRIVERS\aarich.sys [204800 2005-05-17] (Adaptec, Inc.) [File not signed]
R0 adpu320; C:\WINDOWS\System32\drivers\adpu320.sys [132608 2004-02-17] (Adaptec, Inc.) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21425 2009-08-01] (Meetinghouse Data Communications) [File not signed]
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-23] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-23] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-23] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 cercsr6; C:\WINDOWS\System32\drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121856 2003-07-11] (Intel Corporation) [File not signed]
S4 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [140544 2003-04-28] (Promise Technology, Inc.) [File not signed]
S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [87936 2005-05-31] (Texas Instruments)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2005-07-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-07-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-07-08] (HP)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S4 iaStor; C:\WINDOWS\System32\DRIVERS\iaStor.sys [250880 2006-04-26] (Intel Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R0 megasas; C:\WINDOWS\System32\drivers\megasas.sys [17664 2006-04-18] (LSI Logic Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-12] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-12] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-02-21] (Intel Corporation) [File not signed]
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S4 Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [93568 2006-05-11] (LSI Logic) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S4 vmscsi; C:\WINDOWS\System32\drivers\vmscsi.sys [11029 2003-02-24] (VMware, Inc.) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2209408 2007-02-08] (Intel® Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 xbreader; C:\WINDOWS\System32\Drivers\xbreader.sys [19677 2001-01-02] (Thesycon GmbH, Germany) [File not signed]
S1 ivjbdyxb; \??\C:\WINDOWS\system32\drivers\ivjbdyxb.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 WpdUsb; system32\DRIVERS\wpdusb.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-24 22:09 - 2015-08-24 22:15 - 00018526 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\FRST.txt
2015-08-24 22:08 - 2015-08-24 22:15 - 00000000 ____D C:\FRST
2015-08-24 22:08 - 2015-08-24 22:08 - 01690112 _____ (Farbar) C:\Documents and Settings\LerP8@aol.com\Desktop\FRST.exe
2015-08-24 22:01 - 2015-08-24 22:01 - 00000680 _____ C:\WINDOWS\setupapi.log
2015-08-24 18:48 - 2015-08-24 18:48 - 00000813 _____ C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\Internet Explorer.lnk
2015-08-24 18:36 - 2015-08-24 18:41 - 00000000 __HDC C:\WINDOWS\ie8
2015-08-24 16:37 - 2015-08-24 16:41 - 50075360 _____ (Microsoft Corporation) C:\Documents and Settings\LerP8@aol.com\Desktop\Windows-KB890830-V5.27.exe
2015-08-24 14:07 - 2015-08-24 14:07 - 00010422 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\hijackthis.txt
2015-08-24 14:07 - 2015-08-24 14:07 - 00000774 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\registry.txt
2015-08-24 09:15 - 2015-08-24 09:15 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Desktop\Cleaners
2015-08-24 09:08 - 2015-08-24 09:08 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-08-24 07:46 - 2015-08-24 08:05 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-08-24 07:46 - 2015-08-24 08:05 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-08-24 07:10 - 2015-08-24 07:14 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\vlc
2015-08-24 07:07 - 2015-08-24 07:07 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-08-24 07:07 - 2015-08-24 07:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-08-23 19:16 - 2015-08-23 19:16 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-23 15:12 - 2013-04-18 23:26 - 00447194 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150823-151229.backup
2015-08-23 10:53 - 2015-08-23 10:53 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\AVAST Software
2015-08-23 10:52 - 2015-08-23 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-08-23 10:52 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-08-23 10:51 - 2015-08-23 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-23 10:50 - 2015-08-24 21:59 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-23 10:48 - 2015-08-23 10:47 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-23 10:48 - 2015-08-23 10:46 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-23 10:47 - 2015-08-23 10:46 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-23 10:46 - 2015-08-23 10:46 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-23 10:39 - 2015-08-23 10:39 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-23 10:36 - 2015-08-23 10:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-08-23 09:58 - 2015-08-23 09:59 - 00000000 ____D C:\Avenger
2015-08-23 07:51 - 2015-08-23 18:41 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-08-23 07:51 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 07:51 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 07:38 - 2015-08-23 07:39 - 00000000 ____D C:\WINDOWS\pss
2015-08-23 04:53 - 2015-08-24 21:56 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-23 04:53 - 2015-08-23 05:11 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-08-23 04:48 - 2015-08-24 22:06 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-08-23 02:55 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-08-23 02:55 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-08-23 01:06 - 2015-08-23 01:06 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-23 01:06 - 2015-08-23 01:06 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-23 01:06 - 2015-08-23 01:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-22 22:12 - 2015-08-22 22:12 - 00000000 ____D C:\Program Files\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-24 22:15 - 2008-08-15 00:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Temp
2015-08-24 21:58 - 2006-07-28 13:12 - 01453619 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-24 21:57 - 2009-08-04 09:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-24 21:57 - 2009-08-04 09:13 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-24 21:57 - 2004-08-12 09:34 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-24 21:56 - 2010-06-16 08:08 - 00000236 _____ C:\WINDOWS\Tasks\OGALogon.job
2015-08-24 21:56 - 2009-03-08 08:12 - 00000416 _____ C:\WINDOWS\Tasks\PCConfidential.job
2015-08-24 21:56 - 2006-07-28 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-24 20:55 - 2008-08-15 00:36 - 00000178 ___SH C:\Documents and Settings\LerP8@aol.com\ntuser.ini
2015-08-24 20:55 - 2006-07-28 13:17 - 00032510 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-24 19:07 - 2008-08-15 00:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com
2015-08-24 18:47 - 2006-07-28 05:57 - 00000000 ____D C:\WINDOWS\Media
2015-08-24 18:47 - 2006-07-28 05:57 - 00000000 ____D C:\WINDOWS\Help
2015-08-24 18:42 - 2008-08-14 02:06 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2015-08-24 17:00 - 2010-05-19 09:29 - 00000000 ____D C:\Games
2015-08-24 16:15 - 2009-03-21 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Creative
2015-08-24 16:15 - 2009-03-21 11:32 - 00000000 ____D C:\Program Files\Creative
2015-08-24 16:07 - 2009-03-07 16:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-08-24 15:58 - 2009-04-12 13:55 - 00008713 _____ C:\WINDOWS\wininit.ini
2015-08-24 13:50 - 2006-07-28 13:11 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-08-24 13:17 - 2006-07-28 13:17 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-24 13:14 - 2008-08-13 23:12 - 00013104 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-24 11:05 - 2006-07-28 06:02 - 00000263 __RSH C:\boot.ini
2015-08-24 11:05 - 2004-08-12 09:33 - 00000507 _____ C:\WINDOWS\win.ini
2015-08-24 11:05 - 2004-08-12 09:30 - 00000227 _____ C:\WINDOWS\system.ini
2015-08-24 09:10 - 2008-08-18 00:22 - 00000000 ____D C:\Program Files\Common Files\Real
2015-08-24 09:07 - 2008-08-14 01:34 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-08-24 09:06 - 2008-08-14 01:34 - 00001511 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-24 08:24 - 2008-08-13 17:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-24 08:22 - 2009-03-29 21:02 - 00000000 ____D C:\WINDOWS\ie8updates
2015-08-24 08:17 - 2008-08-18 00:23 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 08:08 - 2006-07-28 13:13 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2015-08-24 07:46 - 2008-08-15 00:36 - 00000802 _____ C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\Windows Media Player.lnk
2015-08-24 07:42 - 2009-03-07 18:37 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-08-24 07:30 - 2013-10-29 13:14 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\jagexcache
2015-08-24 07:20 - 2011-09-03 19:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-08-24 07:12 - 2006-07-28 13:16 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-08-24 07:10 - 2010-10-01 11:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\dvdcss
2015-08-23 12:18 - 2010-06-23 16:45 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Temp
2015-08-23 11:51 - 2008-08-17 21:28 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\Adobe
2015-08-23 11:51 - 2008-08-14 07:09 - 00000000 ____D C:\Program Files\Adobe
2015-08-23 09:58 - 2009-03-07 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-08-23 09:56 - 2010-05-26 19:12 - 00000000 ____D C:\Program Files\Shared
2015-08-23 09:10 - 2006-07-28 06:04 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-23 07:47 - 2010-06-23 16:44 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Google
2015-08-23 07:31 - 2009-12-03 14:12 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Yahoo!
2015-08-23 07:29 - 2009-03-29 21:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2015-08-23 07:26 - 2011-04-03 17:40 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\mjusbsp
2015-08-23 07:11 - 2013-04-16 06:14 - 00000000 _____ C:\Documents and Settings\LerP8@aol.com\filetrace.log
2015-08-23 04:53 - 2006-07-28 06:03 - 00095072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 04:39 - 2011-01-30 00:32 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-08-23 04:38 - 2013-04-15 12:15 - 00001708 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-23 04:37 - 2011-01-30 00:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-23 04:35 - 2013-08-27 21:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-23 04:25 - 2009-12-11 12:02 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-23 04:14 - 2008-08-20 19:21 - 00490818 _____ C:\WINDOWS\system32\TZLog.log
2015-08-23 04:10 - 2006-07-28 06:04 - 00511996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-23 01:06 - 2009-03-07 09:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-22 22:32 - 2011-11-09 16:00 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai
2015-08-22 22:29 - 2009-11-03 13:29 - 00000000 ____D C:\Program Files\Common Files\Akamai
2015-08-22 22:25 - 2010-11-03 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-08-22 22:25 - 2009-03-07 16:20 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\CCleaner
2015-08-22 22:24 - 2009-03-07 16:20 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 11:01 - 2008-08-20 19:21 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2009-03-07 16:16 - 2012-07-28 23:33 - 0122880 _____ () C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-10 19:18 - 2011-01-25 10:22 - 0001940 _____ () C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\hp_53_enu.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ytb_7.2.2.0_1.6.1_ysp_1.2.6_mail_bts_pub_us_setup_.exe
C:\Documents and Settings\LerP8@aol.com\Local Settings\Temp\hpzscr01.exe
C:\Documents and Settings\LerP8@aol.com\Local Settings\Temp\utildel.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 24 August 2015 - 09:24 PM

So after playing around on the system more, the more I feel like I wish I could swip it and re install the OS but since I don't have a cd I figured I should at list go ahead and post the first couple of files to find out better how bad/or not bad it really is. Scans to follow.


Hello :)

It actually doesn't look that bad. We'll run a fix, and some other tools to start with. Then we'll take a bit of a deeper look. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [MyWebSearch Email Plugin] => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
C:\PROGRA~1\MYWEBS~1
Toolbar: HKLM - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Toolbar: HKLM - No Name - {28AED1AF-B164-44CD-B435-CF04AA955015} - No File
Toolbar: HKU\S-1-5-21-2226508713-1759082878-975767817-1004 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Filter: text/html - {9dfbb115-ad7b-48dd-be45-0e5c498747bb} - No File
FF DefaultSearchEngine.US: DuckDuckGo
S1 ivjbdyxb; \??\C:\WINDOWS\system32\drivers\ivjbdyxb.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 WpdUsb; system32\DRIVERS\wpdusb.sys [X]
U1 WS2IFSL; no ImagePath
FF user.js: detected! => C:\Documents and Settings\LerP8@aol.com\Application Data\Mozilla\Firefox\Profiles\ymrhbzna.default-1440420570781\user.js [2015-08-24]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Uncheck the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
  • Please Check the following options:
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 25 August 2015 - 06:49 AM

FixLog.txt

 

Fix result of Farbar Recovery Scan Tool (x86) Version:24-08-2015
Ran by LerP8@aol.com (2015-08-25 07:28:27) Run:1
Running from C:\Documents and Settings\LerP8@aol.com\Desktop
Loaded Profiles: LerP8@aol.com (Available Profiles: LerP8@aol.com & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [MyWebSearch Email Plugin] => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
C:\PROGRA~1\MYWEBS~1
Toolbar: HKLM - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Toolbar: HKLM - No Name - {28AED1AF-B164-44CD-B435-CF04AA955015} - No File
Toolbar: HKU\S-1-5-21-2226508713-1759082878-975767817-1004 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Filter: text/html - {9dfbb115-ad7b-48dd-be45-0e5c498747bb} - No File
FF DefaultSearchEngine.US: DuckDuckGo
S1 ivjbdyxb; \??\C:\WINDOWS\system32\drivers\ivjbdyxb.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 WpdUsb; system32\DRIVERS\wpdusb.sys [X]
U1 WS2IFSL; no ImagePath
FF user.js: detected! => C:\Documents and Settings\LerP8@aol.com\Application Data\Mozilla\Firefox\Profiles\ymrhbzna.default-1440420570781\user.js [2015-08-24]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin => value removed successfully.
"C:\PROGRA~1\MYWEBS~1" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => value removed successfully.
HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{28AED1AF-B164-44CD-B435-CF04AA955015} => value removed successfully.
HKCR\CLSID\{28AED1AF-B164-44CD-B435-CF04AA955015} => key not found.
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => value removed successfully.
HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => key not found.
"HKCR\PROTOCOLS\Filter\text/html" => key removed successfully.
HKCR\CLSID\{9dfbb115-ad7b-48dd-be45-0e5c498747bb} => key not found.
Firefox DefaultSearchEngine.US removed successfully.
ivjbdyxb => service removed successfully.
motccgp => service removed successfully.
motccgpfl => service removed successfully.
WpdUsb => service removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\LerP8@aol.com\Application Data\Mozilla\Firefox\Profiles\ymrhbzna.default-1440420570781\user.js => moved successfully

=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


=========  netsh advfirewall reset =========

The following command was not found: advfirewall reset.

========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

The following command was not found: advfirewall set allprofiles state on.

========= End of CMD: =========


=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 515.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 07:30:16 ====

 


Edited by SolusUmbra, 25 August 2015 - 06:51 AM.


#8 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 25 August 2015 - 06:52 AM

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Microsoft Windows XP x86
Ran by LerP8@aol.com on Tue 08/25/2015 at  7:44:50.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\my web search bar search scope monitor
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\LerP8@aol.com\Application Data\getrighttogo





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/25/2015 at  7:49:04.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by SolusUmbra, 25 August 2015 - 06:52 AM.


#9 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 25 August 2015 - 06:53 AM

Adwcleaner

 

# AdwCleaner v5.003 - Logfile created 25/08/2015 at 07:55:01
# Updated 20/08/2015 by Xplode
# Database : 2015-08-23.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : LerP8@aol.com - WXP-14VKS71
# Running from : C:\Documents and Settings\LerP8@aol.com\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Plugin]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor]
[!] Value Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Plugin]
[!] Value Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [ Web browsers ] *****


*************************

:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1315 bytes] ##########



#10 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 25 August 2015 - 06:55 AM

New FRST.txt Scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2015
Ran by LerP8@aol.com (administrator) on WXP-14VKS71 (25-08-2015 08:03:21)
Running from C:\Documents and Settings\LerP8@aol.com\Desktop
Loaded Profiles: LerP8@aol.com (Available Profiles: LerP8@aol.com & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel® Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ShowLOMControl] =>
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [176128 2005-07-08] (HP)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2003-12-22] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2003-12-05] (Hewlett-Packard)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [819200 2007-02-21] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [970752 2007-02-21] (Intel Corporation)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-23] (AVAST Software)
HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
HKLM\...\Run: [MyWebSearch Email Plugin] => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-07] (ATI Technologies Inc.)
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://downloads.yahoo.com/internetexplorer/welcome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> {3460B994-CF3F-4704-9944-652F9F9B7B3C} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-2226508713-1759082878-975767817-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2226508713-1759082878-975767817-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-23] (AVAST Software)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.170.153.146
Tcpip\..\Interfaces\{661204B1-CD06-467A-B6CC-BC3B710B67F9}: [DhcpNameServer] 192.168.0.1 216.170.153.146

FireFox:
========
FF ProfilePath: C:\Documents and Settings\LerP8@aol.com\Application Data\Mozilla\Firefox\Profiles\ymrhbzna.default-1440420570781
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @raidcall.kr/RCplugin -> C:\Documents and Settings\LerP8@aol.com\Application Data\RCKR\plugins\nprcplugin.dll [2012-08-09] (Raidcall)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-06-29] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-06-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-06-29]
FF HKLM\...\Firefox\Extensions: [myspacefftb@myspace.com] - C:\Program Files\MySpace\Toolbar\1.0.56.0
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-12]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-06-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-23]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-23] (AVAST Software)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-19] (HP) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-02-21] (Intel Corporation ) [File not signed]
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-02-21] (Intel® Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 a320raid; C:\WINDOWS\System32\DRIVERS\a320raid.sys [218112 2005-02-18] (Adaptec, Inc.) [File not signed]
S4 aac; C:\WINDOWS\System32\DRIVERS\aac.sys [48140 2004-04-07] (Adaptec, Inc.) [File not signed]
R0 aarich; C:\WINDOWS\System32\DRIVERS\aarich.sys [204800 2005-05-17] (Adaptec, Inc.) [File not signed]
R0 adpu320; C:\WINDOWS\System32\drivers\adpu320.sys [132608 2004-02-17] (Adaptec, Inc.) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21425 2009-08-01] (Meetinghouse Data Communications) [File not signed]
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-23] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-23] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-23] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 cercsr6; C:\WINDOWS\System32\drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121856 2003-07-11] (Intel Corporation) [File not signed]
S4 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [140544 2003-04-28] (Promise Technology, Inc.) [File not signed]
S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [87936 2005-05-31] (Texas Instruments)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2005-07-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-07-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-07-08] (HP)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S4 iaStor; C:\WINDOWS\System32\DRIVERS\iaStor.sys [250880 2006-04-26] (Intel Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R0 megasas; C:\WINDOWS\System32\drivers\megasas.sys [17664 2006-04-18] (LSI Logic Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-12] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-12] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-02-21] (Intel Corporation) [File not signed]
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S4 Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [93568 2006-05-11] (LSI Logic) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S4 vmscsi; C:\WINDOWS\System32\drivers\vmscsi.sys [11029 2003-02-24] (VMware, Inc.) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2209408 2007-02-08] (Intel® Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 xbreader; C:\WINDOWS\System32\Drivers\xbreader.sys [19677 2001-01-02] (Thesycon GmbH, Germany) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-25 07:53 - 2015-08-25 07:55 - 00000000 ____D C:\AdwCleaner
2015-08-25 07:50 - 2015-08-25 07:50 - 01605632 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\AdwCleaner.exe
2015-08-25 07:49 - 2015-08-25 07:49 - 00001631 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\JRT.txt
2015-08-25 07:43 - 2015-08-25 07:43 - 01798576 _____ (Malwarebytes Corporation) C:\Documents and Settings\LerP8@aol.com\Desktop\JRT.exe
2015-08-24 22:15 - 2015-08-24 22:17 - 00025659 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\Addition.txt
2015-08-24 22:09 - 2015-08-25 08:04 - 00018202 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\FRST.txt
2015-08-24 22:08 - 2015-08-25 08:03 - 00000000 ____D C:\FRST
2015-08-24 22:08 - 2015-08-24 22:08 - 01690112 _____ (Farbar) C:\Documents and Settings\LerP8@aol.com\Desktop\FRST.exe
2015-08-24 22:01 - 2015-08-25 07:59 - 00001740 _____ C:\WINDOWS\setupapi.log
2015-08-24 18:48 - 2015-08-24 18:48 - 00000813 _____ C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\Internet Explorer.lnk
2015-08-24 18:36 - 2015-08-24 18:41 - 00000000 __HDC C:\WINDOWS\ie8
2015-08-24 16:37 - 2015-08-24 16:41 - 50075360 _____ (Microsoft Corporation) C:\Documents and Settings\LerP8@aol.com\Desktop\Windows-KB890830-V5.27.exe
2015-08-24 14:07 - 2015-08-24 14:07 - 00010422 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\hijackthis.txt
2015-08-24 14:07 - 2015-08-24 14:07 - 00000774 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\registry.txt
2015-08-24 09:15 - 2015-08-24 09:15 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Desktop\Cleaners
2015-08-24 09:08 - 2015-08-24 09:08 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-08-24 07:46 - 2015-08-24 08:05 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-08-24 07:46 - 2015-08-24 08:05 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-08-24 07:10 - 2015-08-24 07:14 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\vlc
2015-08-24 07:07 - 2015-08-24 07:07 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-08-24 07:07 - 2015-08-24 07:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-08-23 19:16 - 2015-08-23 19:16 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-23 15:12 - 2013-04-18 23:26 - 00447194 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150823-151229.backup
2015-08-23 10:53 - 2015-08-23 10:53 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\AVAST Software
2015-08-23 10:52 - 2015-08-23 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-08-23 10:52 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-08-23 10:51 - 2015-08-23 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-23 10:50 - 2015-08-25 07:58 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-23 10:48 - 2015-08-23 10:47 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-23 10:48 - 2015-08-23 10:46 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-23 10:47 - 2015-08-23 10:46 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-23 10:46 - 2015-08-23 10:46 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-23 10:39 - 2015-08-23 10:39 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-23 10:36 - 2015-08-23 10:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-08-23 09:58 - 2015-08-23 09:59 - 00000000 ____D C:\Avenger
2015-08-23 07:51 - 2015-08-23 18:41 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-08-23 07:51 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 07:51 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 07:38 - 2015-08-23 07:39 - 00000000 ____D C:\WINDOWS\pss
2015-08-23 04:53 - 2015-08-25 07:56 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-23 04:53 - 2015-08-23 05:11 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-08-23 04:48 - 2015-08-25 07:42 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-08-23 02:55 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-08-23 02:55 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-08-23 01:06 - 2015-08-23 01:06 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-23 01:06 - 2015-08-23 01:06 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-23 01:06 - 2015-08-23 01:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-22 22:12 - 2015-08-22 22:12 - 00000000 ____D C:\Program Files\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-25 08:04 - 2008-08-15 00:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Temp
2015-08-25 07:58 - 2006-07-28 13:12 - 01486405 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-25 07:57 - 2004-08-12 09:34 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-25 07:56 - 2010-06-16 08:08 - 00000236 _____ C:\WINDOWS\Tasks\OGALogon.job
2015-08-25 07:56 - 2009-08-04 09:13 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-08-25 07:56 - 2009-08-04 09:13 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-25 07:56 - 2009-03-08 08:12 - 00000416 _____ C:\WINDOWS\Tasks\PCConfidential.job
2015-08-25 07:56 - 2006-07-28 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-25 07:55 - 2008-08-15 00:36 - 00000178 ___SH C:\Documents and Settings\LerP8@aol.com\ntuser.ini
2015-08-25 07:55 - 2006-07-28 13:17 - 00032510 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-25 07:52 - 2006-07-28 13:16 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-08-25 07:46 - 2008-08-15 00:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com
2015-08-25 07:29 - 2006-07-28 13:17 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-08-24 18:47 - 2006-07-28 05:57 - 00000000 ____D C:\WINDOWS\Media
2015-08-24 18:47 - 2006-07-28 05:57 - 00000000 ____D C:\WINDOWS\Help
2015-08-24 18:42 - 2008-08-14 02:06 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2015-08-24 17:00 - 2010-05-19 09:29 - 00000000 ____D C:\Games
2015-08-24 16:15 - 2009-03-21 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Creative
2015-08-24 16:15 - 2009-03-21 11:32 - 00000000 ____D C:\Program Files\Creative
2015-08-24 16:07 - 2009-03-07 16:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-08-24 15:58 - 2009-04-12 13:55 - 00008713 _____ C:\WINDOWS\wininit.ini
2015-08-24 13:50 - 2006-07-28 13:11 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-08-24 13:17 - 2006-07-28 13:17 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-24 13:14 - 2008-08-13 23:12 - 00013104 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-24 11:05 - 2006-07-28 06:02 - 00000263 __RSH C:\boot.ini
2015-08-24 11:05 - 2004-08-12 09:33 - 00000507 _____ C:\WINDOWS\win.ini
2015-08-24 11:05 - 2004-08-12 09:30 - 00000227 _____ C:\WINDOWS\system.ini
2015-08-24 09:10 - 2008-08-18 00:22 - 00000000 ____D C:\Program Files\Common Files\Real
2015-08-24 09:07 - 2008-08-14 01:34 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-08-24 09:06 - 2008-08-14 01:34 - 00001511 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-24 08:24 - 2008-08-13 17:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-24 08:22 - 2009-03-29 21:02 - 00000000 ____D C:\WINDOWS\ie8updates
2015-08-24 08:17 - 2008-08-18 00:23 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 08:08 - 2006-07-28 13:13 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2015-08-24 07:46 - 2008-08-15 00:36 - 00000802 _____ C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\Windows Media Player.lnk
2015-08-24 07:42 - 2009-03-07 18:37 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-08-24 07:30 - 2013-10-29 13:14 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\jagexcache
2015-08-24 07:20 - 2011-09-03 19:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-08-24 07:10 - 2010-10-01 11:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\dvdcss
2015-08-23 12:18 - 2010-06-23 16:45 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Temp
2015-08-23 11:51 - 2008-08-17 21:28 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\Adobe
2015-08-23 11:51 - 2008-08-14 07:09 - 00000000 ____D C:\Program Files\Adobe
2015-08-23 09:58 - 2009-03-07 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-08-23 09:56 - 2010-05-26 19:12 - 00000000 ____D C:\Program Files\Shared
2015-08-23 09:10 - 2006-07-28 06:04 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-23 07:47 - 2010-06-23 16:44 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Google
2015-08-23 07:31 - 2009-12-03 14:12 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Yahoo!
2015-08-23 07:29 - 2009-03-29 21:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2015-08-23 07:26 - 2011-04-03 17:40 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\mjusbsp
2015-08-23 07:11 - 2013-04-16 06:14 - 00000000 _____ C:\Documents and Settings\LerP8@aol.com\filetrace.log
2015-08-23 04:53 - 2006-07-28 06:03 - 00095072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 04:39 - 2011-01-30 00:32 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-08-23 04:38 - 2013-04-15 12:15 - 00001708 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-23 04:37 - 2011-01-30 00:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-23 04:35 - 2013-08-27 21:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-23 04:25 - 2009-12-11 12:02 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-23 04:14 - 2008-08-20 19:21 - 00490818 _____ C:\WINDOWS\system32\TZLog.log
2015-08-23 04:10 - 2006-07-28 06:04 - 00511996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-23 01:06 - 2009-03-07 09:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-22 22:32 - 2011-11-09 16:00 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai
2015-08-22 22:29 - 2009-11-03 13:29 - 00000000 ____D C:\Program Files\Common Files\Akamai
2015-08-22 22:25 - 2010-11-03 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-08-22 22:25 - 2009-03-07 16:20 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\CCleaner
2015-08-22 22:24 - 2009-03-07 16:20 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 11:01 - 2008-08-20 19:21 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2009-03-07 16:16 - 2012-07-28 23:33 - 0122880 _____ () C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-10 19:18 - 2011-01-25 10:22 - 0001940 _____ () C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Some files in TEMP:
====================
C:\Documents and Settings\LerP8@aol.com\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



#11 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 25 August 2015 - 08:30 AM

Hello :)

Okay, we removed the registry keys, but they've been replaced, and I believe I know why.

For the time being, please completely uninstall SpyBot Search and Destroy. I have seen instances where it will replace registry keys that have been removed, regardless of whether or not they are malware related.

I will have further instructions this evening, but for the time being please uninstall that program.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#12 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 25 August 2015 - 12:00 PM

Spybot has been removed.



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 25 August 2015 - 06:34 PM

Spybot has been removed.


Excellent, let's proceed. :thumbup2:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
HKLM\...\Run: [MyWebSearch Email Plugin] => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Fresh FRST.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 25 August 2015 - 06:55 PM

FixLog

 

Fix result of Farbar Recovery Scan Tool (x86) Version:24-08-2015
Ran by LerP8@aol.com (2015-08-25 20:02:58) Run:2
Running from C:\Documents and Settings\LerP8@aol.com\Desktop
Loaded Profiles: LerP8@aol.com (Available Profiles: LerP8@aol.com & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
HKLM\...\Run: [MyWebSearch Plugin] => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
HKLM\...\Run: [MyWebSearch Email Plugin] => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1
Emptytemp:
End
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => value removed successfully.
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF" => File/Folder not found.
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" => File/Folder not found.
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" => File/Folder not found.
"C:\PROGRA~1\MYWEBS~1" => File/Folder not found.
EmptyTemp: => 25.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:03:19 ====



#15 SolusUmbra

SolusUmbra
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 25 August 2015 - 06:56 PM

New Scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2015
Ran by LerP8@aol.com (administrator) on WXP-14VKS71 (25-08-2015 20:10:14)
Running from C:\Documents and Settings\LerP8@aol.com\Desktop
Loaded Profiles: LerP8@aol.com (Available Profiles: LerP8@aol.com & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel® Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ShowLOMControl] =>
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [176128 2005-07-08] (HP)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2003-12-22] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2003-12-05] (Hewlett-Packard)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [819200 2007-02-21] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [970752 2007-02-21] (Intel Corporation)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-23] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-07] (ATI Technologies Inc.)
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-2226508713-1759082878-975767817-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://downloads.yahoo.com/internetexplorer/welcome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> {3460B994-CF3F-4704-9944-652F9F9B7B3C} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-2226508713-1759082878-975767817-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2226508713-1759082878-975767817-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-23] (AVAST Software)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.170.153.146
Tcpip\..\Interfaces\{661204B1-CD06-467A-B6CC-BC3B710B67F9}: [DhcpNameServer] 192.168.0.1 216.170.153.146

FireFox:
========
FF ProfilePath: C:\Documents and Settings\LerP8@aol.com\Application Data\Mozilla\Firefox\Profiles\ymrhbzna.default-1440420570781
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @raidcall.kr/RCplugin -> C:\Documents and Settings\LerP8@aol.com\Application Data\RCKR\plugins\nprcplugin.dll [2012-08-09] (Raidcall)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-06-29] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-06-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-06-29]
FF HKLM\...\Firefox\Extensions: [myspacefftb@myspace.com] - C:\Program Files\MySpace\Toolbar\1.0.56.0
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-12]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-06-23]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-06-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-23]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-23] (AVAST Software)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-19] (HP) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-02-21] (Intel Corporation ) [File not signed]
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-02-21] (Intel® Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 a320raid; C:\WINDOWS\System32\DRIVERS\a320raid.sys [218112 2005-02-18] (Adaptec, Inc.) [File not signed]
S4 aac; C:\WINDOWS\System32\DRIVERS\aac.sys [48140 2004-04-07] (Adaptec, Inc.) [File not signed]
R0 aarich; C:\WINDOWS\System32\DRIVERS\aarich.sys [204800 2005-05-17] (Adaptec, Inc.) [File not signed]
R0 adpu320; C:\WINDOWS\System32\drivers\adpu320.sys [132608 2004-02-17] (Adaptec, Inc.) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21425 2009-08-01] (Meetinghouse Data Communications) [File not signed]
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-23] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-23] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-23] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 cercsr6; C:\WINDOWS\System32\drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121856 2003-07-11] (Intel Corporation) [File not signed]
S4 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [140544 2003-04-28] (Promise Technology, Inc.) [File not signed]
S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [87936 2005-05-31] (Texas Instruments)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2005-07-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-07-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-07-08] (HP)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S4 iaStor; C:\WINDOWS\System32\DRIVERS\iaStor.sys [250880 2006-04-26] (Intel Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R0 megasas; C:\WINDOWS\System32\drivers\megasas.sys [17664 2006-04-18] (LSI Logic Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-12] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-12] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-02-21] (Intel Corporation) [File not signed]
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S4 Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [93568 2006-05-11] (LSI Logic) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S4 vmscsi; C:\WINDOWS\System32\drivers\vmscsi.sys [11029 2003-02-24] (VMware, Inc.) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2209408 2007-02-08] (Intel® Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 xbreader; C:\WINDOWS\System32\Drivers\xbreader.sys [19677 2001-01-02] (Thesycon GmbH, Germany) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-25 20:10 - 2015-08-25 20:11 - 00017602 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\FRST.txt
2015-08-25 20:02 - 2015-08-25 20:02 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Desktop\Old
2015-08-25 18:02 - 2015-08-25 18:02 - 00006640 _____ C:\WINDOWS\iis6.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00006183 _____ C:\WINDOWS\FaxSetup.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00002956 _____ C:\WINDOWS\ocgen.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00002821 _____ C:\WINDOWS\tsoc.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00002027 _____ C:\WINDOWS\comsetup.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00001876 _____ C:\WINDOWS\msmqinst.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00001374 _____ C:\WINDOWS\imsins.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00001230 _____ C:\WINDOWS\ntdtcsetup.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00001083 _____ C:\WINDOWS\netfxocm.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00000425 _____ C:\WINDOWS\MedCtrOC.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00000342 _____ C:\WINDOWS\ocmsn.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00000311 _____ C:\WINDOWS\tabletoc.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00000309 _____ C:\WINDOWS\msgsocm.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-25 18:02 - 2015-08-25 18:02 - 00000000 _____ C:\WINDOWS\setupact.log
2015-08-25 18:00 - 2015-08-25 18:02 - 00006691 _____ C:\WINDOWS\KB2510531-IE8.log
2015-08-25 07:53 - 2015-08-25 07:55 - 00000000 ____D C:\AdwCleaner
2015-08-25 07:50 - 2015-08-25 07:50 - 01605632 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\AdwCleaner.exe
2015-08-25 07:43 - 2015-08-25 07:43 - 01798576 _____ (Malwarebytes Corporation) C:\Documents and Settings\LerP8@aol.com\Desktop\JRT.exe
2015-08-24 22:08 - 2015-08-25 20:10 - 00000000 ____D C:\FRST
2015-08-24 22:08 - 2015-08-24 22:08 - 01690112 _____ (Farbar) C:\Documents and Settings\LerP8@aol.com\Desktop\FRST.exe
2015-08-24 22:01 - 2015-08-25 10:21 - 00003330 _____ C:\WINDOWS\setupapi.log
2015-08-24 18:48 - 2015-08-24 18:48 - 00000813 _____ C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\Internet Explorer.lnk
2015-08-24 18:36 - 2015-08-24 18:41 - 00000000 __HDC C:\WINDOWS\ie8
2015-08-24 16:37 - 2015-08-24 16:41 - 50075360 _____ (Microsoft Corporation) C:\Documents and Settings\LerP8@aol.com\Desktop\Windows-KB890830-V5.27.exe
2015-08-24 14:07 - 2015-08-24 14:07 - 00010422 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\hijackthis.txt
2015-08-24 14:07 - 2015-08-24 14:07 - 00000774 _____ C:\Documents and Settings\LerP8@aol.com\Desktop\registry.txt
2015-08-24 09:15 - 2015-08-24 09:15 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Desktop\Cleaners
2015-08-24 09:08 - 2015-08-24 09:08 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-08-24 07:46 - 2015-08-24 08:05 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-08-24 07:46 - 2015-08-24 08:05 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-08-24 07:10 - 2015-08-24 07:14 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\vlc
2015-08-24 07:07 - 2015-08-24 07:07 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-08-24 07:07 - 2015-08-24 07:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-08-23 19:16 - 2015-08-23 19:16 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-23 15:12 - 2013-04-18 23:26 - 00447194 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150823-151229.backup
2015-08-23 10:53 - 2015-08-23 10:53 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\AVAST Software
2015-08-23 10:52 - 2015-08-23 10:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-08-23 10:52 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-08-23 10:51 - 2015-08-23 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-23 10:50 - 2015-08-25 20:11 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-23 10:48 - 2015-08-23 10:47 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-23 10:48 - 2015-08-23 10:47 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-23 10:48 - 2015-08-23 10:46 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-23 10:47 - 2015-08-23 10:46 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-23 10:46 - 2015-08-23 10:46 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-23 10:39 - 2015-08-23 10:39 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-23 10:36 - 2015-08-23 10:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-08-23 09:58 - 2015-08-23 09:59 - 00000000 ____D C:\Avenger
2015-08-23 07:51 - 2015-08-23 18:41 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 07:51 - 2015-08-23 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-08-23 07:51 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 07:51 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 07:38 - 2015-08-23 07:39 - 00000000 ____D C:\WINDOWS\pss
2015-08-23 04:53 - 2015-08-25 20:05 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-23 04:53 - 2015-08-23 05:11 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-08-23 04:48 - 2015-08-25 10:27 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-08-23 02:55 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-08-23 02:55 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-08-23 01:06 - 2015-08-23 01:06 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-23 01:06 - 2015-08-23 01:06 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-23 01:06 - 2015-08-23 01:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-22 22:12 - 2015-08-22 22:12 - 00000000 ____D C:\Program Files\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-25 20:11 - 2008-08-15 00:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Temp
2015-08-25 20:10 - 2006-07-28 13:12 - 01527531 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-25 20:05 - 2010-06-16 08:08 - 00000236 _____ C:\WINDOWS\Tasks\OGALogon.job
2015-08-25 20:05 - 2009-08-04 09:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-25 20:05 - 2009-08-04 09:13 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-25 20:05 - 2009-03-08 08:12 - 00000416 _____ C:\WINDOWS\Tasks\PCConfidential.job
2015-08-25 20:05 - 2006-07-28 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-25 20:05 - 2004-08-12 09:34 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-25 20:03 - 2008-08-15 00:36 - 00000178 ___SH C:\Documents and Settings\LerP8@aol.com\ntuser.ini
2015-08-25 20:03 - 2006-07-28 13:17 - 00032314 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-25 20:03 - 2006-07-28 13:16 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-08-25 10:16 - 2009-03-07 16:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2015-08-25 10:14 - 2009-03-07 16:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-08-25 07:46 - 2008-08-15 00:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com
2015-08-25 07:29 - 2006-07-28 13:17 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-08-24 18:47 - 2006-07-28 05:57 - 00000000 ____D C:\WINDOWS\Media
2015-08-24 18:47 - 2006-07-28 05:57 - 00000000 ____D C:\WINDOWS\Help
2015-08-24 18:42 - 2008-08-14 02:06 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2015-08-24 17:00 - 2010-05-19 09:29 - 00000000 ____D C:\Games
2015-08-24 16:15 - 2009-03-21 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Creative
2015-08-24 16:15 - 2009-03-21 11:32 - 00000000 ____D C:\Program Files\Creative
2015-08-24 15:58 - 2009-04-12 13:55 - 00008713 _____ C:\WINDOWS\wininit.ini
2015-08-24 13:50 - 2006-07-28 13:11 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-08-24 13:17 - 2006-07-28 13:17 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-24 13:14 - 2008-08-13 23:12 - 00013104 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-24 11:05 - 2006-07-28 06:02 - 00000263 __RSH C:\boot.ini
2015-08-24 11:05 - 2004-08-12 09:33 - 00000507 _____ C:\WINDOWS\win.ini
2015-08-24 11:05 - 2004-08-12 09:30 - 00000227 _____ C:\WINDOWS\system.ini
2015-08-24 09:10 - 2008-08-18 00:22 - 00000000 ____D C:\Program Files\Common Files\Real
2015-08-24 09:07 - 2008-08-14 01:34 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-08-24 09:06 - 2008-08-14 01:34 - 00001511 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-24 08:24 - 2008-08-13 17:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-24 08:22 - 2009-03-29 21:02 - 00000000 ____D C:\WINDOWS\ie8updates
2015-08-24 08:17 - 2008-08-18 00:23 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 08:08 - 2006-07-28 13:13 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2015-08-24 07:46 - 2008-08-15 00:36 - 00000802 _____ C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\Windows Media Player.lnk
2015-08-24 07:42 - 2009-03-07 18:37 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-08-24 07:30 - 2013-10-29 13:14 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\jagexcache
2015-08-24 07:20 - 2011-09-03 19:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-08-24 07:10 - 2010-10-01 11:36 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\dvdcss
2015-08-23 12:18 - 2010-06-23 16:45 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Temp
2015-08-23 11:51 - 2008-08-17 21:28 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\Adobe
2015-08-23 11:51 - 2008-08-14 07:09 - 00000000 ____D C:\Program Files\Adobe
2015-08-23 09:58 - 2009-03-07 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-08-23 09:56 - 2010-05-26 19:12 - 00000000 ____D C:\Program Files\Shared
2015-08-23 09:10 - 2006-07-28 06:04 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-23 07:47 - 2010-06-23 16:44 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Google
2015-08-23 07:31 - 2009-12-03 14:12 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Yahoo!
2015-08-23 07:29 - 2009-03-29 21:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2015-08-23 07:26 - 2011-04-03 17:40 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Application Data\mjusbsp
2015-08-23 07:11 - 2013-04-16 06:14 - 00000000 _____ C:\Documents and Settings\LerP8@aol.com\filetrace.log
2015-08-23 04:53 - 2006-07-28 06:03 - 00095072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 04:39 - 2011-01-30 00:32 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-08-23 04:38 - 2013-04-15 12:15 - 00001708 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-23 04:37 - 2011-01-30 00:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-23 04:35 - 2013-08-27 21:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-23 04:25 - 2009-12-11 12:02 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-23 04:14 - 2008-08-20 19:21 - 00490818 _____ C:\WINDOWS\system32\TZLog.log
2015-08-23 04:10 - 2006-07-28 06:04 - 00511996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-23 01:06 - 2009-03-07 09:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-22 22:32 - 2011-11-09 16:00 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\Akamai
2015-08-22 22:29 - 2009-11-03 13:29 - 00000000 ____D C:\Program Files\Common Files\Akamai
2015-08-22 22:25 - 2010-11-03 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-08-22 22:25 - 2009-03-07 16:20 - 00000000 ____D C:\Documents and Settings\LerP8@aol.com\Start Menu\Programs\CCleaner
2015-08-22 22:24 - 2009-03-07 16:20 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 11:01 - 2008-08-20 19:21 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2009-03-07 16:16 - 2012-07-28 23:33 - 0122880 _____ () C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-10 19:18 - 2011-01-25 10:22 - 0001940 _____ () C:\Documents and Settings\LerP8@aol.com\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users