Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Running Slow Virus Uninstalled Poorly [Solved]


  • This topic is locked This topic is locked

#16
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Yes, I uninstalled AVG before I ran FRST. I can do a quick restart and run again
  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Please do. :thumbsup:
  • 0

#18
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Good call! I restarted and it is still in fact installed. Even though, I promise I went to add/remove programs and uninstalled it from there. Attempt #2? Or maybe download a propiteray AVG Uninstaller? Also upon restart, I noticed dameware came up on the bottom taskbar. Then an error dialouge box came up and it stated: "The MRC Tray Icon was unable to communicate with the MRC Client Agent. The Client Agent Service may not be running? MRC Tray Icon process will now exit." I took a screen shot and saved it just in case you want to see that.

Also, thanks again for all your help. I really appreciate it!
  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I noticed dameware came up on the bottom taskbar.


Yes, that one might not be so easily removed. Try again once we have the security programs sorted. If it still won't go then we will attend to it.

The MRC Tray Icon was unable to communicate with the MRC Client Agent.


Probably conflict going on with AVG. See how it is once AVG is gone and if need be, reinstall it. In any event if it was installed over AVG it will likely be corrupted.

Or maybe download a propiteray AVG Uninstaller?


Download and run the AVG removal tool appropriate for your machine.

http://www.avg.com/ca-en/utilities

Reboot you computer.

If that doesn't work try this:

Download AppRemover and run it.

Click Next >>
Posted Image

Ensure Remove Security Application is collected and click Next >>
Posted Image

AppRemover will scan all the security applications on your PC
Posted Image

Select Any <<AVG>> entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot, please do so.
[color=#FF0000][b]
  • 0

#20
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I should also mention when I selected to remove AVG I chose, Remove User settings and Virus Vault. Maybe that caused my dilemma?
  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I should also mention when I selected to remove AVG I chose, Remove User settings and Virus Vault. Maybe that caused my dilemma?


Don't see why it should.
  • 0

#22
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I cannot find the Damewear listed in the add/remove section. Nor can I find it under the startmenu programs area. I'm not sure what gives?
  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I cannot find the Damewear listed in the add/remove section. Nor can I find it under the startmenu programs area. I'm not sure what gives?


If it is a hacker then he may not want it removed so easily but let's have another look once we have the AVs sorted. :)
  • 0

#24
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I used the AVG Removal tool. I think it got rid of it. Here is another FRST log.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Associate (administrator) on ASSOCIATE on 19-11-2013 14:23:18
Running from C:\Documents and Settings\Associate\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter2\brctrcen.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(DameWare Development) C:\WINDOWS\system32\DWRCST.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe
(Gemalto N.V.) C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-07-30] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [219648 2006-01-03] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] - C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [995328 2005-11-11] (Brother Industries, Ltd.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [DameWare MRC Agent] - C:\WINDOWS\system32\DWRCST.exe [78848 2008-03-24] (DameWare Development)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SanDisk_Button_Manager.exe] - C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe [29078632 2013-04-04] (Gemalto N.V.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-11] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/...007&form=ZGAIDF
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264309798530
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\Associate\Application Data\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\baspxp32.sys [51584 2004-02-04] (Broadcom Corporation)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-17] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-17] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-03] (LSI Logic)
S3 catchme; \??\C:\DOCUME~1\ASSOCI~1\LOCALS~1\Temp\catchme.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 14:21 - 2013-11-19 14:21 - 00068840 _____ C:\Documents and Settings\Associate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-19 14:18 - 2013-11-19 14:21 - 00730980 _____ C:\Documents and Settings\Associate\Desktop\avgremover.log
2013-11-19 14:02 - 2013-11-19 14:02 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Associate\Desktop\avg_remover_stf_x86_2014_4116.exe
2013-11-19 13:42 - 2013-11-19 14:23 - 00012245 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-19 13:38 - 2013-11-19 13:38 - 01936571 _____ C:\Documents and Settings\Associate\Desktop\AVGInstLog.cab
2013-11-19 13:36 - 2013-11-19 13:36 - 03932214 _____ C:\Documents and Settings\Associate\Desktop\machine_id_creator_error.bmp
2013-11-19 13:35 - 2013-11-19 14:12 - 00014028 _____ C:\WINDOWS\setupapi.log
2013-11-19 13:22 - 2013-11-19 13:22 - 00015329 _____ C:\ComboFix.txt
2013-11-19 13:14 - 2013-11-19 13:14 - 00000000 _RSHD C:\cmdcons
2013-11-19 13:14 - 2013-09-30 13:25 - 00000211 _____ C:\Boot.bak
2013-11-19 13:14 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-19 13:12 - 2013-11-19 13:22 - 00000000 ____D C:\Qoobox
2013-11-19 13:11 - 2013-11-19 13:11 - 05146522 ____R (Swearware) C:\Documents and Settings\Associate\Desktop\ComboFix.exe
2013-11-19 13:01 - 2013-11-19 13:01 - 00000150 _____ C:\Documents and Settings\Associate\Desktop\combofix_error.URL
2013-11-19 10:51 - 2013-11-19 10:51 - 00000467 _____ C:\Documents and Settings\Associate\My Documents\eset.txt
2013-11-19 03:11 - 2013-11-19 14:03 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-19 01:13 - 2013-11-19 01:13 - 00000000 ____D C:\Program Files\ESET
2013-11-18 23:16 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:52 - 2013-11-13 16:53 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:51 - 2013-11-13 16:53 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:51 - 2013-11-13 16:52 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 10:21 - 2013-11-13 16:52 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 13:24 - 2011-06-25 22:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-29 13:24 - 2010-11-07 09:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-29 13:24 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-29 13:00 - 2013-11-19 13:21 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-29 11:06 - 2013-10-29 11:08 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:52 - 2013-10-29 15:10 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8

==================== One Month Modified Files and Folders =======

2013-11-19 14:23 - 2013-11-19 13:42 - 00012245 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-19 14:22 - 2004-08-09 13:00 - 01525262 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-19 14:21 - 2013-11-19 14:21 - 00068840 _____ C:\Documents and Settings\Associate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-19 14:21 - 2013-11-19 14:18 - 00730980 _____ C:\Documents and Settings\Associate\Desktop\avgremover.log
2013-11-19 14:21 - 2011-11-09 16:20 - 00000000 ____D C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai
2013-11-19 14:21 - 2011-08-25 14:36 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-19 14:21 - 2011-04-11 08:48 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 14:21 - 2009-07-24 09:14 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-19 14:21 - 2009-07-24 09:14 - 00000257 _____ C:\WINDOWS\wiadebug.log
2013-11-19 14:21 - 2009-07-24 09:14 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-19 14:21 - 2004-08-10 10:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-19 14:20 - 2010-01-23 21:20 - 00000278 ___SH C:\Documents and Settings\Associate\ntuser.ini
2013-11-19 14:20 - 2009-07-24 09:09 - 00032652 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-19 14:12 - 2013-11-19 13:35 - 00014028 _____ C:\WINDOWS\setupapi.log
2013-11-19 14:10 - 2011-04-11 08:48 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-19 14:03 - 2013-11-19 03:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-19 14:02 - 2013-11-19 14:02 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Associate\Desktop\avg_remover_stf_x86_2014_4116.exe
2013-11-19 13:38 - 2013-11-19 13:38 - 01936571 _____ C:\Documents and Settings\Associate\Desktop\AVGInstLog.cab
2013-11-19 13:36 - 2013-11-19 13:36 - 03932214 _____ C:\Documents and Settings\Associate\Desktop\machine_id_creator_error.bmp
2013-11-19 13:34 - 2012-07-09 08:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-19 13:22 - 2013-11-19 13:22 - 00015329 _____ C:\ComboFix.txt
2013-11-19 13:22 - 2013-11-19 13:12 - 00000000 ____D C:\Qoobox
2013-11-19 13:22 - 2009-07-24 09:30 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-19 13:21 - 2013-10-29 13:00 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-19 13:20 - 2009-07-24 09:11 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-19 13:14 - 2013-11-19 13:14 - 00000000 _RSHD C:\cmdcons
2013-11-19 13:14 - 2009-07-24 09:14 - 00000327 __RSH C:\boot.ini
2013-11-19 13:11 - 2013-11-19 13:11 - 05146522 ____R (Swearware) C:\Documents and Settings\Associate\Desktop\ComboFix.exe
2013-11-19 13:02 - 2013-07-03 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 13:01 - 2013-11-19 13:01 - 00000150 _____ C:\Documents and Settings\Associate\Desktop\combofix_error.URL
2013-11-19 10:51 - 2013-11-19 10:51 - 00000467 _____ C:\Documents and Settings\Associate\My Documents\eset.txt
2013-11-19 03:01 - 2012-04-25 08:32 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-11-19 03:01 - 2011-05-18 23:11 - 00001945 ____C C:\WINDOWS\epplauncher.mif
2013-11-19 03:00 - 2011-05-18 23:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 02:21 - 2011-05-18 23:17 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-19 01:13 - 2013-11-19 01:13 - 00000000 ____D C:\Program Files\ESET
2013-11-18 23:16 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-18 12:21 - 2010-01-23 21:13 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-18 09:52 - 2013-04-04 15:50 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\SanDisk
2013-11-15 09:10 - 2004-08-09 12:44 - 00569878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:53 - 2013-11-13 16:52 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:53 - 2013-11-13 16:51 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:52 - 2013-11-13 16:51 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 16:52 - 2013-11-13 10:21 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-11-13 16:51 - 2010-01-24 13:53 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-13 16:50 - 2013-08-14 16:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 16:47 - 2010-01-24 13:50 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 16:46 - 2010-01-23 21:20 - 00000000 ____D C:\Documents and Settings\Associate
2013-10-29 15:10 - 2013-10-29 10:52 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 12:35 - 2013-07-16 10:38 - 00000000 ____D C:\Program Files\CCleaner
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:43 - 2010-01-24 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:09 - 2004-08-09 12:40 - 00267800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-29 11:08 - 2013-10-29 11:06 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2013-10-29 10:08 - 2010-01-24 12:53 - 00000426 ____C C:\WINDOWS\BRWMARK.INI
2013-10-29 09:52 - 2010-11-30 13:59 - 00002531 _____ C:\Documents and Settings\All Users\Desktop\DraftSight.lnk
2013-10-29 09:42 - 2010-02-22 09:54 - 00000000 ____D C:\Documents and Settings\Associate\Local Settings\Application Data\Google

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Edited by dtekka, 19 November 2013 - 04:26 PM.

  • 0

#25
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I forgot to restart after the removal of AVG. I just ran another FRST scan. I'm not sure if the logs differ after a restart? I'll post it anyways just in case.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Associate (administrator) on ASSOCIATE on 19-11-2013 14:30:41
Running from C:\Documents and Settings\Associate\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter2\brctrcen.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe
(Gemalto N.V.) C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-07-30] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [219648 2006-01-03] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] - C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [995328 2005-11-11] (Brother Industries, Ltd.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [DameWare MRC Agent] - C:\WINDOWS\system32\DWRCST.exe [78848 2008-03-24] (DameWare Development)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SanDisk_Button_Manager.exe] - C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe [29078632 2013-04-04] (Gemalto N.V.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-11] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/...007&form=ZGAIDF
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264309798530
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\Associate\Application Data\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\baspxp32.sys [51584 2004-02-04] (Broadcom Corporation)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-17] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-17] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-03] (LSI Logic)
S3 catchme; \??\C:\DOCUME~1\ASSOCI~1\LOCALS~1\Temp\catchme.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 14:30 - 2013-11-19 14:30 - 00012190 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-19 14:21 - 2013-11-19 14:21 - 00068840 _____ C:\Documents and Settings\Associate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-19 14:18 - 2013-11-19 14:21 - 00730980 _____ C:\Documents and Settings\Associate\Desktop\avgremover.log
2013-11-19 14:02 - 2013-11-19 14:02 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Associate\Desktop\avg_remover_stf_x86_2014_4116.exe
2013-11-19 13:42 - 2013-11-19 14:30 - 00026974 _____ C:\Documents and Settings\Associate\Desktop\FRST1.1.txt
2013-11-19 13:38 - 2013-11-19 13:38 - 01936571 _____ C:\Documents and Settings\Associate\Desktop\AVGInstLog.cab
2013-11-19 13:36 - 2013-11-19 13:36 - 03932214 _____ C:\Documents and Settings\Associate\Desktop\machine_id_creator_error.bmp
2013-11-19 13:35 - 2013-11-19 14:12 - 00014028 _____ C:\WINDOWS\setupapi.log
2013-11-19 13:22 - 2013-11-19 13:22 - 00015329 _____ C:\ComboFix.txt
2013-11-19 13:14 - 2013-11-19 13:14 - 00000000 _RSHD C:\cmdcons
2013-11-19 13:14 - 2013-09-30 13:25 - 00000211 _____ C:\Boot.bak
2013-11-19 13:14 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-19 13:12 - 2013-11-19 13:22 - 00000000 ____D C:\Qoobox
2013-11-19 13:11 - 2013-11-19 13:11 - 05146522 ____R (Swearware) C:\Documents and Settings\Associate\Desktop\ComboFix.exe
2013-11-19 13:01 - 2013-11-19 13:01 - 00000150 _____ C:\Documents and Settings\Associate\Desktop\combofix_error.URL
2013-11-19 10:51 - 2013-11-19 10:51 - 00000467 _____ C:\Documents and Settings\Associate\My Documents\eset.txt
2013-11-19 03:11 - 2013-11-19 14:03 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-19 01:13 - 2013-11-19 01:13 - 00000000 ____D C:\Program Files\ESET
2013-11-18 23:16 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:52 - 2013-11-13 16:53 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:51 - 2013-11-13 16:53 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:51 - 2013-11-13 16:52 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 10:21 - 2013-11-13 16:52 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 13:24 - 2011-06-25 22:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-29 13:24 - 2010-11-07 09:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-29 13:24 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-29 13:00 - 2013-11-19 13:21 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-29 11:06 - 2013-10-29 11:08 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:52 - 2013-10-29 15:10 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8

==================== One Month Modified Files and Folders =======

2013-11-19 14:30 - 2013-11-19 14:30 - 00012190 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-19 14:30 - 2013-11-19 13:42 - 00026974 _____ C:\Documents and Settings\Associate\Desktop\FRST1.1.txt
2013-11-19 14:29 - 2004-08-09 13:00 - 01529724 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-19 14:28 - 2011-08-25 14:36 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-19 14:28 - 2011-04-11 08:48 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 14:28 - 2009-07-24 09:14 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-19 14:28 - 2009-07-24 09:14 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-11-19 14:28 - 2009-07-24 09:14 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-19 14:28 - 2004-08-10 10:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-19 14:27 - 2010-01-23 21:20 - 00000278 ___SH C:\Documents and Settings\Associate\ntuser.ini
2013-11-19 14:27 - 2009-07-24 09:09 - 00032652 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-19 14:21 - 2013-11-19 14:21 - 00068840 _____ C:\Documents and Settings\Associate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-19 14:21 - 2013-11-19 14:18 - 00730980 _____ C:\Documents and Settings\Associate\Desktop\avgremover.log
2013-11-19 14:21 - 2011-11-09 16:20 - 00000000 ____D C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai
2013-11-19 14:12 - 2013-11-19 13:35 - 00014028 _____ C:\WINDOWS\setupapi.log
2013-11-19 14:10 - 2011-04-11 08:48 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-19 14:03 - 2013-11-19 03:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-19 14:02 - 2013-11-19 14:02 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Associate\Desktop\avg_remover_stf_x86_2014_4116.exe
2013-11-19 13:38 - 2013-11-19 13:38 - 01936571 _____ C:\Documents and Settings\Associate\Desktop\AVGInstLog.cab
2013-11-19 13:36 - 2013-11-19 13:36 - 03932214 _____ C:\Documents and Settings\Associate\Desktop\machine_id_creator_error.bmp
2013-11-19 13:34 - 2012-07-09 08:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-19 13:22 - 2013-11-19 13:22 - 00015329 _____ C:\ComboFix.txt
2013-11-19 13:22 - 2013-11-19 13:12 - 00000000 ____D C:\Qoobox
2013-11-19 13:22 - 2009-07-24 09:30 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-19 13:21 - 2013-10-29 13:00 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-19 13:20 - 2009-07-24 09:11 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-19 13:14 - 2013-11-19 13:14 - 00000000 _RSHD C:\cmdcons
2013-11-19 13:14 - 2009-07-24 09:14 - 00000327 __RSH C:\boot.ini
2013-11-19 13:11 - 2013-11-19 13:11 - 05146522 ____R (Swearware) C:\Documents and Settings\Associate\Desktop\ComboFix.exe
2013-11-19 13:02 - 2013-07-03 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 13:01 - 2013-11-19 13:01 - 00000150 _____ C:\Documents and Settings\Associate\Desktop\combofix_error.URL
2013-11-19 10:51 - 2013-11-19 10:51 - 00000467 _____ C:\Documents and Settings\Associate\My Documents\eset.txt
2013-11-19 03:01 - 2012-04-25 08:32 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-11-19 03:01 - 2011-05-18 23:11 - 00001945 ____C C:\WINDOWS\epplauncher.mif
2013-11-19 03:00 - 2011-05-18 23:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 02:21 - 2011-05-18 23:17 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-19 01:13 - 2013-11-19 01:13 - 00000000 ____D C:\Program Files\ESET
2013-11-18 23:16 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-18 12:21 - 2010-01-23 21:13 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-18 09:52 - 2013-04-04 15:50 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\SanDisk
2013-11-15 09:10 - 2004-08-09 12:44 - 00569878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:53 - 2013-11-13 16:52 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:53 - 2013-11-13 16:51 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:52 - 2013-11-13 16:51 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 16:52 - 2013-11-13 10:21 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-11-13 16:51 - 2010-01-24 13:53 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-13 16:50 - 2013-08-14 16:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 16:47 - 2010-01-24 13:50 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 16:46 - 2010-01-23 21:20 - 00000000 ____D C:\Documents and Settings\Associate
2013-10-29 15:10 - 2013-10-29 10:52 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 12:35 - 2013-07-16 10:38 - 00000000 ____D C:\Program Files\CCleaner
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:43 - 2010-01-24 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:09 - 2004-08-09 12:40 - 00267800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-29 11:08 - 2013-10-29 11:06 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2013-10-29 10:08 - 2010-01-24 12:53 - 00000426 ____C C:\WINDOWS\BRWMARK.INI
2013-10-29 09:52 - 2010-11-30 13:59 - 00002531 _____ C:\Documents and Settings\All Users\Desktop\DraftSight.lnk
2013-10-29 09:42 - 2010-02-22 09:54 - 00000000 ____D C:\Documents and Settings\Associate\Local Settings\Application Data\Google

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Looks like we are making progress. :)

Now

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • 0

#27
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by Associate at 2013-11-19 14:46:58 Run:2
Running from C:\Documents and Settings\Associate\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [DameWare MRC Agent] - C:\WINDOWS\system32\DWRCST.exe [78848 2008-03-24] (DameWare Development)
C:\WINDOWS\system32\DWRCST.exe
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
C:\Windows\System32\DRIVERS\DamewareMini.sys
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
C:\Windows\System32\DRIVERS\dwvkbd.sys
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DameWare MRC Agent => Value deleted successfully.
C:\WINDOWS\system32\DWRCST.exe => Moved successfully.
DwMirror => Service deleted successfully.
C:\Windows\System32\DRIVERS\DamewareMini.sys => Moved successfully.
dwvkbd => Service deleted successfully.
C:\Windows\System32\DRIVERS\dwvkbd.sys => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====
  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Please ensure you have rebooted the machine and then run a FRST scan again and post back the results.

Also tell me how MSE is and if Dameware has gone.
  • 0

#29
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Machine has been rebooted. Seems like Dameware is gone, and MSE is running but the protection has been turned off. I noticed it has been turned off since I've been working on the computer.

Here are the results of the new scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Associate (administrator) on ASSOCIATE on 19-11-2013 14:53:01
Running from C:\Documents and Settings\Associate\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter2\brctrcen.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe
(Gemalto N.V.) C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-07-30] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [219648 2006-01-03] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] - C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [995328 2005-11-11] (Brother Industries, Ltd.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SanDisk_Button_Manager.exe] - C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe [29078632 2013-04-04] (Gemalto N.V.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-11] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/...007&form=ZGAIDF
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264309798530
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\Associate\Application Data\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\baspxp32.sys [51584 2004-02-04] (Broadcom Corporation)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-17] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-17] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-03] (LSI Logic)
S3 catchme; \??\C:\DOCUME~1\ASSOCI~1\LOCALS~1\Temp\catchme.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 14:53 - 2013-11-19 14:53 - 00011938 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-19 14:21 - 2013-11-19 14:21 - 00068840 _____ C:\Documents and Settings\Associate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-19 13:35 - 2013-11-19 14:12 - 00014028 _____ C:\WINDOWS\setupapi.log
2013-11-19 13:22 - 2013-11-19 13:22 - 00015329 _____ C:\ComboFix.txt
2013-11-19 13:14 - 2013-11-19 13:14 - 00000000 _RSHD C:\cmdcons
2013-11-19 13:14 - 2013-09-30 13:25 - 00000211 _____ C:\Boot.bak
2013-11-19 13:14 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-19 13:12 - 2013-11-19 13:22 - 00000000 ____D C:\Qoobox
2013-11-19 13:11 - 2013-11-19 13:11 - 05146522 ____R (Swearware) C:\Documents and Settings\Associate\Desktop\ComboFix.exe
2013-11-19 13:01 - 2013-11-19 13:01 - 00000150 _____ C:\Documents and Settings\Associate\Desktop\combofix_error.URL
2013-11-19 10:51 - 2013-11-19 10:51 - 00000467 _____ C:\Documents and Settings\Associate\My Documents\eset.txt
2013-11-19 03:11 - 2013-11-19 14:38 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-19 01:13 - 2013-11-19 01:13 - 00000000 ____D C:\Program Files\ESET
2013-11-18 23:16 - 2013-11-19 14:46 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:52 - 2013-11-13 16:53 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:51 - 2013-11-13 16:53 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:51 - 2013-11-13 16:52 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 10:21 - 2013-11-13 16:52 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 13:24 - 2011-06-25 22:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-29 13:24 - 2010-11-07 09:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-29 13:24 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-29 13:00 - 2013-11-19 13:21 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-29 11:06 - 2013-10-29 11:08 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:52 - 2013-10-29 15:10 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8

==================== One Month Modified Files and Folders =======

2013-11-19 14:53 - 2013-11-19 14:53 - 00011938 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-19 14:49 - 2011-04-11 08:48 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 14:49 - 2009-07-24 09:14 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-19 14:49 - 2009-07-24 09:14 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-11-19 14:49 - 2004-08-09 13:00 - 01533251 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-19 14:48 - 2011-08-25 14:36 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-19 14:48 - 2009-07-24 09:14 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-19 14:48 - 2004-08-10 10:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-19 14:47 - 2010-01-23 21:20 - 00000278 ___SH C:\Documents and Settings\Associate\ntuser.ini
2013-11-19 14:47 - 2009-07-24 09:09 - 00032652 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-19 14:46 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-19 14:38 - 2013-11-19 03:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-19 14:34 - 2012-07-09 08:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-19 14:21 - 2013-11-19 14:21 - 00068840 _____ C:\Documents and Settings\Associate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-19 14:21 - 2011-11-09 16:20 - 00000000 ____D C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai
2013-11-19 14:12 - 2013-11-19 13:35 - 00014028 _____ C:\WINDOWS\setupapi.log
2013-11-19 14:10 - 2011-04-11 08:48 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-19 13:22 - 2013-11-19 13:22 - 00015329 _____ C:\ComboFix.txt
2013-11-19 13:22 - 2013-11-19 13:12 - 00000000 ____D C:\Qoobox
2013-11-19 13:22 - 2009-07-24 09:30 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-19 13:21 - 2013-10-29 13:00 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-19 13:20 - 2009-07-24 09:11 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-19 13:14 - 2013-11-19 13:14 - 00000000 _RSHD C:\cmdcons
2013-11-19 13:14 - 2009-07-24 09:14 - 00000327 __RSH C:\boot.ini
2013-11-19 13:11 - 2013-11-19 13:11 - 05146522 ____R (Swearware) C:\Documents and Settings\Associate\Desktop\ComboFix.exe
2013-11-19 13:02 - 2013-07-03 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 13:01 - 2013-11-19 13:01 - 00000150 _____ C:\Documents and Settings\Associate\Desktop\combofix_error.URL
2013-11-19 10:51 - 2013-11-19 10:51 - 00000467 _____ C:\Documents and Settings\Associate\My Documents\eset.txt
2013-11-19 03:01 - 2012-04-25 08:32 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-11-19 03:01 - 2011-05-18 23:11 - 00001945 ____C C:\WINDOWS\epplauncher.mif
2013-11-19 03:00 - 2011-05-18 23:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 02:21 - 2011-05-18 23:17 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-19 01:13 - 2013-11-19 01:13 - 00000000 ____D C:\Program Files\ESET
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-18 12:21 - 2010-01-23 21:13 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-18 09:52 - 2013-04-04 15:50 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\SanDisk
2013-11-15 09:10 - 2004-08-09 12:44 - 00569878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:53 - 2013-11-13 16:52 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:53 - 2013-11-13 16:51 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:52 - 2013-11-13 16:51 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 16:52 - 2013-11-13 10:21 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-11-13 16:51 - 2010-01-24 13:53 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-13 16:50 - 2013-08-14 16:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 16:47 - 2010-01-24 13:50 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 16:46 - 2010-01-23 21:20 - 00000000 ____D C:\Documents and Settings\Associate
2013-10-29 15:10 - 2013-10-29 10:52 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 12:35 - 2013-07-16 10:38 - 00000000 ____D C:\Program Files\CCleaner
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:43 - 2010-01-24 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:09 - 2004-08-09 12:40 - 00267800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-29 11:08 - 2013-10-29 11:06 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2013-10-29 10:08 - 2010-01-24 12:53 - 00000426 ____C C:\WINDOWS\BRWMARK.INI
2013-10-29 09:52 - 2010-11-30 13:59 - 00002531 _____ C:\Documents and Settings\All Users\Desktop\DraftSight.lnk
2013-10-29 09:42 - 2010-02-22 09:54 - 00000000 ____D C:\Documents and Settings\Associate\Local Settings\Application Data\Google

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hmm... we didn't get rid of that bad FF plugin.

Let's try again.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Click on the MSE icon and open
  • Go to the Settings tab
  • Click on Real-time protection
  • Check the box Turn on real-time protection...
  • Press the Save changes button - bottom right
Reboot the machine.
Come back and tell me if it is running now.

Also please carry out another scan with FRST and post the results back here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP