Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BLUE SCREEN, (Solved)

Started by Lexy610 , Jan 14 2014 02:31 AM

  • Please log in to reply

#541
Lexy610
Posted 24 June 2014 - 11:44 PM

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

Hello .. I just realized that I posted an updated Friday and now that I am on the desktop I don't see it ...

 

Have no idea as to why it isn't here but .. I posted that I just returned from vacation and will be picking up from post #536 by Thursday .. have a lot to catch up work wise and Thursday is my day off ...

 

My apologies


  • 0

Advertisements

#542
iammykyl
Posted 25 June 2014 - 12:00 AM

iammykyl

    Tech Staff

  • Technician
  • 7,659 posts

There has been some server maintenance, so that could be the reason, will look out for your next post.


  • 0

#543
Lexy610
Posted 28 June 2014 - 03:09 PM

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

Think I have a virus .. well my avast said it was malware :( .. I just cant catch a break with this computer .. :(

 

I got a warning from AVAST cant recall the name .. but i clicked on delete and got a pop up window saying that I needed to reboot and do a full scan on boot up so I did. I then got this ::

 

IMAG1613.jpg

 

I then clicked on #2 (fix all automatically) ... Once it was all done it booted up and all was well for about ten minutes and i got this ....

 

IMAG1614.jpg

 

I clicked on "delete now" but then it wanted me to do another full scan on reboot .. but i clicked on "NO" so I can update you here...


Edited by Lexy610, 28 June 2014 - 03:10 PM.

  • 0

#544
iammykyl
Posted 29 June 2014 - 01:11 AM

iammykyl

    Tech Staff

  • Technician
  • 7,659 posts

Gday Lexy.

This Forum is not permitted to deal with infections so will look to moving you to the Malware Forum.

I will get back ASAP.   


  • 0

#545
iammykyl
Posted 29 June 2014 - 03:32 AM

iammykyl

    Tech Staff

  • Technician
  • 7,659 posts

Gday Lexy.

Please go to the last link

Start at step 2, then step 3 to start a new topic.

In the topic box type,   Suspected Rootkit infection. 

Then, copy the text and paste into the reply window.

===========================

Hi.

iammykyl has instructed me to start a new topic.   please see reply 543 @ http://www.geekstogo...-screen/page-37

 

Thanks.

===============================

Please complete the rest of the instruction. When you have been given a clean bill of health, you can come back here to carry on sorting the Pesky sound issue. 

 

This is the link to Malware, > http://www.geekstogo...cleaning-guide/


  • 0

#546
rshaffer61
Posted 29 June 2014 - 06:44 AM

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Actually this topic is in the malware forum already and can be dealt with where it is.
  • 0

#547
Lexy610
Posted 29 June 2014 - 12:25 PM

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

I am a bit confused .... so this is now in the malware page? If so what do I do next?


  • 0

#548
Machiavelli
Posted 29 June 2014 - 01:39 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Hello again,
 
Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#549
Lexy610
Posted 29 June 2014 - 02:01 PM

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

Only one text file opened which was the FRST.txt one .. never got addition.txt ....


  • 0

#550
Lexy610
Posted 29 June 2014 - 02:01 PM

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by User (administrator) on LEXY on 29-06-2014 15:56:47
Running from C:\Documents and Settings\User\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Conexant Systems, Inc.) C:\WINDOWS\system32\PRISMSVR.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Conexant Systems, Inc.) C:\WINDOWS\system32\PRISMSVC.exe
() C:\WINDOWS\system32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\PRISMAPI.DLL: C:\WINDOWS\system32\PRISMAPI.DLL (Conexant Systems, Inc.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-606747145-117609710-839522115-1003\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-606747145-117609710-839522115-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\User\Local Settings\Apps\2.0\GLODYH45.LZJ\9PTZC5LD.W03\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-16] (Dell)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab
DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinn...mines/mines.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecu...s/as2stubie.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1044
DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinn...gsaw/jigsaw.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229566731421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\npsoe.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Diccionario de Español/España - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\Extensions\[email protected] [2014-06-13]
FF Extension: Diccionario en Español para Venezuela - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\pt96kby9.default-1369614150234\Extensions\[email protected] [2013-06-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-05]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Facebook Plugin) - C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-14]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-10-14]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-14]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-08] (SUPERAntiSpyware.com) [File not signed]
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-07-16] (Adobe Systems) [File not signed]
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-13] (AVAST Software)
S3 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2014-06-12] (Creative Labs) [File not signed]
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [61529 2006-10-12] (Conexant Systems, Inc.) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [431384 2008-06-24] (Seagate)
S2 hpdj; C:\DOCUME~1\User\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product= [X]
S3 upnphost; %SystemRoot%\System32\upnphost.dll [X]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2006-10-26] (Meetinghouse Data Communications) [File not signed]
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-13] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-13] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-13] ()
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [618880 2006-03-02] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
R0 MxEFUF; C:\WINDOWS\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [18856 2007-08-31] (Microsoft Corporation)
S3 qcserxp; C:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 SQTECH905C; C:\WINDOWS\System32\Drivers\Capt905c.sys [37760 2007-05-18] (Service & Quality Technology.) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2012-07-21] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2012-07-21] (Acronis)
S3 bvrp_pci; No ImagePath
S3 cpuz132; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 zumbus; system32\DRIVERS\zumbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-06-29 15:56 - 2014-06-29 15:56 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-06-29 15:49 - 2014-06-29 15:54 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 15:48 - 2014-06-29 15:48 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-29 15:48 - 2014-06-29 15:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-29 15:48 - 2014-06-29 15:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-29 15:48 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-27 16:00 - 2014-06-27 16:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-13 09:03 - 2014-06-13 09:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
2014-06-12 20:35 - 2014-06-12 20:35 - 00000000 ____D () C:\Program Files\Common Files\Creative Labs Shared
2014-06-12 20:35 - 2014-06-12 20:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Creative Labs
2014-06-09 18:28 - 2014-06-09 18:24 - 00033709 _____ () C:\Documents and Settings\User\Desktop\IMG_138037010034230.jpeg
2014-05-31 00:28 - 2014-05-31 00:28 - 00010498 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat

==================== One Month Modified Files and Folders =======

2014-06-29 15:57 - 2014-05-14 00:06 - 00023061 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-06-29 15:57 - 2007-12-20 12:44 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-06-29 15:56 - 2014-06-29 15:56 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-06-29 15:56 - 2014-05-13 20:57 - 01073664 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-06-29 15:56 - 2014-05-08 10:09 - 00000000 ____D () C:\FRST
2014-06-29 15:55 - 2012-08-22 11:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-29 15:54 - 2014-06-29 15:49 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 15:48 - 2014-06-29 15:48 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-29 15:48 - 2014-06-29 15:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-29 15:48 - 2014-06-29 15:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-29 15:48 - 2009-01-04 04:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-29 15:48 - 2008-12-30 03:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-29 15:44 - 2013-10-24 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-06-29 14:59 - 2013-11-05 12:11 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-06-29 12:55 - 2007-12-20 12:43 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-29 12:31 - 2008-12-31 05:06 - 01750144 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-29 12:26 - 2013-12-02 23:10 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\HTC MediaHub
2014-06-29 12:26 - 2007-12-30 19:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-29 12:26 - 2007-12-30 19:38 - 00000000 _____ () C:\WINDOWS\wiaservc.log
2014-06-29 12:26 - 2007-12-20 12:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-29 12:26 - 2007-12-20 12:33 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-29 00:53 - 2014-02-18 20:20 - 01981672 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-06-29 00:53 - 2007-12-20 12:44 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-06-28 17:07 - 2014-05-14 00:59 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Email Attachments
2014-06-28 14:51 - 2012-07-22 16:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-27 16:01 - 2014-06-27 16:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-25 19:10 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-21 10:46 - 2012-07-22 17:58 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-21 10:46 - 2012-03-15 14:47 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-13 09:03 - 2014-06-13 09:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
2014-06-13 08:58 - 2010-01-16 18:17 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-06-12 20:35 - 2014-06-12 20:35 - 00000000 ____D () C:\Program Files\Common Files\Creative Labs Shared
2014-06-12 20:35 - 2014-06-12 20:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Creative Labs
2014-06-11 13:00 - 2013-08-14 02:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-11 13:00 - 2007-12-20 15:07 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-10 23:15 - 2008-01-09 00:21 - 00224768 __SHC () C:\Documents and Settings\User\Desktop\Thumbs.db
2014-06-09 19:23 - 2014-05-14 19:36 - 00216078 _____ () C:\WINDOWS\setupapi.log
2014-06-09 19:11 - 2010-07-04 21:34 - 00005018 __SHC () C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2014-06-09 19:11 - 2007-12-23 00:25 - 00007878 __SHC () C:\WINDOWS\system32\KGyGaAvL.sys
2014-06-09 19:11 - 2007-12-23 00:24 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My PSP Files
2014-06-09 18:24 - 2014-06-09 18:28 - 00033709 _____ () C:\Documents and Settings\User\Desktop\IMG_138037010034230.jpeg
2014-06-08 15:00 - 2014-05-17 01:18 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-06-04 15:45 - 2007-12-22 22:58 - 00199680 ____C () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-02 17:48 - 2010-06-10 21:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-05-31 00:28 - 2014-05-31 00:28 - 00010498 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat
2014-05-31 00:28 - 2008-03-20 16:18 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DivX
2014-05-31 00:28 - 2007-12-26 22:39 - 02782744 ___SH () C:\Documents and Settings\User\My Documents\Thumbs.db

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


  • 0

Advertisements

#551
Machiavelli
Posted 30 June 2014 - 11:45 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Looks good. :)


  • 0

#552
Lexy610
Posted 30 June 2014 - 12:06 PM

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

What do I do next?


  • 0

#553
Machiavelli
Posted 30 June 2014 - 12:08 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

The techs will help you soon I think.


  • 0

#554
Lexy610
Posted 30 June 2014 - 12:14 PM

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

Thank you so much :-)


  • 0

#555
Lexy610
Posted 02 July 2014 - 04:03 PM

Lexy610

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 743 posts

I picked up from our last post #536 regarding my sound issue .... Should I post my results??


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP