Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tabs opening to ads when clicking on an image/data form input box


  • This topic is locked This topic is locked
38 replies to this topic

#1 brett1968

brett1968

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 10 November 2015 - 03:23 AM

 Foolishly, I downloaded a 'darkcoin miner' file from Sourceforge on November 1, 2 or 3 of this year. The software at Sourcefourge was only 5 days old...

 

I can't tell which program it was because those dates are missing from my Firefox browser History, even though I didn't delete them. That's a symptom of the infection, I assume.

 

The order in which these events seems to be mixed up and it alters.

 

Browsing seems to be as normal for around 15-20 minutes, (or even a few hours) then i might receive a message bar and a red lego block (2x1) looking icon with the message Firefox has prevented the outdated plugin "Adobe Flash" from running on http://www.(whatever page address I'm on).com."

Before (and/or) after this message occurs I have had one or two tabs open to advertisements instead of the page I actually want.

 

Another time when i clicked on an image to enlarge it I had redirected new tabs open to ads.

 

When I downloaded ATF Cleaner and attempted to clear out all of the cache, cookies, history, saved form info I get the message that it has 'finished and no files were deleted'.

 

When I downloaded SuperAntiSpyware the 'start scan' option is greyed out so i can't use it.

I use Firefox with Adblock which during one session told me that it had blocked 63 pop ups, then 120 pop ups then 180+ pop ups, but this happened only that one time.

 

When i tried to use McAfee Security Scan Plus it gives me this message," McAfee Security Scan Unavailable. We cannot check your security status now because your PC is not connected to the Internet McAfee. Security Scan is temporarily unavailable. Please connect to the Internet and click Re again later.' There are two tabs 'retry' and 'cancel' and 'cancel' is greyed out, but when cursoring over it the hand symbol appears.

The right hand end of this dialogue box is missing,

 

When I went to afterdawn forums and tried to register there, each time I clicked to add form data a new tab or two opened with an advertisement for computer antiviral software or such like, making joining there impossible.

 

It took numerous failed attempts to download both SuperAntiSpyware and ATFCleaner before they finally were downloaded and then as i posted, neither worked.

 

Sometimes I use Tor and Cryptostorm Narwhal V2.2 as a VPN when i do this and today i noticed that suddenly the VPN icon momentarily flashed as if it was turned off (when it is turmed off there is displayed a message that a cable is unplugged) then the icon appeared againn as normal, with no interruption to service.

Also, whilst i was using the darknet I received a message at the bottom of the screen that the page i already had fully loaded was in the act of connecting again and without me clicking on anything.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Sam (administrator) on HOME-303446BACA (10-11-2015 17:58:38)
Running from C:\Documents and Settings\Sam\My Documents\Downloads
Loaded Profiles: Sam (Available Profiles: Sam & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\WINDOWS\system32\acs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
() C:\Program Files\Dodo Mobile Broadband\ModemListener.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
(cryptostorm.is) C:\PROGRA~1\CRYPTO~1\bin\client.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\DOCUME~1\Sam\LOCALS~1\Temp\Rar$EX00.391\gpg4usb\start_windows.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [561232 2009-09-01] ()
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2328576 2009-07-03] (Vodafone)
HKLM\...\Run: [ModemListener] => C:\Program Files\Dodo Mobile Broadband\ModemListener.exe [98304 2011-04-27] ()
HKLM\...\Run: [VodafoneMobileWiFi] => C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe [311296 2012-04-19] (Vodafone)
HKLM\...\Run: [Cryptostorm client] => C:\Program Files\Cryptostorm Client\bin\client.exe [375296 2015-02-09] (cryptostorm.is)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [969104 2014-03-03] (BitTorrent, Inc.)
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [Mobile Partner] => C:\Program Files\pocketwifi\pocketwifi
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1610664 2015-11-02] (Valve Corporation)
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {1cfd6e04-2659-11e3-a1da-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {253753f0-4068-11e3-a1fd-0023cdd32b55} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {29d4ec42-c1dd-11e3-a286-0023cdd32b55} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {2cb55a87-346f-11e3-a1f3-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {2ee35e2c-3011-11e4-a307-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {3109c0f0-65f2-11e2-bc5e-0023cdd32b55} - H:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {3109c0f3-65f2-11e2-bc5e-0023cdd32b55} - H:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {310bc69a-aa79-11e2-bcf3-0023cdd32b55} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {3b1b44e2-7c10-11e2-bc97-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {550dd85e-66b2-11e2-bc62-0023cdd32b55} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {5b551f16-0e54-11e3-a1a2-0023cdd32b55} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {5b551f18-0e54-11e3-a1a2-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {5c3412f8-2bd8-11e3-a1ed-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {819a75b9-66f7-11e2-bc67-0023cdd32b55} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {81eea092-6702-11e2-bc68-0023cdd32b55} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {9b13e294-8895-11e2-bca8-0023cdd32b55} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {9ce9f601-52ab-11e2-af7a-806d6172696f} - G:\SETUP.EXE
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {a0a9a2b4-abf6-11e2-bcf5-0023cdd32b55} - J:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {a46ed472-89ce-11e2-bcab-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {ae765f96-4a9c-11e3-a20a-0023cdd32b55} - J:\Startme.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {b49019c0-59a7-11e3-a222-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {c1db8400-2aee-11e3-a1ea-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {c53fe70e-411b-11e3-a1ff-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d5e7ce0c-ac6d-11e2-bcf6-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d6ce869a-799f-11e2-bc92-0023cdd32b55} - H:\AutoRun.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d6ce869b-799f-11e2-bc92-0023cdd32b55} - H:\AutoRun.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d6ce869d-799f-11e2-bc92-0023cdd32b55} - D:\AutoRun.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d8a2ef11-78fa-11e2-bc90-0023cdd32b55} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2004-08-04] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Savant Web Server.lnk [2015-08-14]
ShortcutTarget: Savant Web Server.lnk -> C:\Savant\Savant.exe (Developed by Michael Lamont)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-515967899-1390067357-1801674531-1003] => Proxy is enabled.
ProxyServer: [S-1-5-21-515967899-1390067357-1801674531-1003] => localhost:21320
AutoConfigURL: [S-1-5-21-515967899-1390067357-1801674531-1003] => localhost:21320
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{A0B019D5-10FD-49C0-8019-AE9F1433780F}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-515967899-1390067357-1801674531-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-10] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359
FF DefaultSearchEngine: Ixquick HTTPS
FF Homepage: hxxps://www.ixquick.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-24] ()
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-06-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-06-28] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\searchplugins\ixquick-https.xml [2015-01-21]
FF Extension: AdBlock for Firefox - C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-04] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-12] (SUPERAntiSpyware.com) [File not signed]
R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-08-27] (Atheros) [File not signed]
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-08-27] () [File not signed]
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-03] () [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-10] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-07-03] (Vodafone) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3846016 2006-02-08] (Realtek Semiconductor Corp.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1570240 2009-06-03] (Atheros Communications, Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-09] (HP)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [105344 2011-02-25] (TCT International Mobile Ltd)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 phylock; C:\WINDOWS\System32\drivers\phylock.sys [18848 2006-12-18] (TeraByte, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2009-03-16] (Atheros Communications, Inc.) [File not signed]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 19:13 - 2015-12-08 19:17 - 00000263 _____ C:\wepkeys.txt
2015-11-10 17:58 - 2015-11-10 17:58 - 00000000 ____D C:\FRST
2015-11-10 14:30 - 2015-11-10 14:30 - 00000021 _____ C:\WINDOWS\S.dirmngr
2015-11-08 20:04 - 2015-11-08 20:04 - 00000000 ____D C:\Documents and Settings\Sam\My Documents\ProcAlyzer Dumps
2015-11-08 18:21 - 2004-08-04 23:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151108-182135.backup
2015-11-08 17:35 - 2015-11-10 14:30 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-11-08 17:35 - 2015-11-08 17:35 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-11-08 17:35 - 2015-11-08 17:35 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-11-08 17:34 - 2015-11-08 20:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-11-08 17:34 - 2015-11-08 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-11-08 17:34 - 2015-11-08 17:34 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-11-08 17:34 - 2015-11-08 17:34 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-11-08 17:34 - 2015-11-08 17:34 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-11-08 17:34 - 2015-11-08 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-11-08 17:34 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-11-07 21:50 - 2015-11-08 11:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-06 23:50 - 2015-11-06 23:49 - 00050688 _____ (Atribune.org) C:\Documents and Settings\Sam\Desktop\ATF-Cleaner(1).exe
2015-11-05 23:09 - 2015-11-05 23:29 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-11-05 23:08 - 2015-11-05 23:08 - 00000000 ____D C:\WINDOWS\CSC
2015-11-03 09:46 - 2015-11-03 09:47 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\mdrive
2015-11-02 21:57 - 2015-11-10 14:41 - 00000000 ____D C:\Program Files\dumps
2015-11-02 21:53 - 2015-11-02 21:53 - 00000664 _____ C:\Documents and Settings\All Users\Desktop\Steam.lnk
2015-11-02 21:52 - 2015-11-10 14:41 - 00000000 ____D C:\Program Files\Steam
2015-11-02 21:52 - 2015-11-02 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Steam
2015-11-02 21:52 - 2015-11-02 21:52 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-11-02 21:40 - 2015-11-02 21:40 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\shambalas
2015-11-02 19:01 - 2015-11-02 19:01 - 00000000 ___HD C:\WINDOWS\PIF
2015-11-02 18:59 - 2015-11-03 01:29 - 00054107 _____ C:\Documents and Settings\Sam\Desktop\Tales of Eildon.odt
2015-10-30 09:29 - 2015-10-30 09:29 - 00010300 _____ C:\Documents and Settings\Sam\My Documents\xrowdfundkebyanblind.odt
2015-10-28 09:40 - 2015-10-28 09:40 - 00009192 _____ C:\Documents and Settings\Sam\My Documents\ooknose.odt
2015-10-28 06:10 - 2015-10-28 06:10 - 00008501 _____ C:\Documents and Settings\Sam\My Documents\sleepoiddresmminud1.odt
2015-10-25 19:34 - 2015-10-25 19:34 - 00000000 _____ C:\Documents and Settings\Sam\Desktop\New Text Document (2).txt
2015-10-25 16:33 - 2015-10-25 16:33 - 00000640 _____ C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk
2015-10-25 15:48 - 2015-11-01 23:18 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\128PROJECT
2015-10-24 23:39 - 2015-10-24 23:40 - 00000412 _____ C:\WINDOWS\WINNT32.LOG
2015-10-24 23:39 - 2015-10-24 23:40 - 00000225 _____ C:\WINDOWS\DHCPUPG.LOG
2015-10-24 21:24 - 2015-10-24 21:24 - 00000843 _____ C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
2015-10-24 21:24 - 2015-10-24 21:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox
2015-10-24 21:19 - 2015-10-24 21:19 - 00000000 ____D C:\Program Files\Oracle
2015-10-19 19:06 - 2015-11-05 00:47 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\tfc
2015-10-17 15:13 - 2015-10-17 15:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini101715-01.dmp
2015-10-14 23:39 - 2015-10-14 23:39 - 00000000 _____ C:\Documents and Settings\Sam\Desktop\New Text Document.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 17:58 - 2012-12-30 18:42 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\Temp
2015-11-10 17:44 - 2013-01-01 07:03 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-10 17:38 - 2013-01-25 21:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-10 14:43 - 2013-01-28 16:35 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\uTorrent
2015-11-10 14:42 - 2012-12-31 05:13 - 00947390 _____ C:\WINDOWS\setupapi.log
2015-11-10 14:42 - 2012-12-31 05:13 - 00306131 _____ C:\WINDOWS\setupact.log
2015-11-10 14:36 - 2012-12-30 18:25 - 00350194 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-10 14:31 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS\system32\ias
2015-11-10 14:30 - 2013-01-01 07:03 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-10 14:30 - 2012-12-31 05:16 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-10 14:30 - 2012-12-31 05:16 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-10 14:30 - 2012-12-30 18:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-10 08:50 - 2012-12-30 18:42 - 00000178 ___SH C:\Documents and Settings\Sam\ntuser.ini
2015-11-10 08:50 - 2012-12-30 18:41 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-09 08:25 - 2012-12-31 05:12 - 00000254 ____H C:\boot.ini
2015-11-09 08:22 - 2013-01-01 07:06 - 00039936 _____ C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-08 20:52 - 2012-12-30 18:41 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-11-08 19:32 - 2015-09-07 10:10 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskremsmaster
2015-11-08 18:26 - 2012-12-30 18:42 - 00000000 ____D C:\Documents and Settings\Sam
2015-11-08 18:19 - 2013-01-24 02:00 - 00000049 _____ C:\WINDOWS\NeroDigital.ini
2015-11-08 17:21 - 2013-01-27 14:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-07 19:30 - 2015-06-29 01:30 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\Tor Browser
2015-11-05 23:50 - 2013-01-01 07:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-05 23:13 - 2015-07-25 17:15 - 00003168 _____ C:\Documents and Settings\Sam\Desktop\Rkill.txt
2015-11-03 16:47 - 2013-01-01 06:50 - 00000000 ____D C:\Program Files\FastStone Image Viewer
2015-11-03 16:20 - 2014-12-30 13:38 - 00000327 _____ C:\WINDOWS\Hornby.INI
2015-11-03 16:20 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS\Help
2015-11-03 10:06 - 2013-08-13 18:06 - 00000000 ____D C:\Documents and Settings\Sam\.VirtualBox
2015-11-02 19:16 - 2013-12-11 09:19 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskrms5
2015-11-02 18:29 - 2013-09-25 16:31 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\MANTSCRIPT
2015-11-01 22:48 - 2013-10-11 12:23 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\Audacity
2015-11-01 10:16 - 2013-01-29 16:59 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\vlc
2015-11-01 10:03 - 2004-08-04 23:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-29 23:44 - 2013-12-11 09:19 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskrms
2015-10-28 02:30 - 2015-03-28 23:45 - 00069436 _____ C:\Documents and Settings\Sam\Desktop\ghostkitten3mar2015.odt
2015-10-25 16:33 - 2013-12-05 21:38 - 00231760 _____ (TrueCrypt Foundation) C:\WINDOWS\system32\Drivers\truecrypt.sys
2015-10-20 02:37 - 2013-09-18 15:38 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\alwri913

==================== Files in the root of some directories =======

2013-01-01 07:06 - 2015-11-09 08:22 - 0039936 _____ () C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-09 17:28 - 2013-12-09 17:28 - 0000725 _____ () C:\Documents and Settings\Sam\Local Settings\Application Data\recently-used.xbel

Some files in TEMP:
====================
C:\Documents and Settings\Sam\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\Sam\Local Settings\Temp\ResetDevice.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by Sam (2015-11-10 17:59:28)
Running from C:\Documents and Settings\Sam\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 2 (X86) (2012-12-30 07:28:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515967899-1390067357-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-515967899-1390067357-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-515967899-1390067357-1801674531-1000 - Limited - Disabled)
Sam (S-1-5-21-515967899-1390067357-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Sam
SUPPORT_388945a0 (S-1-5-21-515967899-1390067357-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

<šÈ²58¿OBþ_iø(¼ª*yo<ö©z´8k!*ŸqÙlø1JÅÓJÍvá‚•Lç
µTorrent (HKLM\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
²>ÂbMáãëqe”àIgÚ$ÝÂÁÞºOL¤úó‰¯Fû&Œ¯+"—7È ™Oç,·+¼oæçŽÅ+U‚FSTõì4Ftµ$+Æ>)Ä7Æ6ÏÌBxAW–ŸM¨ Œsœì‘áF?Ý­Þ¼Ùj´ÊÏ÷Z:$¼`ÿX‡'—õàN5Sþš€÷€êa½z1sÈ¿ p#&hýÊ×€CÍ߆"(7)Áµ~„èªû§ P#ÉæP2ÞdTXeÚòUA§É‹búmeÖ<Q·kZ“=X=ÑJ\Â)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
4ñÑ“vÃk4oDõ®¼Î‘[õYlYÚióÎ$ëÙv'bpÑëÑé°.¢ÔKY]l    [‡
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Angry Birds Star Wars (HKLM\...\{408ADFFE-B2D1-451E-A2CB-6213B90D58EA}) (Version: 1.0.0 - Rovio)
Army Men - Sarge's Heroes (HKLM\...\Army Men - Sarge's Heroes) (Version:  - )
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bejeweled 3 (HKLM\...\Bejeweled 3) (Version:  - PopCap Games)
Bitcoin (HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Bitcoin) (Version: 0.6.3 - Bitcoin project)
Bitcoin Armory (HKLM\...\Bitcoin Armory) (Version: 0.92.1.0 - Armory Technologies Inc.)
Bitcoin Core (32-bit) (HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Bitcoin Core (32-bit)) (Version: 0.9.2 - Bitcoin Core project)
Cryptostorm Client (HKLM\...\{35A52EE3-6D23-4AA6-B881-3F10658D626C}_is1) (Version: 2.22 - Cryptostorm)
Darkcoin (HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Darkcoin) (Version: 0.9.12.27 - Darkcoin Project)
Dev-C++ (HKLM\...\Dev-C++) (Version: 5.10 - Bloodshed Software)
Dodo Mobile Broadband (HKLM\...\Dodo Mobile Broadband ALCATEL_is1) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
F^
FastStone Image Viewer 2.22 (HKLM\...\FastStone Image Viewer) (Version: 2.22 - FastStone Soft.)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FLAC 1.2.1b (remove only) (HKLM\...\FLAC) (Version: 1.2.1b - Xiph.org)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Gpg4win (2.1.0) (HKLM\...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project)
Hornby Virtual Railway (HKLM\...\Hornby Virtual Railway) (Version:  - )
HP Photosmart All-In-One Driver Software 9.0.A Corporate Edition (HKLM\...\{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}) (Version: 9.0 - HP)
IGI 2 Demo (HKLM\...\IGI 2 Demo) (Version:  - )
Image for Windows 1.70a (HKLM\...\Image for Windows_is1) (Version:  - TeraByte Unlimited)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
K-Lite Mega Codec Pack 6.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.1.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Player Utilities 5.22 (HKLM\...\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}) (Version: 5.22 -  )
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NeroVision Express 2 (HKLM\...\NeroVision!UninstallKey) (Version:  - )
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.16 (HKLM\...\{3B2A7E23-AC7E-46BB-B725-65C555F8FFC5}) (Version: 4.2.16 - Oracle Corporation)
Peggle (HKLM\...\Peggle) (Version:  - PopCap Games)
pocketwifi (HKLM\...\pocketwifi) (Version: TOOL-ConnLaucher_WIN1.01.01.737 - Huawei Technologies Co.,Ltd)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
ps_aio_corporate (Version: 90.0.222.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Ruby Fortune Casino (HKLM\...\rubyfortune) (Version: 14.1.0.3056 - ©¢{¿é•?߃}c8¨SB(ãåWv†É1èÉÑ|'lEÚ˜·Ô%HnYU>ìÁ£R¥­9.lûŠ†=RKUÊë´WŽ=¨b7F5¤Œ;Q¢\|êÑà:A¸¾Ó+Yc_â"¼¯¼¶L/ƒ‹ðIt­5)äï@
Savant Web Server (HKLM\...\Savant Web Server) (Version:  - )
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Shockwave 7.0.3 Player (HKLM\...\Shockwave 7.0.3 Player) (Version:  - )
SimCity Classic® CD Collection (HKLM\...\SimCityClassicCDv1) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
ŠôéžPcSKýË=n–×µã#Ú’Þl•CòéM²/U»Gø’¿q.,õI±Gº\Ùªè)CTFA©®Z_xìL­4O£5BÚíò#‹+;…»þfmâZ™œ(;Ñ?Íjø¡Šs…w.¶Kƒ­ ÄáýTy_¨ÊÝå„9!Îï`˜<ɺ
Sony PC Companion 2.10.181 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.181 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STK02N 2.4.1 (HKLM\...\{3F424493-B0F2-43A4-A892-DFA447B2A59D}) (Version: 2.4.1 - Syntek)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
Superscape 3D Control (HKLM\...\Superscape 3D Control) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TP-LINK Client Installation Program (HKLM\...\{1E58B969-9BB4-4012-8D8B-D06005D1CD24}) (Version:  - TP-LINK)
TP-LINK Client Installation Program (Version: 7.0 - TP-LINK) Hidden
Triazzle (HKLM\...\Triazzle) (Version:  - )
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unreal Tournament G.O.T.Y. Edition (HKLM\...\UnrealTournament) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (HKLM\...\{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.16284 - Vodafone)
Vodafone Wi-Fi Installer (HKLM\...\{046DE6F8-7B41-465A-B127-848D88AB1AB8}) (Version: 1.0.0.38942 - Vodafone)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinHTTrack Website Copier 3.46-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Zuma (HKLM\...\Zuma) (Version:  - PopCap Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-515967899-1390067357-1801674531-1003_Classes\CLSID\{E6D6B700-124D-11D4-86F3-DB80AFD98778}\InprocServer32 -> C:\Program Files\Media Player Utilities 5.22\AVIConverter\tools\AviSynth.dll (The Public)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 23:00 - 2015-11-08 18:21 - 00450613 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15461 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (Whitelisted) ==============

2013-01-02 19:05 - 2009-09-01 17:30 - 00561232 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
2013-01-02 19:05 - 2009-08-19 17:44 - 00421969 _____ () C:\WINDOWS\system32\wgapi.dll
2013-01-02 19:05 - 2009-08-19 17:46 - 00163840 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemres.dll
2014-06-07 17:10 - 2011-04-27 14:38 - 00098304 _____ () C:\Program Files\Dodo Mobile Broadband\ModemListener.exe
2015-04-24 16:13 - 2015-02-09 15:21 - 00020589 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\b184fe3a16e6df34236a16ba20eed1e3\scalar.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00024679 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\d38b03a0c3ffc6277dd0061ca2c4629b\Glob.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00041067 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\421b0b09ce5c677dae2cb0fc8f57072f\Win32.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00028776 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\4abda4a8576c462e90f466bb929e9cbd\threads.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00024698 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\0dff24f3a147d179339ff0606c73e41e\Util.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00036990 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\5d84569a488cbcd853172976470c6876\shared.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00041061 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\a1eafec41c41f73b1a9b5e67f5f5a15a\Tcl.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00024676 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\59ae295cf890d0eed78c6bd8e3470fb6\Fcntl.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00049267 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\b0cab9f29c842b6be1aa0904b44f919e\SHA.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00061546 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\369b1282467340c8ceb95e7b9407af12\Storable.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00024670 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\76e8af0cc3a92bb1aa54c8042b86b1bc\IO.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00028774 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\bce0df8aca969089429a1b098d1847a2\Socket.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00024681 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\ce04da2b0e30975662a808ad9588f96a\HiRes.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00024701 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\5f46db795e652e960a51321858c03174\Process.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00082033 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\3caff5c4e64adac65c66533129c42cae\OLE.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00020587 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\08e3d0df328b6db3a412b10d77baaf2a\Cwd.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00020593 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\90ae06be44a1b0ca35a1e8e4b93dd5d2\API.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00118918 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\1475f7f7a44afa7024ddb61bf7996aef\Registry.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00082048 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\d6bd208d267815fedd4d481b886cc673\WinError.dll
2015-04-24 16:13 - 2015-02-09 15:21 - 00020590 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\2d4495db4af27045ffd33970414dc9d5\attributes.dll
2015-11-10 14:30 - 2012-12-14 08:11 - 00032768 _____ () C:\Documents and Settings\Sam\Local Settings\Temp\TCLB.tmp
2015-11-10 14:30 - 2012-12-14 08:11 - 00118784 _____ () C:\Documents and Settings\Sam\Local Settings\Temp\TCLC.tmp
2015-11-10 14:31 - 2012-12-14 08:11 - 00208896 _____ () C:\Documents and Settings\Sam\Local Settings\Temp\TCLD.tmp
2015-11-10 14:31 - 2012-12-14 08:11 - 00040960 _____ () C:\Documents and Settings\Sam\Local Settings\Temp\TCLE.tmp
2015-04-24 16:13 - 2015-02-09 15:21 - 00086146 _____ () C:\Program Files\Cryptostorm Client\lib\vrt\02ebbeea8bb15299cedaaf680ef4b634\Zlib.dll
2015-11-08 17:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-11-08 17:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-11-08 17:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-07 17:10 - 2010-08-27 17:04 - 00040960 _____ () C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
2011-03-03 02:20 - 2011-03-03 02:20 - 00224256 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2011-03-03 02:16 - 2011-03-03 02:16 - 00208384 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2011-03-03 02:13 - 2011-03-03 02:13 - 00048640 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2011-03-03 02:11 - 2011-03-03 02:11 - 00038400 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2011-03-03 02:16 - 2011-03-03 02:16 - 00073216 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2011-03-03 02:17 - 2011-03-03 02:17 - 00603136 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-11.dll
2015-11-08 17:34 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-11-08 17:34 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-11-10 15:11 - 2012-09-05 19:30 - 04483584 _____ () C:\Documents and Settings\Sam\Local Settings\Temp\Rar$EX00.391\gpg4usb\start_windows.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Program Files\FastStone Image Viewer\FSViewerWallPaper.bmp
DNS Servers: 192.168.43.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Bitcoin\bitcoin-qt.exe] => Disabled:bitcoin-qt
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Sam\My Documents\Downloads\Tor Browser\App\tor.exe] => Enabled:tor
StandardProfile\AuthorizedApplications: [C:\Program Files\Darkcoin\darkcoin-qt.exe] => Disabled:darkcoin-Qt (OSS GUI client for darkcoin)
StandardProfile\AuthorizedApplications: [I:\Program Files\Bitcoin\bitcoin-qt.exe] => Enabled:Bitcoin Core (OSS GUI client for Bitcoin)
StandardProfile\AuthorizedApplications: [C:\Program Files\Armory\ArmoryQt.exe] => Enabled:ArmoryQt
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Sam\Desktop\Tor Browser\Tor\PluggableTransports\flashproxy-client.exe] => Enabled:flashproxy-client
StandardProfile\AuthorizedApplications: [C:\Savant\Savant.exe] => Enabled:Savant Web Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: Android
Description: Android
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2015 01:40:37 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/20/2015 09:01:45 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/19/2015 02:36:03 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/19/2015 12:22:22 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/18/2015 02:25:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application DVD Shrink 3.2.exe, version 3.2.0.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/18/2015 12:43:29 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/17/2015 05:34:22 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/17/2015 01:45:26 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/17/2015 01:20:29 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/16/2015 03:41:00 AM) (Source: VMCService) (EventID: 0) (User: )
Description: GetProcessOwner


System errors:
=============
Error: (02/09/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TP-LINK Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/09/2015 09:48:20 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 120 minutes.
NtpClient has no source of accurate time.

Error: (02/09/2015 09:48:20 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/09/2015 08:48:20 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 60 minutes.
NtpClient has no source of accurate time.

Error: (02/09/2015 08:48:20 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/09/2015 08:18:20 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (02/09/2015 08:18:20 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/09/2015 08:03:20 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (02/09/2015 08:03:20 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/09/2015 02:09:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TP-LINK Configuration Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 88%
Total physical RAM: 1006.73 MB
Available physical RAM: 111.78 MB
Total Virtual: 2425.68 MB
Available Virtual: 1565.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:227.17 GB) (Free:88.99 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:7.45 GB) (Free:0.1 GB) FAT32
Drive g: (Terraria) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive i: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1711.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 14651464)
Partition 1: (Active) - (Size=227.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5.7 GB) - (Type=05)

========================================================
Disk: 4 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 5 (Size: 1863 GB) (Disk ID: 20864F71)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 brett1968

brett1968
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 11 November 2015 - 09:24 PM

I forgot to add a detail to this post, ie I have previousoly posted some text online and when I returned to that site one of the words had been altered so that it was a highlighted link to an advertisement. It most certainly would not have been done by the site.



#3 brett1968

brett1968
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 13 November 2015 - 08:14 PM

...and another observation I ned to include is that sometimes I am being reidrected to a site where I recieve an error 404 message which mentions nginx and the websites www.3cdn.org and (amongst a plethora of others, hxxp://ads.traffichunt.com.

Edited by Black_Bird, 13 November 2015 - 11:16 PM.
Disabled hyperlink


#4 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 PM

Posted 13 November 2015 - 11:25 PM

Hi Brett1968,

1. Download AdwCleaner and save it to your Desktop.
  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • When the program has started, click the Scan button and wait untill the scan has finished.
  • Make sure everything (on all tabs) is selected, and click the Clean button.
  • It's possible that AdwCleaner asks you to restart the system. It's important that you agree with this.
  • After restart a logfile will appear. Please post the contents of that logfile in your next reply.
2. Please download Attached File  fixlist.txt   4.62KB   2 downloads to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!
3. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.
4. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.
5. Please remove fixlist.txt from your PC.

6. Please reboot your PC.

7. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
8. We need to enable System Restore
  • Please open the Start Menu, right-click My Computer and click Properties.
  • Now, please click the System Restore tab.
  • Please remove the checkmark next to Turn off System Restore (on all drives).
  • Click OK.
  • Close all open windows.
9. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#5 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 PM

Posted 13 November 2015 - 11:47 PM

I want to add the following two points to my post above:
  • You are using an outdated version of Microsoft Windows
    The Windows version you are currently using (Windows XP) isn't updated anymore and that way your system will always be more vulnerable to malware, as it won't be patched anymore through Windows Updates. I recommend you to upgrade your version of Windows to Windows 7 or above.
  • Please remove uTorrent from your PC
    At least untill I told you your PC is clean again. The reason is that this software is often used for illegal activities which also create a vulnerability to your PC (you can download malware easily through torrents). So please, at least remove it from your PC untill we're done here.

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#6 brett1968

brett1968
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 14 November 2015 - 03:09 AM

Hi Black_Bird and thanks for your help. The machine seems to be operating a lot faster than it has for quite a while now!

I turned on system restore as instructed. Problems noted so far, pages 'connecting' even though they're fully loaded. (We have only used the machine online minimally since following the steps provided).

Here are the logs created:

1. Rkill

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/14/2015 04:31:40 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\acs.exe (PID: 1444) [WD-HEUR]

1 proccess terminated!

Active Proxy Server Detected

 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Documents and Settings\Sam\Desktop\rkill\rkill-11-14-2015-04-31-46.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001

Checking Windows Service Integrity:

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic

 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1    localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com

  20 out of 15493 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 11/14/2015 04:32:25 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)

 

2. Fixlistlog

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by Sam (2015-11-14 16:44:11) Run:1
Running from C:\Documents and Settings\Sam\My Documents\Downloads
Loaded Profiles: Sam (Available Profiles: Sam & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {1cfd6e04-2659-11e3-a1da-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {253753f0-4068-11e3-a1fd-0023cdd32b55} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {29d4ec42-c1dd-11e3-a286-0023cdd32b55} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {2cb55a87-346f-11e3-a1f3-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {2ee35e2c-3011-11e4-a307-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {3109c0f0-65f2-11e2-bc5e-0023cdd32b55} - H:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {3109c0f3-65f2-11e2-bc5e-0023cdd32b55} - H:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {310bc69a-aa79-11e2-bcf3-0023cdd32b55} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {3b1b44e2-7c10-11e2-bc97-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {550dd85e-66b2-11e2-bc62-0023cdd32b55} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {5b551f16-0e54-11e3-a1a2-0023cdd32b55} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {5b551f18-0e54-11e3-a1a2-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {5c3412f8-2bd8-11e3-a1ed-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {819a75b9-66f7-11e2-bc67-0023cdd32b55} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {81eea092-6702-11e2-bc68-0023cdd32b55} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {9b13e294-8895-11e2-bca8-0023cdd32b55} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {9ce9f601-52ab-11e2-af7a-806d6172696f} - G:\SETUP.EXE
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {a0a9a2b4-abf6-11e2-bcf5-0023cdd32b55} - J:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {a46ed472-89ce-11e2-bcab-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {ae765f96-4a9c-11e3-a20a-0023cdd32b55} - J:\Startme.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {b49019c0-59a7-11e3-a222-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {c1db8400-2aee-11e3-a1ea-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {c53fe70e-411b-11e3-a1ff-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d5e7ce0c-ac6d-11e2-bcf6-0023cdd32b55} - D:\SetupWi-Fi.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d6ce869a-799f-11e2-bc92-0023cdd32b55} - H:\AutoRun.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d6ce869b-799f-11e2-bc92-0023cdd32b55} - H:\AutoRun.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d6ce869d-799f-11e2-bc92-0023cdd32b55} - D:\AutoRun.exe
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\MountPoints2: {d8a2ef11-78fa-11e2-bc90-0023cdd32b55} - H:\setup_vmc_lite.exe /checkApplicationPresence
ShortcutTarget: Savant Web Server.lnk -> C:\Savant\Savant.exe (Developed by Michael Lamont)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF Extension: AdBlock for Firefox - C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-04] [not signed]
U1 WS2IFSL; no ImagePath
C:\Savant
D:\SetupWi-Fi.exe
H:\SetupWi-Fi.exe
I:\SetupWi-Fi.exe
J:\SetupWi-Fi.exe
D:\setup_vmc_lite.exe
H:\setup_vmc_lite.exe
G:\SETUP.EXE
J:\Startme.exe
D:\AutoRun.exe
H:\AutoRun.exe
C:\Documents and Settings\Sam\My Documents\xrowdfundkebyanblind.odt
C:\Documents and Settings\Sam\My Documents\ooknose.odt
C:\Documents and Settings\Sam\My Documents\sleepoiddresmminud1.odt
C:\Documents and Settings\Sam\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\Sam\Local Settings\Temp\ResetDevice.exe
*****************

"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cfd6e04-2659-11e3-a1da-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{1cfd6e04-2659-11e3-a1da-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253753f0-4068-11e3-a1fd-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{253753f0-4068-11e3-a1fd-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29d4ec42-c1dd-11e3-a286-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{29d4ec42-c1dd-11e3-a286-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cb55a87-346f-11e3-a1f3-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{2cb55a87-346f-11e3-a1f3-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ee35e2c-3011-11e4-a307-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{2ee35e2c-3011-11e4-a307-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3109c0f0-65f2-11e2-bc5e-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{3109c0f0-65f2-11e2-bc5e-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3109c0f3-65f2-11e2-bc5e-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{3109c0f3-65f2-11e2-bc5e-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310bc69a-aa79-11e2-bcf3-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{310bc69a-aa79-11e2-bcf3-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1b44e2-7c10-11e2-bc97-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{3b1b44e2-7c10-11e2-bc97-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550dd85e-66b2-11e2-bc62-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{550dd85e-66b2-11e2-bc62-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b551f16-0e54-11e3-a1a2-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{5b551f16-0e54-11e3-a1a2-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b551f18-0e54-11e3-a1a2-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{5b551f18-0e54-11e3-a1a2-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3412f8-2bd8-11e3-a1ed-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{5c3412f8-2bd8-11e3-a1ed-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819a75b9-66f7-11e2-bc67-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{819a75b9-66f7-11e2-bc67-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81eea092-6702-11e2-bc68-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{81eea092-6702-11e2-bc68-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b13e294-8895-11e2-bca8-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{9b13e294-8895-11e2-bca8-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ce9f601-52ab-11e2-af7a-806d6172696f}" => key removed successfully.
HKCR\CLSID\{9ce9f601-52ab-11e2-af7a-806d6172696f} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a9a2b4-abf6-11e2-bcf5-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{a0a9a2b4-abf6-11e2-bcf5-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a46ed472-89ce-11e2-bcab-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{a46ed472-89ce-11e2-bcab-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae765f96-4a9c-11e3-a20a-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{ae765f96-4a9c-11e3-a20a-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b49019c0-59a7-11e3-a222-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{b49019c0-59a7-11e3-a222-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1db8400-2aee-11e3-a1ea-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{c1db8400-2aee-11e3-a1ea-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c53fe70e-411b-11e3-a1ff-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{c53fe70e-411b-11e3-a1ff-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5e7ce0c-ac6d-11e2-bcf6-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{d5e7ce0c-ac6d-11e2-bcf6-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6ce869a-799f-11e2-bc92-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{d6ce869a-799f-11e2-bc92-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6ce869b-799f-11e2-bc92-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{d6ce869b-799f-11e2-bc92-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6ce869d-799f-11e2-bc92-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{d6ce869d-799f-11e2-bc92-0023cdd32b55} => key not found.
"HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8a2ef11-78fa-11e2-bc90-0023cdd32b55}" => key removed successfully.
HKCR\CLSID\{d8a2ef11-78fa-11e2-bc90-0023cdd32b55} => key not found.
C:\Savant\Savant.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi => moved successfully
WS2IFSL => service removed successfully.
C:\Savant => moved successfully
"D:\SetupWi-Fi.exe" => not found.
"H:\SetupWi-Fi.exe" => not found.
"I:\SetupWi-Fi.exe" => not found.
"J:\SetupWi-Fi.exe" => not found.
"D:\setup_vmc_lite.exe" => not found.
"H:\setup_vmc_lite.exe" => not found.
Could not move "G:\SETUP.EXE" => Scheduled to move on reboot.
"J:\Startme.exe" => not found.
"D:\AutoRun.exe" => not found.
"H:\AutoRun.exe" => not found.
C:\Documents and Settings\Sam\My Documents\xrowdfundkebyanblind.odt => moved successfully
C:\Documents and Settings\Sam\My Documents\ooknose.odt => moved successfully
C:\Documents and Settings\Sam\My Documents\sleepoiddresmminud1.odt => moved successfully
C:\Documents and Settings\Sam\Local Settings\Temp\DataCard_Setup.exe => moved successfully
C:\Documents and Settings\Sam\Local Settings\Temp\ResetDevice.exe => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-14 17:52:51)

"G:\SETUP.EXE" => Could not move

==== End of Fixlog 17:52:52 ====

 

and after fix, scan 2 with farbar

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Sam (administrator) on HOME-303446BACA (14-11-2015 17:56:23)
Running from C:\Documents and Settings\Sam\Desktop
Loaded Profiles: Sam (Available Profiles: Sam & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\WINDOWS\system32\acs.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
() C:\Program Files\Dodo Mobile Broadband\ModemListener.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [561232 2009-09-01] ()
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2328576 2009-07-03] (Vodafone)
HKLM\...\Run: [ModemListener] => C:\Program Files\Dodo Mobile Broadband\ModemListener.exe [98304 2011-04-27] ()
HKLM\...\Run: [VodafoneMobileWiFi] => C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe [311296 2012-04-19] (Vodafone)
HKLM\...\Run: [Cryptostorm client] => C:\Program Files\Cryptostorm Client\bin\client.exe [375296 2015-02-09] (cryptostorm.is)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [uTorrent] => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [Mobile Partner] => C:\Program Files\pocketwifi\pocketwifi
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1610664 2015-11-02] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2004-08-04] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Savant Web Server.lnk [2015-11-14]
ShortcutTarget: Savant Web Server.lnk -> C:\FRST\Quarantine\C\Savant\Savant.exe.xBAD (Developed by Michael Lamont)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{A0B019D5-10FD-49C0-8019-AE9F1433780F}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-515967899-1390067357-1801674531-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-10] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359
FF DefaultSearchEngine: Ixquick HTTPS
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-24] ()
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-06-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-06-28] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\searchplugins\ixquick-https.xml [2015-01-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-12] (SUPERAntiSpyware.com) [File not signed]
R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-08-27] (Atheros) [File not signed]
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-08-27] () [File not signed]
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-03] () [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-10] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-07-03] (Vodafone) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3846016 2006-02-08] (Realtek Semiconductor Corp.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1570240 2009-06-03] (Atheros Communications, Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-09] (HP)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [105344 2011-02-25] (TCT International Mobile Ltd)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 phylock; C:\WINDOWS\System32\drivers\phylock.sys [18848 2006-12-18] (TeraByte, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2009-03-16] (Atheros Communications, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 19:13 - 2015-12-08 19:17 - 00000263 _____ C:\wepkeys.txt
2015-11-14 17:56 - 2015-11-14 17:56 - 00013824 _____ C:\Documents and Settings\Sam\Desktop\FRST.txt
2015-11-14 17:48 - 2015-11-14 17:48 - 00000021 _____ C:\WINDOWS\S.dirmngr
2015-11-14 16:31 - 2015-11-14 16:31 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\rkill
2015-11-14 16:27 - 2015-11-14 16:29 - 02019656 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Sam\Desktop\rkill.exe
2015-11-14 16:14 - 2015-11-14 16:14 - 00001628 _____ C:\Documents and Settings\Sam\Desktop\AdwCleaner[C1].txt
2015-11-14 16:09 - 2015-11-14 16:09 - 00001494 _____ C:\Documents and Settings\Sam\Desktop\AdwCleaner[S1].txt
2015-11-14 16:06 - 2015-11-14 16:10 - 00000000 ____D C:\AdwCleaner
2015-11-14 15:50 - 2015-11-14 16:01 - 01729536 _____ C:\Documents and Settings\Sam\Desktop\adwcleaner_5.020.exe
2015-11-10 19:17 - 2015-11-10 19:40 - 00062495 _____ C:\Documents and Settings\Sam\Desktop\bleepingcomptxt1.txt
2015-11-10 19:12 - 2015-11-10 19:12 - 00031777 _____ C:\Documents and Settings\Sam\Desktop\Addition.txt
2015-11-10 17:58 - 2015-11-14 17:56 - 00000000 ____D C:\FRST
2015-11-10 17:41 - 2015-11-10 17:45 - 01702400 _____ (Farbar) C:\Documents and Settings\Sam\Desktop\FRST.exe
2015-11-08 20:04 - 2015-11-08 20:04 - 00000000 ____D C:\Documents and Settings\Sam\My Documents\ProcAlyzer Dumps
2015-11-08 18:21 - 2004-08-04 23:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151108-182135.backup
2015-11-08 17:35 - 2015-11-14 17:49 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-11-08 17:35 - 2015-11-08 17:35 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-11-08 17:35 - 2015-11-08 17:35 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-11-08 17:34 - 2015-11-08 20:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-11-08 17:34 - 2015-11-08 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-11-08 17:34 - 2015-11-08 17:34 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-11-08 17:34 - 2015-11-08 17:34 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-11-08 17:34 - 2015-11-08 17:34 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-11-08 17:34 - 2015-11-08 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-11-08 17:34 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-11-07 21:50 - 2015-11-08 11:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-06 23:50 - 2015-11-06 23:49 - 00050688 _____ (Atribune.org) C:\Documents and Settings\Sam\Desktop\ATF-Cleaner(1).exe
2015-11-05 23:09 - 2015-11-05 23:29 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-11-05 23:08 - 2015-11-05 23:08 - 00000000 ____D C:\WINDOWS\CSC
2015-11-03 09:46 - 2015-11-03 09:47 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\mdrive
2015-11-02 21:57 - 2015-11-14 09:49 - 00000000 ____D C:\Program Files\dumps
2015-11-02 21:53 - 2015-11-02 21:53 - 00000664 _____ C:\Documents and Settings\All Users\Desktop\Steam.lnk
2015-11-02 21:52 - 2015-11-14 17:49 - 00000000 ____D C:\Program Files\Steam
2015-11-02 21:52 - 2015-11-02 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Steam
2015-11-02 21:52 - 2015-11-02 21:52 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-11-02 21:40 - 2015-11-02 21:40 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\shambalas
2015-11-02 19:01 - 2015-11-02 19:01 - 00000000 ___HD C:\WINDOWS\PIF
2015-11-02 18:59 - 2015-11-03 01:29 - 00054107 _____ C:\Documents and Settings\Sam\Desktop\Tales of Eildon.odt
2015-10-25 19:34 - 2015-10-25 19:34 - 00000000 _____ C:\Documents and Settings\Sam\Desktop\New Text Document (2).txt
2015-10-25 16:33 - 2015-10-25 16:33 - 00000640 _____ C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk
2015-10-25 15:48 - 2015-11-01 23:18 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\128PROJECT
2015-10-24 23:39 - 2015-10-24 23:40 - 00000412 _____ C:\WINDOWS\WINNT32.LOG
2015-10-24 23:39 - 2015-10-24 23:40 - 00000225 _____ C:\WINDOWS\DHCPUPG.LOG
2015-10-24 21:24 - 2015-10-24 21:24 - 00000843 _____ C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
2015-10-24 21:24 - 2015-10-24 21:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox
2015-10-24 21:19 - 2015-10-24 21:19 - 00000000 ____D C:\Program Files\Oracle
2015-10-19 19:06 - 2015-11-05 00:47 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\tfc
2015-10-17 15:13 - 2015-10-17 15:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini101715-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 17:56 - 2012-12-30 18:42 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\Temp
2015-11-14 17:55 - 2013-01-24 02:00 - 00000049 _____ C:\WINDOWS\NeroDigital.ini
2015-11-14 17:55 - 2012-12-30 18:25 - 00373715 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-14 17:49 - 2013-01-01 07:03 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 17:49 - 2012-12-31 05:16 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-14 17:49 - 2012-12-31 05:16 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-14 17:49 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS\system32\ias
2015-11-14 17:48 - 2012-12-30 18:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 17:47 - 2012-12-30 18:42 - 00000178 ___SH C:\Documents and Settings\Sam\ntuser.ini
2015-11-14 17:47 - 2012-12-30 18:41 - 00032478 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-14 17:42 - 2013-01-01 07:03 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 17:38 - 2013-01-25 21:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-14 16:34 - 2015-07-25 17:15 - 00004792 _____ C:\Documents and Settings\Sam\Desktop\Rkill.txt
2015-11-14 16:18 - 2013-01-28 16:35 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\uTorrent
2015-11-13 13:30 - 2012-12-31 05:13 - 00948900 _____ C:\WINDOWS\setupapi.log
2015-11-13 13:19 - 2004-08-04 23:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-12 22:08 - 2013-09-05 02:10 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\Application Data\Adobe
2015-11-12 13:45 - 2015-09-07 10:10 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskremsmaster
2015-11-10 14:42 - 2012-12-31 05:13 - 00306131 _____ C:\WINDOWS\setupact.log
2015-11-09 08:25 - 2012-12-31 05:12 - 00000254 ____H C:\boot.ini
2015-11-09 08:22 - 2013-01-01 07:06 - 00039936 _____ C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-08 20:52 - 2012-12-30 18:41 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-11-08 18:26 - 2012-12-30 18:42 - 00000000 ____D C:\Documents and Settings\Sam
2015-11-08 17:21 - 2013-01-27 14:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-07 19:30 - 2015-06-29 01:30 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\Tor Browser
2015-11-05 23:50 - 2013-01-01 07:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-03 16:47 - 2013-01-01 06:50 - 00000000 ____D C:\Program Files\FastStone Image Viewer
2015-11-03 16:20 - 2014-12-30 13:38 - 00000327 _____ C:\WINDOWS\Hornby.INI
2015-11-03 16:20 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS\Help
2015-11-03 10:06 - 2013-08-13 18:06 - 00000000 ____D C:\Documents and Settings\Sam\.VirtualBox
2015-11-02 19:16 - 2013-12-11 09:19 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskrms5
2015-11-02 18:29 - 2013-09-25 16:31 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\MANTSCRIPT
2015-11-01 22:48 - 2013-10-11 12:23 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\Audacity
2015-11-01 10:16 - 2013-01-29 16:59 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\vlc
2015-10-29 23:44 - 2013-12-11 09:19 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskrms
2015-10-28 02:30 - 2015-03-28 23:45 - 00069436 _____ C:\Documents and Settings\Sam\Desktop\ghostkitten3mar2015.odt
2015-10-25 16:33 - 2013-12-05 21:38 - 00231760 _____ (TrueCrypt Foundation) C:\WINDOWS\system32\Drivers\truecrypt.sys
2015-10-20 02:37 - 2013-09-18 15:38 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\alwri913

==================== Files in the root of some directories =======

2013-01-01 07:06 - 2015-11-09 08:22 - 0039936 _____ () C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-09 17:28 - 2013-12-09 17:28 - 0000725 _____ () C:\Documents and Settings\Sam\Local Settings\Application Data\recently-used.xbel

Some files in TEMP:
====================
C:\Documents and Settings\Sam\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

 



#7 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 PM

Posted 14 November 2015 - 11:11 AM

Hi there,

 

For your information, there were a lot of malicious entries in your logfiles. Good news is that they're gone now! We're not yet done though, there might be malicious left overs on your PC.

 

First, I've got some questions for you:

  • In your logfiles I've seen this file pop up: G:\SETUP.EXE. Just a question: is the G-drive your CD/DVD drive? If not, what type of device is it? Can you tell me what was in it? A legitimate setup.exe-file?

  • I don't see any of the AdwCleaner logfiles. Can you please post them anyway?

  • I need you to check out something. Please navigate to this file: C:\wepkeys.txt. Did you create this file? I hope not it's what I think it is: WEP Wi-Fi access keys. If you don't know for sure what's in it, you can send it to me. In that case send it to me through a private message, just to be on the safe side!

 

I hope to hear back from you soon. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#8 brett1968

brett1968
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 14 November 2015 - 08:18 PM

Hi Black_Bird,

 

The G: drive is a game called Terraria which I didn't realise hasd been in the cd/dvd drive. It's now out.

 

There are two logs from Adw cleaner heres the S1 file:

 

# AdwCleaner v5.020 - Logfile created 14/11/2015 at 16:06:28
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 2 (x86)
# Username : Sam - HOME-303446BACA
# Running from : C:\Documents and Settings\Sam\Desktop\adwcleaner_5.020.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}

***** [ Web browsers ] *****

[C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "Ixquick hxxpS");
[C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxps://www.ixquick.com/");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1415 bytes] ##########

 

and the C1 file:

 

# AdwCleaner v5.020 - Logfile created 14/11/2015 at 16:10:42
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 2 (x86)
# Username : Sam - HOME-303446BACA
# Running from : C:\Documents and Settings\Sam\Desktop\adwcleaner_5.020.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "Ixquick hxxpS");
[-] [C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://www.ixquick.com/");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1549 bytes] ##########

 



#9 brett1968

brett1968
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 14 November 2015 - 08:31 PM

Sorry, I posted too soon. I forgot to add that the internet is running awful slow, pages are hanging without fully loading, when trying to download flashplayer update I am still getting a connection error message and no download as a result and earlier when I rebooted my machine the start bar colour scheme has been altered.



#10 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 PM

Posted 15 November 2015 - 01:59 PM

Hi there,

 

I saw you sent me a private message. I reviewed the contents of the file. I advise you to delete the txt-file, as it could harm your system's security.

 

1. Download Malwarebytes' Anti-Malware and save it to your Desktop.
If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 1-A.



1-A. Start Malwarebytes' Anti-Malware.
  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).

 

2. Please post a new FRST logfile so we can have a look at your system's behaviour.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#11 brett1968

brett1968
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 18 November 2015 - 03:09 AM

Hi Black_Bird, my apologies for thedelayed response. I ran out of internet for 48 hours! I have run the scans. 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/17/2015
Scan Time: 3:43:50 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.16.01
Rootkit Database: v2015.11.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: Sam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326271
Time Elapsed: 16 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-11-2015
Ran by Sam (administrator) on HOME-303446BACA (18-11-2015 17:42:06)
Running from C:\Documents and Settings\Sam\Desktop
Loaded Profiles: Sam (Available Profiles: Sam & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\WINDOWS\system32\acs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
() C:\Program Files\Dodo Mobile Broadband\ModemListener.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(cryptostorm.is) C:\PROGRA~1\CRYPTO~1\bin\client.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [561232 2009-09-01] ()
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2328576 2009-07-03] (Vodafone)
HKLM\...\Run: [ModemListener] => C:\Program Files\Dodo Mobile Broadband\ModemListener.exe [98304 2011-04-27] ()
HKLM\...\Run: [VodafoneMobileWiFi] => C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe [311296 2012-04-19] (Vodafone)
HKLM\...\Run: [Cryptostorm client] => C:\Program Files\Cryptostorm Client\bin\client.exe [375296 2015-02-09] (cryptostorm.is)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [uTorrent] => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [Mobile Partner] => C:\Program Files\pocketwifi\pocketwifi
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1610664 2015-11-02] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2004-08-04] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Savant Web Server.lnk [2015-11-14]
ShortcutTarget: Savant Web Server.lnk -> C:\FRST\Quarantine\C\Savant\Savant.exe.xBAD (Developed by Michael Lamont)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{A0B019D5-10FD-49C0-8019-AE9F1433780F}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-515967899-1390067357-1801674531-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-10] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359
FF DefaultSearchEngine: Ixquick HTTPS
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-24] ()
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-06-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-06-28] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\searchplugins\ixquick-https.xml [2015-01-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-12] (SUPERAntiSpyware.com) [File not signed]
R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-08-27] (Atheros) [File not signed]
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-08-27] () [File not signed]
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-03] () [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-10] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-07-03] (Vodafone) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3846016 2006-02-08] (Realtek Semiconductor Corp.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1570240 2009-06-03] (Atheros Communications, Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-09] (HP)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [105344 2011-02-25] (TCT International Mobile Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-18] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 phylock; C:\WINDOWS\System32\drivers\phylock.sys [18848 2006-12-18] (TeraByte, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2009-03-16] (Atheros Communications, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-18 17:42 - 2015-11-18 17:42 - 00014549 _____ C:\Documents and Settings\Sam\Desktop\FRST.txt
2015-11-18 17:41 - 2015-11-18 17:41 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\FRST-OlderVersion
2015-11-18 16:02 - 2015-11-18 16:02 - 00000021 _____ C:\WINDOWS\S.dirmngr
2015-11-16 08:51 - 2015-11-18 16:49 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 08:50 - 2015-11-16 08:50 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 08:50 - 2015-11-16 08:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-16 08:50 - 2015-11-16 08:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 08:50 - 2015-11-16 08:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-11-16 08:50 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-16 08:50 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-16 08:27 - 2015-11-16 08:27 - 00000259 _____ C:\Documents and Settings\Sam\Desktop\waswep.txt
2015-11-16 08:26 - 2015-11-16 08:26 - 00000000 _____ C:\Documents and Settings\Sam\Desktop\New Text Document (3).txt
2015-11-14 18:25 - 2015-11-14 18:26 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\stufforbleepingcomp
2015-11-14 16:31 - 2015-11-14 16:31 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\rkill
2015-11-14 16:27 - 2015-11-14 16:29 - 02019656 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Sam\Desktop\rkill.exe
2015-11-14 16:14 - 2015-11-14 16:14 - 00001628 _____ C:\Documents and Settings\Sam\Desktop\AdwCleaner[C1].txt
2015-11-14 16:09 - 2015-11-14 16:09 - 00001494 _____ C:\Documents and Settings\Sam\Desktop\AdwCleaner[S1].txt
2015-11-14 16:06 - 2015-11-14 16:10 - 00000000 ____D C:\AdwCleaner
2015-11-10 19:12 - 2015-11-10 19:12 - 00031777 _____ C:\Documents and Settings\Sam\Desktop\Addition.txt
2015-11-10 17:58 - 2015-11-18 17:42 - 00000000 ____D C:\FRST
2015-11-10 17:41 - 2015-11-18 17:41 - 01378816 _____ (Farbar) C:\Documents and Settings\Sam\Desktop\FRST.exe
2015-11-08 20:04 - 2015-11-08 20:04 - 00000000 ____D C:\Documents and Settings\Sam\My Documents\ProcAlyzer Dumps
2015-11-08 18:21 - 2004-08-04 23:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151108-182135.backup
2015-11-08 17:35 - 2015-11-18 16:03 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-11-08 17:35 - 2015-11-08 17:35 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-11-08 17:35 - 2015-11-08 17:35 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-11-08 17:34 - 2015-11-08 20:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-11-08 17:34 - 2015-11-08 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-11-08 17:34 - 2015-11-08 17:34 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-11-08 17:34 - 2015-11-08 17:34 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-11-08 17:34 - 2015-11-08 17:34 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-11-08 17:34 - 2015-11-08 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-11-08 17:34 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-11-07 21:50 - 2015-11-08 11:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-06 23:50 - 2015-11-06 23:49 - 00050688 _____ (Atribune.org) C:\Documents and Settings\Sam\Desktop\ATF-Cleaner(1).exe
2015-11-05 23:09 - 2015-11-05 23:29 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-11-05 23:08 - 2015-11-05 23:08 - 00000000 ____D C:\WINDOWS\CSC
2015-11-03 09:46 - 2015-11-03 09:47 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\mdrive
2015-11-02 21:57 - 2015-11-16 18:22 - 00000000 ____D C:\Program Files\dumps
2015-11-02 21:52 - 2015-11-18 16:19 - 00000000 ____D C:\Program Files\Steam
2015-11-02 21:52 - 2015-11-02 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Steam
2015-11-02 21:52 - 2015-11-02 21:52 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-11-02 21:40 - 2015-11-02 21:40 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\shambalas
2015-11-02 19:01 - 2015-11-02 19:01 - 00000000 ___HD C:\WINDOWS\PIF
2015-11-02 18:59 - 2015-11-03 01:29 - 00054107 _____ C:\Documents and Settings\Sam\Desktop\Tales of Eildon.odt
2015-10-25 19:34 - 2015-10-25 19:34 - 00000000 _____ C:\Documents and Settings\Sam\Desktop\New Text Document (2).txt
2015-10-25 16:33 - 2015-10-25 16:33 - 00000640 _____ C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk
2015-10-25 15:48 - 2015-11-01 23:18 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\128PROJECT
2015-10-24 23:39 - 2015-10-24 23:40 - 00000412 _____ C:\WINDOWS\WINNT32.LOG
2015-10-24 23:39 - 2015-10-24 23:40 - 00000225 _____ C:\WINDOWS\DHCPUPG.LOG
2015-10-24 21:24 - 2015-10-24 21:24 - 00000843 _____ C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
2015-10-24 21:24 - 2015-10-24 21:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox
2015-10-24 21:19 - 2015-10-24 21:19 - 00000000 ____D C:\Program Files\Oracle
2015-10-19 19:06 - 2015-11-05 00:47 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\tfc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-18 17:42 - 2013-01-01 07:03 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-18 17:42 - 2012-12-30 18:42 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\Temp
2015-11-18 17:38 - 2013-01-25 21:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-18 16:33 - 2013-01-24 02:00 - 00000049 _____ C:\WINDOWS\NeroDigital.ini
2015-11-18 16:09 - 2012-12-30 18:25 - 00395673 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-18 16:04 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS\system32\ias
2015-11-18 16:03 - 2012-12-31 05:16 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-18 16:03 - 2012-12-31 05:16 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-18 16:02 - 2013-01-01 07:03 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-18 16:02 - 2012-12-30 18:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-18 09:40 - 2012-12-30 18:42 - 00000178 ___SH C:\Documents and Settings\Sam\ntuser.ini
2015-11-18 09:40 - 2012-12-30 18:41 - 00032650 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-17 19:36 - 2013-09-18 15:38 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\alwri913
2015-11-16 18:23 - 2015-07-25 17:15 - 00003574 _____ C:\Documents and Settings\Sam\Desktop\Rkill.txt
2015-11-16 18:13 - 2013-05-09 00:42 - 00000000 ____D C:\WINDOWS\STK02N
2015-11-15 12:27 - 2013-09-05 02:10 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\Application Data\Adobe
2015-11-14 18:02 - 2012-12-30 18:24 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-11-14 16:18 - 2013-01-28 16:35 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\uTorrent
2015-11-13 13:30 - 2012-12-31 05:13 - 00948900 _____ C:\WINDOWS\setupapi.log
2015-11-13 13:19 - 2004-08-04 23:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-12 13:45 - 2015-09-07 10:10 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskremsmaster
2015-11-10 14:42 - 2012-12-31 05:13 - 00306131 _____ C:\WINDOWS\setupact.log
2015-11-09 08:25 - 2012-12-31 05:12 - 00000254 ____H C:\boot.ini
2015-11-09 08:22 - 2013-01-01 07:06 - 00039936 _____ C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-08 20:52 - 2012-12-30 18:41 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-11-08 18:26 - 2012-12-30 18:42 - 00000000 ____D C:\Documents and Settings\Sam
2015-11-08 17:21 - 2013-01-27 14:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-07 19:30 - 2015-06-29 01:30 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\Tor Browser
2015-11-05 23:50 - 2013-01-01 07:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-03 16:47 - 2013-01-01 06:50 - 00000000 ____D C:\Program Files\FastStone Image Viewer
2015-11-03 16:20 - 2014-12-30 13:38 - 00000327 _____ C:\WINDOWS\Hornby.INI
2015-11-03 16:20 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS\Help
2015-11-03 10:06 - 2013-08-13 18:06 - 00000000 ____D C:\Documents and Settings\Sam\.VirtualBox
2015-11-02 19:16 - 2013-12-11 09:19 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskrms5
2015-11-02 18:29 - 2013-09-25 16:31 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\MANTSCRIPT
2015-11-01 22:48 - 2013-10-11 12:23 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\Audacity
2015-11-01 10:16 - 2013-01-29 16:59 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\vlc
2015-10-29 23:44 - 2013-12-11 09:19 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskrms
2015-10-28 02:30 - 2015-03-28 23:45 - 00069436 _____ C:\Documents and Settings\Sam\Desktop\ghostkitten3mar2015.odt
2015-10-25 16:33 - 2013-12-05 21:38 - 00231760 _____ (TrueCrypt Foundation) C:\WINDOWS\system32\Drivers\truecrypt.sys

==================== Files in the root of some directories =======

2013-01-01 07:06 - 2015-11-09 08:22 - 0039936 _____ () C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-09 17:28 - 2013-12-09 17:28 - 0000725 _____ () C:\Documents and Settings\Sam\Local Settings\Application Data\recently-used.xbel

Some files in TEMP:
====================
C:\Documents and Settings\Sam\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



#12 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 PM

Posted 19 November 2015 - 12:10 AM

Hi,

 

Your logfiles are clean. I assume you still got connectivity and speed problems while browsing the internet. Therefor I advise you to reinstall your internet browser (FireFox, as far as I can see). Maybe it's just caused by a software problem. It's worth trying I think. :)

 

Please let me know if it solved the problems. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#13 brett1968

brett1968
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 19 November 2015 - 02:55 AM

Thanks again Blck_Bird.

You are correct I am having problems with pages acting like they're connecting even though it's obvious they're fully loaded and strange things happening outside of the browser too, for example, when right clicking to cut and paste the wrong menu came up a few times, when I cursored over the start bar on windows desktop, instead of it allowing me to click on the icons the maximise/miimise arrowed symbol appeared instead, long pauses when clicking on desktop icons, not being able to download flashplayer update.



#14 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 PM

Posted 20 November 2015 - 01:21 PM

Hi,

 

Allright, let's take a deeper look.

 

Download ComboFix to your Desktop.

WARNING: ComboFix is a very powerful tool that can damage your system when not used properly. ONLY use this tool under supervision of a trained Malware Analyst. Never use it on your own!!!

NOTE: Don't use your computer for other purposes while running ComboFix. It may cause it to stall!

  • Temporary disable your own anti-virus and other anti-malware programs. For instructions, take a look here.
  • Close all open windows.
  • Right-click ComboFix.exe and select Run as Administrator.
  • Accept the Disclaimer.
  • If you're asked to install the Recovery Console, allow the program to do so.
  • The scan may take some time to finish. Wait for it, please.
  • If ComboFix asks to restart the system, please allow so immediately.
  • When finished, ComboFix will show you a logfile. Please copy/paste the contents of this logfile in your next reply.

If somehow the logfile didn't open or if you can't find it anymore, it's saved as C:\ComboFix.txt.

 

 

Please also do a new scan with FRST with the 'Addition.txt' option enabled. Post both logfiles that will open into your next reply as well.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#15 brett1968

brett1968
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 26 November 2015 - 05:18 AM

Hi Black_Bird, my apologoies for the delay posting. Here are the results of the scans.

 

 

ComboFix 15-11-23.01 - Sam 11/26/2015  19:13:32.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1007.441 [GMT 11:00]
Running from: c:\documents and settings\Sam\My Documents\Downloads\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sam\WINDOWS
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\hosts.ics
J:\AUTORUN.INF
J:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-26 to 2015-11-26  )))))))))))))))))))))))))))))))
.
.
2015-11-15 21:51 . 2015-11-26 06:44    170200    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-15 21:50 . 2015-11-15 21:50    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-11-15 21:50 . 2015-11-15 21:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2015-11-15 21:50 . 2015-10-04 22:50    121560    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-11-15 21:50 . 2015-10-04 22:50    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-11-14 05:06 . 2015-11-14 05:10    --------    d-----w-    C:\AdwCleaner
2015-11-10 06:58 . 2015-11-18 06:43    --------    d-----w-    C:\FRST
2015-11-08 06:34 . 2013-09-19 23:49    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2015-11-08 06:34 . 2015-11-08 06:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2015-11-08 06:34 . 2015-11-08 09:53    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2015-11-02 10:57 . 2015-11-26 06:47    --------    d-----w-    c:\program files\dumps
2015-11-02 10:52 . 2015-11-02 10:52    --------    d-----w-    c:\program files\Common Files\Steam
2015-11-02 10:52 . 2015-11-26 06:47    --------    d-----w-    c:\program files\Steam
2015-11-02 08:01 . 2015-11-02 08:01    --------    d--h--w-    c:\windows\PIF
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-25 05:33 . 2013-12-05 10:38    231760    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files\pocketwifi\pocketwifi" [X]
"Steam"="c:\program files\Steam\Steam.exe" [2015-11-02 1610664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-09-01 561232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]
"ModemListener"="c:\program files\Dodo Mobile Broadband\ModemListener.exe" [2011-04-27 98304]
"VodafoneMobileWiFi"="c:\program files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe" [2012-04-19 311296]
"Cryptostorm client"="c:\progra~1\CRYPTO~1\bin\client.exe" [2015-02-09 375296]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-23 4101576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-10 279456]
Savant Web Server.lnk - c:\frst\Quarantine\C\Savant\Savant.exe.xBAD [2015-8-14 286772]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bitcoin\\bitcoin-qt.exe"=
"c:\\Program Files\\Darkcoin\\darkcoin-qt.exe"=
"c:\\Program Files\\Armory\\ArmoryQt.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [1/1/2013 6:54 AM 18848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 3:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 8:55 AM 67664]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/13/2013 6:04 PM 188176]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/13/2013 6:04 PM 94480]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/12/2012 5:54 AM 116608]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/8/2015 5:34 PM 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/8/2015 5:34 PM 2088408]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/3/2009 12:40 PM 9216]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [1/24/2013 5:53 PM 73984]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [7/4/2013 5:37 PM 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [7/4/2013 4:37 PM 115984]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?]
S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [3/3/2011 2:20 AM 224256]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [11/16/2015 8:50 AM 1513784]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [11/16/2015 8:50 AM 1135416]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/8/2015 5:34 PM 171928]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 10:58 AM 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 7:45 PM 161384]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [1/24/2013 6:17 PM 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [1/24/2013 5:53 PM 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2/18/2013 6:50 PM 117504]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [1/24/2013 5:53 PM 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [1/24/2013 5:53 PM 66688]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [1/24/2013 5:53 PM 26624]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2/18/2013 6:51 PM 100992]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [6/7/2014 5:10 PM 105344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/16/2015 8:50 AM 23256]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [4/10/2014 12:12 AM 235696]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [11/17/2013 11:51 PM 155824]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [8/13/2013 6:04 PM 84752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-25 13:53]
.
2015-11-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-11-08 00:52]
.
2015-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-31 22:28]
.
2015-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-31 22:28]
.
2015-11-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-11-08 23:41]
.
2015-11-08 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-11-08 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Video Converter... - c:\program files\Media Player Utilities 5.22\AVIConverter\grab.html
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-11-26 19:24
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2015-11-26  19:29:02
ComboFix-quarantined-files.txt  2015-11-26 08:28
.
Pre-Run: 94,998,294,528 bytes free
Post-Run: 95,222,722,560 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot
[spybotsd]
timeout.old=0
.
- - End Of File - - CBDC1B57726517D4767C57081B55A96D
8F558EB6672622401DA993E1E865C861

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-11-2015 02
Ran by Sam (administrator) on HOME-303446BACA (26-11-2015 19:57:12)
Running from C:\Documents and Settings\Sam\Desktop\security
Loaded Profiles: Sam (Available Profiles: Sam & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\WINDOWS\system32\acs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [561232 2009-09-01] ()
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2328576 2009-07-03] (Vodafone)
HKLM\...\Run: [ModemListener] => C:\Program Files\Dodo Mobile Broadband\ModemListener.exe [98304 2011-04-27] ()
HKLM\...\Run: [VodafoneMobileWiFi] => C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe [311296 2012-04-19] (Vodafone)
HKLM\...\Run: [Cryptostorm client] => C:\Program Files\Cryptostorm Client\bin\client.exe [375296 2015-02-09] (cryptostorm.is)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [Mobile Partner] => C:\Program Files\pocketwifi\pocketwifi
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1610664 2015-11-02] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2004-08-04] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Savant Web Server.lnk [2015-11-14]
ShortcutTarget: Savant Web Server.lnk -> C:\FRST\Quarantine\C\Savant\Savant.exe.xBAD (Developed by Michael Lamont)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{A0B019D5-10FD-49C0-8019-AE9F1433780F}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-515967899-1390067357-1801674531-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-10] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359
FF DefaultSearchEngine: Ixquick HTTPS
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-24] ()
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-06-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-06-28] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\7ubqnt4c.default-1449809516359\searchplugins\ixquick-https.xml [2015-01-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-12] (SUPERAntiSpyware.com) [File not signed]
R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2009-08-27] (Atheros) [File not signed]
S2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-08-27] () [File not signed]
S2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-03] () [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-10] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-07-03] (Vodafone) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3846016 2006-02-08] (Realtek Semiconductor Corp.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1570240 2009-06-03] (Atheros Communications, Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-09] (HP)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-02-07] (Huawei Technologies Co., Ltd.)
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [105344 2011-02-25] (TCT International Mobile Ltd)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 phylock; C:\WINDOWS\System32\drivers\phylock.sys [18848 2006-12-18] (TeraByte, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2009-03-16] (Atheros Communications, Inc.) [File not signed]
U3 catchme; \??\C:\DOCUME~1\Sam\LOCALS~1\Temp\catchme.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-26 19:29 - 2015-11-26 19:57 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\temp
2015-11-26 19:29 - 2015-11-26 19:29 - 00018001 _____ C:\ComboFix.txt
2015-11-26 19:29 - 2015-11-26 19:29 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-26 19:29 - 2015-11-26 19:29 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-11-26 19:29 - 2015-11-26 19:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-26 19:10 - 2015-11-26 19:10 - 00000000 _RSHD C:\cmdcons
2015-11-26 19:10 - 2015-11-09 08:25 - 00000254 _____ C:\Boot.bak
2015-11-26 19:10 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-11-26 19:05 - 2011-06-26 17:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-11-26 19:05 - 2010-11-08 04:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-11-26 19:05 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-11-26 19:05 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-11-26 19:05 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-11-26 19:05 - 2000-08-31 11:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-11-26 19:05 - 2000-08-31 11:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-11-26 19:05 - 2000-08-31 11:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-11-26 19:05 - 2000-08-31 11:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-11-26 19:04 - 2015-11-26 19:29 - 00000000 ____D C:\Qoobox
2015-11-26 19:04 - 2015-11-26 19:25 - 00000000 ____D C:\WINDOWS\erdnt
2015-11-26 19:04 - 2015-11-26 19:04 - 00000000 ___RD C:\Documents and Settings\Sam\My Documents\My Videos
2015-11-26 17:43 - 2015-11-26 17:43 - 00000021 _____ C:\WINDOWS\S.dirmngr
2015-11-21 00:28 - 2015-11-21 00:28 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\games
2015-11-21 00:27 - 2015-11-26 19:57 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\security
2015-11-21 00:23 - 2015-11-23 21:10 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskrems13
2015-11-21 00:23 - 2015-11-21 00:23 - 00000104 _____ C:\Documents and Settings\Sam\Desktop\Shortnut to Die Computer.lnk
2015-11-16 08:51 - 2015-11-26 17:44 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 08:50 - 2015-11-16 08:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-16 08:50 - 2015-11-16 08:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 08:50 - 2015-11-16 08:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-11-16 08:50 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-16 08:50 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-14 16:06 - 2015-11-14 16:10 - 00000000 ____D C:\AdwCleaner
2015-11-10 17:58 - 2015-11-26 19:57 - 00000000 ____D C:\FRST
2015-11-08 20:04 - 2015-11-08 20:04 - 00000000 ____D C:\Documents and Settings\Sam\My Documents\ProcAlyzer Dumps
2015-11-08 18:21 - 2004-08-04 23:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151108-182135.backup
2015-11-08 17:35 - 2015-11-26 17:43 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-11-08 17:35 - 2015-11-08 17:35 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-11-08 17:35 - 2015-11-08 17:35 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-11-08 17:34 - 2015-11-08 20:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-11-08 17:34 - 2015-11-08 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-11-08 17:34 - 2015-11-08 17:34 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-11-08 17:34 - 2015-11-08 17:34 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-11-08 17:34 - 2015-11-08 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-11-08 17:34 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-11-07 21:50 - 2015-11-08 11:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-05 23:09 - 2015-11-05 23:29 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-11-05 23:08 - 2015-11-05 23:08 - 00000000 ____D C:\WINDOWS\CSC
2015-11-02 21:57 - 2015-11-26 17:47 - 00000000 ____D C:\Program Files\dumps
2015-11-02 21:52 - 2015-11-26 17:47 - 00000000 ____D C:\Program Files\Steam
2015-11-02 21:52 - 2015-11-02 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Steam
2015-11-02 21:52 - 2015-11-02 21:52 - 00000258 _____ C:\Documents and Settings\Sam\My Documents\installscript_log.txt
2015-11-02 21:52 - 2015-11-02 21:52 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-11-02 21:40 - 2015-11-21 02:00 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\shambalas
2015-11-02 19:01 - 2015-11-02 19:01 - 00000000 ___HD C:\WINDOWS\PIF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 18:33 - 2013-09-12 23:52 - 00419590 _____ C:\WINDOWS\ntbtlog.txt
2015-11-26 19:42 - 2013-01-01 07:03 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-26 19:38 - 2013-01-25 21:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-26 19:29 - 2012-12-31 05:13 - 00000000 ___HD C:\Documents and Settings\Default User
2015-11-26 19:29 - 2012-12-30 18:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-26 19:29 - 2012-12-30 18:29 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-11-26 19:24 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS
2015-11-26 19:24 - 2004-08-04 23:00 - 00000243 _____ C:\WINDOWS\system.ini
2015-11-26 19:23 - 2012-12-30 18:42 - 00000000 ____D C:\Documents and Settings\Sam
2015-11-26 19:10 - 2012-12-31 05:12 - 00000365 __RSH C:\boot.ini
2015-11-26 19:05 - 2012-12-30 18:41 - 00032650 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-26 19:04 - 2013-01-24 02:00 - 00000049 _____ C:\WINDOWS\NeroDigital.ini
2015-11-26 19:04 - 2012-12-30 18:42 - 00000000 ___RD C:\Documents and Settings\Sam\My Documents
2015-11-26 17:43 - 2013-08-28 00:33 - 00002016 _____ C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2015-11-26 17:43 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS\system32\ias
2015-11-26 17:42 - 2013-01-01 07:03 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-25 22:11 - 2012-12-30 18:42 - 00000178 ___SH C:\Documents and Settings\Sam\ntuser.ini
2015-11-25 18:42 - 2004-08-04 23:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-22 00:29 - 2013-08-30 18:19 - 00000000 ____D C:\02
2015-11-21 15:01 - 2013-01-01 07:06 - 00040960 _____ C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-21 00:29 - 2015-09-07 10:13 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskremsmaster2
2015-11-21 00:29 - 2015-06-29 01:42 - 00000798 _____ C:\Documents and Settings\Sam\Desktop\Start Whore Browser.lnk
2015-11-21 00:24 - 2015-09-07 10:10 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\dskremsmaster
2015-11-18 16:35 - 2013-09-05 02:10 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\Application Data\Adobe
2015-11-17 19:36 - 2013-09-18 15:38 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\alwri913
2015-11-16 18:13 - 2013-05-09 00:42 - 00000000 ____D C:\WINDOWS\STK02N
2015-11-14 16:18 - 2013-01-28 16:35 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\uTorrent
2015-11-08 20:52 - 2012-12-30 18:41 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-11-08 17:21 - 2013-01-27 14:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-05 23:50 - 2013-01-01 07:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-03 16:47 - 2013-01-01 06:50 - 00000000 ____D C:\Program Files\FastStone Image Viewer
2015-11-03 16:20 - 2014-12-30 13:38 - 00000327 _____ C:\WINDOWS\Hornby.INI
2015-11-03 16:20 - 2012-12-31 05:07 - 00000000 ____D C:\WINDOWS\Help
2015-11-03 10:06 - 2013-08-13 18:06 - 00000000 ____D C:\Documents and Settings\Sam\.VirtualBox
2015-11-02 18:29 - 2013-09-25 16:31 - 00000000 ____D C:\Documents and Settings\Sam\Desktop\MANTSCRIPT
2015-11-01 22:48 - 2013-10-11 12:23 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\Audacity
2015-11-01 10:16 - 2013-01-29 16:59 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\vlc
2015-10-28 02:30 - 2015-03-28 23:45 - 00069436 _____ C:\Documents and Settings\Sam\Desktop\ghostkitten3mar2015.odt

==================== Files in the root of some directories =======

2013-01-01 07:06 - 2015-11-21 15:01 - 0040960 _____ () C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-09 17:28 - 2013-12-09 17:28 - 0000725 _____ () C:\Documents and Settings\Sam\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-11-2015 02
Ran by Sam (2015-11-26 19:58:14)
Running from C:\Documents and Settings\Sam\Desktop\security
Microsoft Windows XP Professional Service Pack 2 (X86) (2012-12-30 07:28:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515967899-1390067357-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-515967899-1390067357-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-515967899-1390067357-1801674531-1000 - Limited - Disabled)
Sam (S-1-5-21-515967899-1390067357-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Sam
SUPPORT_388945a0 (S-1-5-21-515967899-1390067357-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

<šÈ²58¿OBþ_iø(¼ª*yo<ö©z´8k!*ŸqÙlø1JÅÓJÍvá‚•Lç
²>ÂbMáãëqe”àIgÚ$ÝÂÁÞºOL¤úó‰¯Fû&Œ¯+"—7È ™Oç,·+¼oæçŽÅ+U‚FSTõì4Ftµ$+Æ>)Ä7Æ6ÏÌBxAW–ŸM¨ Œsœì‘áF?Ý­Þ¼Ùj´ÊÏ÷Z:$¼`ÿX‡'—õàN5Sþš€÷€êa½z1sÈ¿ p#&hýÊ×€CÍ߆"(7)Áµ~„èªû§ P#ÉæP2ÞdTXeÚòUA§É‹búmeÖ<Q·kZ“=X=ÑJ\Â)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
4ñÑ“vÃk4oDõ®¼Î‘[õYlYÚióÎ$ëÙv'bpÑëÑé°.¢ÔKY]l    [‡
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Angry Birds Star Wars (HKLM\...\{408ADFFE-B2D1-451E-A2CB-6213B90D58EA}) (Version: 1.0.0 - Rovio)
Army Men - Sarge's Heroes (HKLM\...\Army Men - Sarge's Heroes) (Version:  - )
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bejeweled 3 (HKLM\...\Bejeweled 3) (Version:  - PopCap Games)
Bitcoin (HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Bitcoin) (Version: 0.6.3 - Bitcoin project)
Bitcoin Armory (HKLM\...\Bitcoin Armory) (Version: 0.92.1.0 - Armory Technologies Inc.)
Bitcoin Core (32-bit) (HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Bitcoin Core (32-bit)) (Version: 0.9.2 - Bitcoin Core project)
Cryptostorm Client (HKLM\...\{35A52EE3-6D23-4AA6-B881-3F10658D626C}_is1) (Version: 2.22 - Cryptostorm)
Darkcoin (HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\Darkcoin) (Version: 0.9.12.27 - Darkcoin Project)
Dev-C++ (HKLM\...\Dev-C++) (Version: 5.10 - Bloodshed Software)
Dodo Mobile Broadband (HKLM\...\Dodo Mobile Broadband ALCATEL_is1) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
F^
FastStone Image Viewer 2.22 (HKLM\...\FastStone Image Viewer) (Version: 2.22 - FastStone Soft.)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FLAC 1.2.1b (remove only) (HKLM\...\FLAC) (Version: 1.2.1b - Xiph.org)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Gpg4win (2.1.0) (HKLM\...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project)
Hornby Virtual Railway (HKLM\...\Hornby Virtual Railway) (Version:  - )
HP Photosmart All-In-One Driver Software 9.0.A Corporate Edition (HKLM\...\{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}) (Version: 9.0 - HP)
IGI 2 Demo (HKLM\...\IGI 2 Demo) (Version:  - )
Image for Windows 1.70a (HKLM\...\Image for Windows_is1) (Version:  - TeraByte Unlimited)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
K-Lite Mega Codec Pack 6.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.1.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Player Utilities 5.22 (HKLM\...\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}) (Version: 5.22 -  )
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NeroVision Express 2 (HKLM\...\NeroVision!UninstallKey) (Version:  - )
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.16 (HKLM\...\{3B2A7E23-AC7E-46BB-B725-65C555F8FFC5}) (Version: 4.2.16 - Oracle Corporation)
Peggle (HKLM\...\Peggle) (Version:  - PopCap Games)
pocketwifi (HKLM\...\pocketwifi) (Version: TOOL-ConnLaucher_WIN1.01.01.737 - Huawei Technologies Co.,Ltd)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
ps_aio_corporate (Version: 90.0.222.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Ruby Fortune Casino (HKLM\...\rubyfortune) (Version: 14.1.0.3056 - ©¢{¿é•?߃}c8¨SB(ãåWv†É1èÉÑ|'lEÚ˜·Ô%HnYU>ìÁ£R¥­9.lûŠ†=RKUÊë´WŽ=¨b7F5¤Œ;Q¢\|êÑà:A¸¾Ó+Yc_â"¼¯¼¶L/ƒ‹ðIt­5)äï@
Savant Web Server (HKLM\...\Savant Web Server) (Version:  - )
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Shockwave 7.0.3 Player (HKLM\...\Shockwave 7.0.3 Player) (Version:  - )
SimCity Classic® CD Collection (HKLM\...\SimCityClassicCDv1) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
ŠôéžPcSKýË=n–×µã#Ú’Þl•CòéM²/U»Gø’¿q.,õI±Gº\Ùªè)CTFA©®Z_xìL­4O£5BÚíò#‹+;…»þfmâZ™œ(;Ñ?Íjø¡Šs…w.¶Kƒ­ ÄáýTy_¨ÊÝå„9!Îï`˜<ɺ
Sony PC Companion 2.10.181 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.181 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STK02N 2.4.1 (HKLM\...\{3F424493-B0F2-43A4-A892-DFA447B2A59D}) (Version: 2.4.1 - Syntek)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
Superscape 3D Control (HKLM\...\Superscape 3D Control) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TP-LINK Client Installation Program (HKLM\...\{1E58B969-9BB4-4012-8D8B-D06005D1CD24}) (Version:  - TP-LINK)
TP-LINK Client Installation Program (Version: 7.0 - TP-LINK) Hidden
Triazzle (HKLM\...\Triazzle) (Version:  - )
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unreal Tournament G.O.T.Y. Edition (HKLM\...\UnrealTournament) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (HKLM\...\{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.16284 - Vodafone)
Vodafone Wi-Fi Installer (HKLM\...\{046DE6F8-7B41-465A-B127-848D88AB1AB8}) (Version: 1.0.0.38942 - Vodafone)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinHTTrack Website Copier 3.46-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Zuma (HKLM\...\Zuma) (Version:  - PopCap Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-515967899-1390067357-1801674531-1003_Classes\CLSID\{E6D6B700-124D-11D4-86F3-DB80AFD98778}\InprocServer32 -> C:\Program Files\Media Player Utilities 5.22\AVIConverter\tools\AviSynth.dll (The Public)

==================== Restore Points =========================

14-11-2015 18:03:24 System Checkpoint
18-11-2015 19:03:05 System Checkpoint
20-11-2015 23:52:07 System Checkpoint
23-11-2015 16:52:34 System Checkpoint
24-11-2015 18:35:44 System Checkpoint
26-11-2015 19:05:14 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 23:00 - 2015-11-26 19:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-08 17:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-11-08 17:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-11-08 17:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-11-08 17:34 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-11-08 17:34 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-515967899-1390067357-1801674531-1003\...\123simsen.com -> www.123simsen.com

There are 7863 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515967899-1390067357-1801674531-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.43.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Bitcoin\bitcoin-qt.exe] => Disabled:bitcoin-qt
StandardProfile\AuthorizedApplications: [C:\Program Files\Darkcoin\darkcoin-qt.exe] => Disabled:darkcoin-Qt (OSS GUI client for darkcoin)
StandardProfile\AuthorizedApplications: [C:\Program Files\Armory\ArmoryQt.exe] => Enabled:ArmoryQt
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: Android
Description: Android
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2015 01:40:37 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/20/2015 09:01:45 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/19/2015 02:36:03 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/19/2015 00:22:22 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/18/2015 02:25:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application DVD Shrink 3.2.exe, version 3.2.0.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/18/2015 00:43:29 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/17/2015 05:34:22 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/17/2015 01:45:26 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/17/2015 01:20:29 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/16/2015 03:41:00 AM) (Source: VMCService) (EventID: 0) (User: )
Description: GetProcessOwner


System errors:
=============
Error: (02/09/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TP-LINK Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/09/2015 09:48:20 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 120 minutes.
NtpClient has no source of accurate time.

Error: (02/09/2015 09:48:20 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/09/2015 08:48:20 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 60 minutes.
NtpClient has no source of accurate time.

Error: (02/09/2015 08:48:20 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/09/2015 08:18:20 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (02/09/2015 08:18:20 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/09/2015 08:03:20 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (02/09/2015 08:03:20 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/09/2015 02:09:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TP-LINK Configuration Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 70%
Total physical RAM: 1006.73 MB
Available physical RAM: 298.94 MB
Total Virtual: 2425.87 MB
Available Virtual: 1849.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:227.17 GB) (Free:88.72 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:7.45 GB) (Free:0.1 GB) FAT32
Drive j: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1711.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 14651464)
Partition 1: (Active) - (Size=227.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5.7 GB) - (Type=05)

========================================================
Disk: 4 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 5 (Size: 1863 GB) (Disk ID: 20864F71)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users