Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware keeps me from saving images on Firefox [Solved]


  • This topic is locked This topic is locked

#1
koolkat1939

koolkat1939

    Member

  • Member
  • PipPip
  • 27 posts

:smashcomp:  Hi I'm new here. I have a problem with Firefox. I have Windows XP and I'm using Firefox 28.0.

 

One day I tried saving a image and all I get is a hourglass and it won't save the image. I clicked on Tools/ Options / General  and tried saving to another place but the Malware won't let me use the "Browse button". The Malware also keeps me from doing anything with my bookmarks. I also tried uninstalling and reinstaling Firefox and the

Malware just comes back. I also  tried resetting Firefox to it's default but that does not work either.

 

I tried scanning with Stop Sign, Avast, Malwarebytes,Panda Cloud Cleaner,AdwCleaner and SUPERAntiSpyware . :bashhead:  They all say I'm clean ! But I know my PC is infected. The only thing I found that gets rid of it is to restore my PC to a earlier time but I wish there was a tool to get rid of it.

 

The Malware seems to only affect Firefox. Chrome does not seem affected by the Malware but I rather

use Firefox. Somebody please help. :help:

 

-------------------------------------------------------------------------------------------------------------------------------------------------

 

OTL logfile created on: 4/22/2014 7:39:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
895.36 Mb Total Physical Memory | 311.15 Mb Available Physical Memory | 34.75% Memory free
2.12 Gb Paging File | 1.01 Gb Available in Paging File | 47.90% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.87 Gb Total Space | 22.87 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.26 Gb Free Space | 51.07% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-8B6E50BD72 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/22 19:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014/04/21 12:14:01 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/21 12:14:01 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/09 15:14:26 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/24 11:18:08 | 000,118,264 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2014/03/15 01:40:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/02/18 12:40:55 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2014/01/16 14:41:04 | 001,618,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
PRC - [2014/01/09 22:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2014/01/09 18:05:58 | 001,519,200 | R--- | M] (eAcceleration Corp) -- C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
PRC - [2014/01/06 14:37:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/11/26 16:50:11 | 000,366,976 | ---- | M] (eAcceleration Corp) -- C:\Program Files\StopSign\Firewall\FWService.exe
PRC - [2013/10/31 12:15:46 | 000,178,576 | R--- | M] (eAcceleration Corp) -- C:\Program Files\StopSign\ThreatScanner\engines\vipre\viprecomsvc.exe
PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/09/26 12:00:03 | 000,116,224 | ---- | M] (eAcceleration Corp) -- C:\Program Files\eAcceleration\Framework\eac_svc.exe
PRC - [2013/09/26 11:45:30 | 000,264,592 | ---- | M] (eAcceleration Corp) -- C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
PRC - [2013/09/16 17:50:20 | 000,306,784 | ---- | M] (eAcceleration Corp) -- C:\Program Files\StopSign\OnAccess\onaccess.exe
PRC - [2013/09/16 12:42:13 | 000,465,296 | ---- | M] (eAcceleration Corp) -- C:\Program Files\eAcceleration\Station\station_bk.exe
PRC - [2012/05/25 05:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/03/25 17:41:08 | 000,374,096 | ---- | M] (eAcceleration Corp ) -- C:\Program Files\StopSign\PopupBlocker\sspopupblockerctrl.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/22 14:11:02 | 002,215,424 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14042201\algo.dll
MOD - [2014/04/01 20:20:17 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/03/15 01:40:39 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/07 10:57:22 | 000,178,464 | ---- | M] () -- C:\Program Files\StopSign\ThreatScanner\engines\vipre\vdb\libMachoUniv.dll
MOD - [2014/03/07 10:57:21 | 000,190,752 | ---- | M] () -- C:\Program Files\StopSign\ThreatScanner\engines\vipre\vdb\libBase64.dll
MOD - [2014/01/09 22:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/09 22:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 05:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2010/07/04 14:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/09/18 09:32:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/04/21 12:14:01 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/03/24 11:18:08 | 000,118,264 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014/03/15 01:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/18 12:40:55 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2013/11/26 16:50:11 | 000,366,976 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\StopSign\Firewall\FWService.exe -- (FWService)
SRV - [2013/10/31 12:15:46 | 000,178,576 | R--- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\StopSign\ThreatScanner\engines\vipre\viprecomsvc.exe -- (viprecomsvc)
SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/09/26 11:45:30 | 000,264,592 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
SRV - [2013/09/26 11:45:28 | 000,235,920 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\eAcceleration\Framework\eac_notifysvc.dll -- (eac_notifysvc)
SRV - [2011/04/05 14:58:11 | 000,189,904 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\StopSign\Firewall\ssfwmonsvc.dll -- (ssfwmonsvc)
SRV - [2010/11/08 12:25:24 | 000,202,264 | R--- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files\Acceleration Software\Anti-Virus\sstsmonsvc.dll -- (sstsmonsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/22 06:27:36 | 000,052,312 | ---- | M] (Malwarebytes Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/04/21 12:14:06 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/04/21 12:14:06 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/04/21 12:14:06 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/04/21 12:14:06 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/04/21 12:14:06 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/04/21 12:14:06 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/04/21 12:14:06 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/04/21 12:14:06 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/01/16 14:41:04 | 000,044,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys -- (ESProtectionDriver)
DRV - [2013/11/26 16:50:17 | 000,111,968 | ---- | M] (eAcceleration Corp) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fwcore.sys -- (fwcore)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2007/09/17 02:34:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2005/09/23 14:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/14 12:38:00 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/07/29 18:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 18:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 06:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd.                                               ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...Sys=DTP&M=T6426
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...Sys=DTP&M=T6426
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE%7D:3.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.98
FF - prefs.js..extensions.enabledAddons: MafiaaFire%40mafiaafire.com:0.9d
FF - prefs.js..extensions.enabledAddons: CustomGoogle%40mafiaafire.com:1.0.0.0
FF - prefs.js..extensions.enabledAddons: info%40omtv.se:1.0.1
FF - prefs.js..extensions.enabledAddons: nicofox%40littlebtc:1.0b5
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/21 12:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/04/09 15:01:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/04/08 09:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2014/04/22 19:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions
[2014/04/08 09:36:25 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2014/04/08 09:32:14 | 000,004,732 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\[email protected]
[2014/04/22 19:30:43 | 001,533,185 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\[email protected]
[2014/04/08 09:33:28 | 000,013,849 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\[email protected]
[2014/04/08 09:32:14 | 000,123,007 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\[email protected]
[2014/04/08 09:35:18 | 000,561,620 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\[email protected]
[2014/04/08 09:28:31 | 000,383,888 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/04/08 09:27:31 | 000,322,499 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE}.xpi
[2014/04/08 09:23:42 | 000,957,290 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/04/08 09:25:10 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2014/04/08 09:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/08 09:03:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/09 15:01:05 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.yahoo.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Adblock Plus = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Ghostery = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.2.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Reg Error: Value error.) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\Program Files\StopSign\PopupBlocker\sspopupblocker.dll (eAcceleration Corp )
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OnAccess] C:\Program Files\StopSign\OnAccess\onaccess.exe (eAcceleration Corp)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoftwareStation] C:\Program Files\eAcceleration\Station\station.exe (eAcceleration Corp)
O4 - HKLM..\Run: [StopSignPopupBlocker] C:\Program Files\StopSign\PopupBlocker\sspopupblockerctrl.exe (eAcceleration Corp )
O4 - HKLM..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe (eAcceleration Corp)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKCU..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe (Uniblue Software)
O4 - HKLM..\RunOnce: [PrivacyGuardianIndex] C:\Program Files\Privacy Guardian\PgIndex.exe (WinGuides Software)
O4 - HKCU..\RunOnce: [PGhist] C:\Program Files\Privacy Guardian\PgHist.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\Program Files\StopSign\PopupBlocker\sspopupblocker.dll (eAcceleration Corp )
O15 - HKCU\..Trusted Domains: microsoft.com ([windows] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB1D8A96-50D7-43EC-B4AE-4D0E8CC625F6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O28 - HKLM ShellExecuteHooks: {42DD0873-5FA9-465D-90DE-0826020416A5} - C:\Program Files\StopSign\OnAccess\onaccess_hk32.dll (eAcceleration Corp)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2014/02/20 07:55:54 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2009/04/18 11:01:28 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/22 19:33:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/22 19:25:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/04/22 16:00:01 | 002,049,128 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2014/04/21 17:02:56 | 000,000,000 | -HSD | C] -- C:\Jumpshot
[2014/04/21 17:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\gnupg
[2014/04/21 16:50:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/04/21 12:14:05 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/19 19:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2014/04/19 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2014/04/19 18:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comical
[2014/04/19 18:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2014/04/16 14:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Privacy Guardian
[2014/04/16 14:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Privacy Guardian
[2014/04/12 16:51:13 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/09 18:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/09 18:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/09 15:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/04/09 13:54:50 | 014,482,352 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\grimefighter.exe
[2014/04/09 07:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\chrome
[2014/04/08 09:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/04/08 09:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/08 08:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2014/04/08 08:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/04/08 08:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla(2)
[2014/04/08 08:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2014/04/08 08:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla(2)
[2014/04/08 08:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
[2014/04/08 07:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\bookmarkbackups
[2014/04/07 19:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2014/04/01 21:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2014/04/01 20:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2014/04/01 20:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/04/01 20:20:28 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/01 20:20:27 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/01 20:20:27 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/01 20:20:26 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/04/01 20:20:26 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/01 20:20:22 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/01 20:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/27 20:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2014/03/26 14:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2014/03/25 17:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2014/03/25 17:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2014/03/25 09:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/22 19:36:44 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/22 19:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/22 19:19:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/22 16:34:43 | 000,724,703 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2014/04/22 16:33:56 | 000,219,657 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2014/04/22 16:03:46 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2014/04/22 16:00:08 | 002,049,128 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2014/04/22 15:19:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/22 12:14:07 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/04/22 07:10:01 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Health-Check-deep.job
[2014/04/22 06:27:36 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/22 06:14:31 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes Anti-Exploit.job
[2014/04/22 06:14:27 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/04/22 06:14:01 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/22 06:13:55 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/22 06:13:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/21 12:14:38 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/21 12:14:06 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/21 12:14:06 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/21 12:14:06 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/21 12:14:06 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/04/21 12:14:06 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/21 12:14:06 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/21 12:14:06 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/21 12:14:06 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/21 12:14:05 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/21 12:14:05 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/14 17:23:24 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/12 18:45:12 | 002,230,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lunchables with Smoothie Kabobbles - Street Casting.mp4
[2014/04/09 18:18:01 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/09 15:17:16 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 13:55:32 | 014,482,352 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\grimefighter.exe
[2014/04/09 06:09:07 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/08 09:03:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/08 09:03:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/31 16:31:10 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/25 17:30:21 | 000,010,498 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2014/03/25 17:14:26 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/24 12:18:31 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/22 16:34:43 | 000,724,703 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2014/04/22 16:33:56 | 000,219,657 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2014/04/22 16:03:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2014/04/21 17:03:19 | 000,000,201 | RHS- | C] () -- C:\boot.ini
[2014/04/21 12:14:17 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/12 18:45:06 | 002,230,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lunchables with Smoothie Kabobbles - Street Casting.mp4
[2014/04/09 15:17:16 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/09 15:17:16 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 06:36:29 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/09 06:36:28 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/09 06:03:09 | 938,921,984 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/08 09:03:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/08 09:03:38 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/08 09:03:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/04/01 20:21:23 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/01 20:20:40 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/04/01 20:20:28 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/01 20:20:27 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/03/25 17:29:42 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2014/03/03 12:59:34 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/26 12:25:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2014/02/20 18:44:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2014/02/20 08:16:22 | 000,165,275 | ---- | C] () -- C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
[2014/02/20 07:19:15 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2014/02/20 07:19:14 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2014/02/19 19:47:09 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014/02/19 19:47:09 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/02/19 19:47:09 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2014/02/19 19:47:07 | 000,217,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2014/02/19 19:47:03 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/02/18 17:27:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/02/18 15:29:45 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2014/02/18 15:29:45 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2014/02/18 15:29:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2014/02/18 12:52:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2014/02/18 12:50:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2014/02/18 12:46:54 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2014/02/18 12:44:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2014/02/18 12:47:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/03 21:52:10 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/01 20:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/18 20:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eAcceleration
[2014/03/25 16:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2014/02/18 21:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2014/02/20 08:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2014/03/09 10:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware(3).com
[2014/04/22 05:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/04/01 20:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2014/03/30 08:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chessmaster Challenge
[2014/02/19 20:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.example.desktopLara
[2014/02/19 20:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.example.desktopLara.38AD268D554B48E1BFABC2A9B9EEB21BBAA89D0F.1
[2014/03/25 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2014/02/18 20:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eAcceleration
[2014/04/21 17:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gnupg
[2014/04/08 07:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2014/02/20 08:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\River Past G5
[2014/02/18 16:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2014/03/09 10:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware(3).com
[2014/04/19 19:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2014/02/19 20:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

-----------------------------------------------------------------------------------------------------------------------------------------------

 

OTL Extras logfile created on: 4/22/2014 7:39:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
895.36 Mb Total Physical Memory | 311.15 Mb Available Physical Memory | 34.75% Memory free
2.12 Gb Paging File | 1.01 Gb Available in Paging File | 47.90% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.87 Gb Total Space | 22.87 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.26 Gb Free Space | 51.07% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-8B6E50BD72 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1392753143\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1392753143\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7AD1EF2-2670-40C2-A541-939265AF2F18}_is1" = Privacy Eraser Pro
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Comical_is1" = Comical 0.8
"Defraggler" = Defraggler
"DivX Setup" = DivX Setup
"EaccelSetup" = StopSign Internet Security
"FileASSASSIN" = FileASSASSIN
"Free Any Burn" = Free Any Burn
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"IsoBuster_is1" = IsoBuster 2.2
"JAIELangPack" = Japanese Language Support
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.1.5
"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 0.09.5.1000
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ootake_is1" = Ootake ver2.75
"Port Magic" = Pure Networks Port Magic
"Privacy Guardian_is1" = Privacy Guardian 4.1
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.95
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1" = Uniblue PowerSuite
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"UltraISO_is1" = UltraISO 8.0 Premium Edition
"Unlocker" = Unlocker 1.9.0
"Video Cleaner Pro" = River Past Video Cleaner Pro
"VLC media player" = VLC media player 2.1.3
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Copy Express" = Xilisoft DVD Copy Express
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Yahoo! Messenger" = Yahoo! Messenger
"ZHCIELangPack" = Chinese (Simplified) Language Support
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5d3da13d1ccdb7f8" = Desktop Lara (Anniversary Edition)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/20/2014 8:44:32 PM | Computer Name = YOUR-8B6E50BD72 | Source = Application Error | ID = 1000
Description = Faulting application chess.exe, version 1.0.0.119, faulting module
 chess.exe, version 1.0.0.119, fault address 0x00006ed2.
 
Error - 3/21/2014 4:54:16 PM | Computer Name = YOUR-8B6E50BD72 | Source = Application Error | ID = 1000
Description = Faulting application chess.exe, version 1.0.0.119, faulting module
 chess.exe, version 1.0.0.119, fault address 0x00006ed2.
 
Error - 3/21/2014 5:08:01 PM | Computer Name = YOUR-8B6E50BD72 | Source = Application Error | ID = 1000
Description = Faulting application chess.exe, version 1.0.0.119, faulting module
 chess.exe, version 1.0.0.119, fault address 0x00006ed2.
 
Error - 3/21/2014 6:20:32 PM | Computer Name = YOUR-8B6E50BD72 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module shell32.dll, version 6.0.2900.6242, fault address 0x000b140b.
 
Error - 3/21/2014 6:20:44 PM | Computer Name = YOUR-8B6E50BD72 | Source = Application Error | ID = 1001
Description = Fault bucket -1214181621.
 
Error - 3/24/2014 9:27:22 AM | Computer Name = YOUR-8B6E50BD72 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 28.0.0.5186, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/24/2014 9:27:33 AM | Computer Name = YOUR-8B6E50BD72 | Source = Application Hang | ID = 1001
Description = Fault bucket 134231651.
 
Error - 3/26/2014 10:48:10 PM | Computer Name = YOUR-8B6E50BD72 | Source = Application Error | ID = 1000
Description = Faulting application chess.exe, version 1.0.0.119, faulting module
 chess.exe, version 1.0.0.119, fault address 0x00006ed2.
 
Error - 3/31/2014 8:50:38 PM | Computer Name = YOUR-8B6E50BD72 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 28.0.0.5186, faulting
 module mozalloc.dll, version 28.0.0.5186, fault address 0x0000119c.
 
Error - 3/31/2014 8:54:51 PM | Computer Name = YOUR-8B6E50BD72 | Source = Application Error | ID = 1001
Description = Fault bucket 134686812.
 
[ System Events ]
Error - 4/22/2014 9:11:24 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly.  It
 has done this 1 time(s).
 
Error - 4/22/2014 9:11:24 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The PrismXL service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 4/22/2014 9:11:24 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The Vipre COM Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 4/22/2014 9:11:24 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The eAcceleration Notification Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 4/22/2014 9:11:24 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The StopSign® Firewall Security Center Provider service terminated
 unexpectedly.  It has done this 1 time(s).
 
Error - 4/22/2014 9:11:24 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The StopSign® Antivirus Security Center Provider service terminated
 unexpectedly.  It has done this 1 time(s).
 
Error - 4/22/2014 9:11:24 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The FWService service terminated unexpectedly.  It has done this 1
 time(s).
 
Error - 4/22/2014 9:11:24 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 4/22/2014 9:11:32 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 1000 milliseconds:
 Restart the service.
 
Error - 4/22/2014 9:14:13 AM | Computer Name = YOUR-8B6E50BD72 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
  It has done this 1 time(s).
 
 
< End of report >
 


Edited by koolkat1939, 24 April 2014 - 08:48 AM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Koolkat1939,

 

Nothing in the way of malware leaping out at me there.

 

When did this start happening?

 

Was it after you made some change in your computer or, perhaps installed a new security program?

 

The symptoms suggest to me either that the images you are trying to download are copyright protected (although that should also effect your other browsers) or, that a security program is blocking downloads through Firefox for some reason.

 

You might try disabling your real-time (live) scanning of files in your anti-virus software temporarily to see if that makes downloading work. Another thing you might try is running Firefox in Safe Mode.

 

How to start Firefox in Safe Mode

Go to Firefox > Help > Restart with Add-ons Disabled.

Firefox will start with the Firefox Safe Mode dialog.

Note: You can also start Firefox in Safe Mode by clicking Start, selecting Run (or use the Start Search box in Windows 7 and Vista) and then entering the following in the text field: firefox -safe-mode

Come back and tell me if that makes a difference.

 

Meantime do this:

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

 

 
  • 0

#3
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

This started just this month. No it's not my security programs. I tried disabling them and I have the same problem. I tried Firefox in Safe Mode and even completely  uninstalled and re-installed Firefox. Still can not save images with Firefox.

 

Anyway here is my logs :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014

Ran by Owner (administrator) on YOUR-8B6E50BD72 on 24-04-2014 16:48:11
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(eAcceleration Corp) C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(eAcceleration Corp) C:\Program Files\StopSign\ThreatScanner\engines\vipre\viprecomsvc.exe
(eAcceleration Corp) C:\Program Files\eAcceleration\Framework\eac_svc.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\readericon45G.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(eAcceleration Corp) C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
(eAcceleration Corp) C:\Program Files\StopSign\OnAccess\onaccess.exe
(eAcceleration Corp ) C:\Program Files\StopSign\PopupBlocker\sspopupblockerctrl.exe
(eAcceleration Corp) C:\Program Files\StopSign\Firewall\FWService.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(eAcceleration Corp) C:\Program Files\eAcceleration\Station\station_bk.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [readericon] => C:\Program Files\Digital Media Reader\readericon45G.exe [139264 2005-12-09] (Alcor Micro, Corp.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [7204864 2005-09-18] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2005-09-18] (NVIDIA Corporation)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [Reminder] => C:\WINDOWS\Creator\Remind_XP.exe [966656 2005-02-25] (SoftThinks)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14820864 2005-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [webscan] => C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe [1519200 2014-01-09] (eAcceleration Corp)
HKLM\...\Run: [SoftwareStation] => C:\Program Files\eAcceleration\Station\station.exe [141712 2013-09-16] (eAcceleration Corp)
HKLM\...\Run: [OnAccess] => C:\Program Files\StopSign\OnAccess\onaccess.exe [306784 2013-09-16] (eAcceleration Corp)
HKLM\...\Run: [StopSignPopupBlocker] => C:\Program Files\StopSign\PopupBlocker\sspopupblockerctrl.exe [374096 2010-03-25] (eAcceleration Corp )
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-21] (AVAST Software)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-2592337306-4226411564-3586888808-1003\...\Run: [Uniblue SpeedUpMyPC] => C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [9495832 2007-08-16] (Uniblue Software)
HKU\S-1-5-21-2592337306-4226411564-3586888808-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2592337306-4226411564-3586888808-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2592337306-4226411564-3586888808-1003\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF
HKU\S-1-5-21-2592337306-4226411564-3586888808-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...Sys=DTP&M=T6426
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: No Name - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\Program Files\StopSign\PopupBlocker\sspopupblocker.dll (eAcceleration Corp )
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
ShellExecuteHooks: ExecuteMonitorShellHook Class - {42DD0873-5FA9-465D-90DE-0826020416A5} - C:\Program Files\StopSign\OnAccess\onaccess_hk32.dll [220768 2013-09-16] (eAcceleration Corp)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Memory Fox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2014-04-08]
FF Extension: MAFIAAFIRE: Gee! No evil! - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\[email protected] [2014-04-08]
FF Extension: Ghostery - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\[email protected] [2014-04-08]
FF Extension: my-spambox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\[email protected] [2014-04-08]
FF Extension: MAFIAAFire Redirector - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\[email protected] [2014-04-08]
FF Extension: NicoFox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\[email protected] [2014-04-08]
FF Extension: FlashGot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-08]
FF Extension: CookieSafe - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DE}.xpi [2014-04-08]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-08]
FF Extension: BetterPrivacy - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cn5n1kaw.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-04-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-01]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-20]
 
Chrome: 
=======
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-22]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-22]
CHR Extension: (Ghostery) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)
R2 eac_notifysvc; C:\Program Files\eAcceleration\Framework\eac_notifysvc.dll [235920 2013-09-26] (eAcceleration Corp)
R2 eac_productsvc; C:\Program Files\eAcceleration\Framework\eac_productsvc.exe [264592 2013-09-26] (eAcceleration Corp)
R2 FWService; C:\Program Files\StopSign\Firewall\FWService.exe [366976 2013-11-26] (eAcceleration Corp)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-03-24] (McAfee, Inc.)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2014-02-18] (New Boundary Technologies, Inc.)
R2 ssfwmonsvc; C:\Program Files\StopSign\Firewall\ssfwmonsvc.dll [189904 2011-04-05] (eAcceleration Corp)
R2 sstsmonsvc; C:\Program Files\Acceleration Software\Anti-Virus\sstsmonsvc.dll [202264 2010-11-08] (eAcceleration Corp)
R2 viprecomsvc; C:\Program Files\StopSign\ThreatScanner\engines\vipre\viprecomsvc.exe [178576 2013-10-31] (eAcceleration Corp)
 
==================== Drivers (Whitelisted) ====================
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R2 ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [16512 2007-09-17] (Adaptec)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-21] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-21] ()
R0 d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( )
R0 d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [5248 2004-08-22] ( )
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [44632 2014-01-16] ()
R0 fwcore; C:\WINDOWS\System32\drivers\fwcore.sys [111968 2013-11-26] (eAcceleration Corp)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [52312 2014-04-24] (Malwarebytes Corporation)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () <===== ATTENTION Necurs Rootkit?
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-24 16:47 - 2014-04-24 16:48 - 00016292 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-04-24 16:46 - 2014-04-24 16:47 - 00000000 ____D () C:\FRST
2014-04-24 16:43 - 2014-04-24 16:43 - 01048576 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-04-23 18:48 - 2014-04-23 21:20 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-04-23 18:48 - 2014-04-23 21:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-23 18:48 - 2014-04-23 18:48 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-04-23 16:59 - 2014-04-23 16:59 - 00000935 _____ () C:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
2014-04-23 16:59 - 2014-04-23 16:59 - 00000000 ____D () C:\Program Files\Panda Security
2014-04-23 16:59 - 2014-04-23 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
2014-04-23 16:36 - 2014-04-23 16:37 - 28413552 _____ (Panda Security ) C:\Documents and Settings\Owner\Desktop\PandaCloudCleaner.exe
2014-04-22 19:46 - 2014-04-22 19:46 - 00087906 _____ () C:\Documents and Settings\Owner\Desktop\OTL.Txt
2014-04-22 19:46 - 2014-04-22 19:46 - 00035032 _____ () C:\Documents and Settings\Owner\Desktop\Extras.Txt
2014-04-22 19:33 - 2014-04-22 19:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2014-04-22 16:34 - 2014-04-22 16:34 - 00724703 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2014-04-22 16:33 - 2014-04-22 16:33 - 00219657 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2014-04-22 16:03 - 2014-04-22 16:03 - 00000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2014-04-21 17:03 - 2005-07-19 18:41 - 00000201 __RSH () C:\boot.ini
2014-04-21 17:02 - 2014-04-21 17:02 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\gnupg
2014-04-21 17:02 - 2014-04-21 10:06 - 00000000 __SHD () C:\Jumpshot
2014-04-21 16:50 - 2014-04-21 17:11 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-04-21 12:14 - 2014-04-21 12:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-21 12:14 - 2014-04-21 12:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-04-20 19:50 - 2014-04-20 19:51 - 00000188 _____ () C:\Documents and Settings\Owner\Desktop\New Text Document (2).txt
2014-04-19 19:32 - 2014-04-19 19:32 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Uniblue
2014-04-19 19:31 - 2014-04-19 19:31 - 00000000 ____D () C:\Program Files\Uniblue
2014-04-19 18:05 - 2014-04-19 18:05 - 00000000 ____D () C:\Program Files\Comical
2014-04-19 18:05 - 2014-04-19 18:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Comical
2014-04-16 14:26 - 2014-04-23 21:17 - 00000000 ____D () C:\Program Files\Privacy Guardian
2014-04-16 14:26 - 2014-04-16 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Privacy Guardian
2014-04-12 18:45 - 2014-04-12 18:45 - 02230619 _____ () C:\Documents and Settings\Owner\Desktop\Lunchables with Smoothie Kabobbles - Street Casting.mp4
2014-04-12 16:51 - 2014-04-24 15:01 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 18:26 - 2014-04-12 16:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-09 18:26 - 2014-04-12 16:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-09 15:17 - 2014-04-09 15:17 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-09 15:17 - 2014-04-09 15:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-04-09 13:54 - 2014-04-09 13:55 - 14482352 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\grimefighter.exe
2014-04-09 07:11 - 2014-04-09 12:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\chrome
2014-04-09 06:36 - 2014-04-24 16:19 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 06:36 - 2014-04-24 15:19 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 12:25 - 2014-04-09 13:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 09:03 - 2014-04-08 09:03 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-08 09:03 - 2014-04-08 09:03 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-04-08 09:03 - 2014-04-08 09:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-08 09:03 - 2014-04-08 09:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-08 08:51 - 2014-04-08 08:51 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
2014-04-08 08:51 - 2014-04-08 08:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-04-08 08:07 - 2014-04-08 09:04 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Mozilla
2014-04-08 08:07 - 2014-04-08 08:07 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla(2)
2014-04-08 08:06 - 2014-04-08 08:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox(2)
2014-04-08 08:06 - 2014-04-08 08:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla(2)
2014-04-08 07:07 - 2014-04-22 18:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\bookmarkbackups
2014-04-07 19:20 - 2014-04-08 07:02 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\QuickScan
2014-04-01 20:21 - 2014-04-21 12:14 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-04-01 20:21 - 2014-04-01 20:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVAST Software
2014-04-01 20:21 - 2014-04-01 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-04-01 20:20 - 2014-04-24 12:14 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-01 20:20 - 2014-04-21 12:14 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-01 20:20 - 2014-04-21 12:14 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-01 20:20 - 2014-04-21 12:14 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-01 20:20 - 2014-04-21 12:14 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-01 20:20 - 2014-04-21 12:14 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-04-01 20:20 - 2014-04-21 12:14 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-04-01 20:20 - 2014-04-21 12:14 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-01 20:20 - 2014-04-21 12:14 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-01 20:19 - 2014-04-01 20:19 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-01 14:54 - 2014-04-01 14:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-04-01 08:21 - 2014-04-24 10:36 - 00010472 _____ () C:\Documents and Settings\Owner\Desktop\links 5.txt
2014-03-25 17:29 - 2014-03-25 17:30 - 00010498 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat
2014-03-25 17:10 - 2014-03-25 17:10 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\DDMSettings
2014-03-25 17:07 - 2014-03-25 17:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2014-03-25 09:10 - 2014-03-25 09:10 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\dvdcss
 
==================== One Month Modified Files and Folders =======
 
2014-04-24 16:48 - 2014-04-24 16:47 - 00016292 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-04-24 16:47 - 2014-04-24 16:46 - 00000000 ____D () C:\FRST
2014-04-24 16:43 - 2014-04-24 16:43 - 01048576 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-04-24 16:41 - 2014-02-18 21:40 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia
2014-04-24 16:19 - 2014-04-09 06:36 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 15:19 - 2014-04-09 06:36 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 15:01 - 2014-04-12 16:51 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 15:01 - 2014-02-18 21:04 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-04-24 13:30 - 2010-08-27 06:31 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Red Sonja
2014-04-24 12:14 - 2014-04-01 20:20 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-24 10:36 - 2014-04-01 08:21 - 00010472 _____ () C:\Documents and Settings\Owner\Desktop\links 5.txt
2014-04-24 06:37 - 2014-03-02 16:16 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-24 06:33 - 2004-08-26 11:02 - 01098991 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-24 06:29 - 2014-03-02 16:35 - 00000470 _____ () C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job
2014-04-24 06:29 - 2014-02-18 13:29 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-04-24 06:29 - 2014-02-18 12:49 - 00030277 _____ () C:\WINDOWS\system32\nvapps.xml
2014-04-24 06:28 - 2014-03-06 10:17 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-24 06:28 - 2004-08-26 11:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-23 21:20 - 2014-04-23 18:48 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-04-23 21:20 - 2014-04-23 18:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-23 21:20 - 2004-08-26 11:08 - 00032534 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-23 21:19 - 2004-08-26 11:09 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-04-23 21:19 - 2004-08-26 11:09 - 00000000 ____D () C:\Documents and Settings\Owner
2014-04-23 21:17 - 2014-04-16 14:26 - 00000000 ____D () C:\Program Files\Privacy Guardian
2014-04-23 18:48 - 2014-04-23 18:48 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-04-23 16:59 - 2014-04-23 16:59 - 00000935 _____ () C:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
2014-04-23 16:59 - 2014-04-23 16:59 - 00000000 ____D () C:\Program Files\Panda Security
2014-04-23 16:59 - 2014-04-23 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
2014-04-23 16:37 - 2014-04-23 16:36 - 28413552 _____ (Panda Security ) C:\Documents and Settings\Owner\Desktop\PandaCloudCleaner.exe
2014-04-23 10:44 - 2012-08-17 16:00 - 00030201 _____ () C:\Documents and Settings\Owner\My Documents\New Text Document.txt
2014-04-23 07:11 - 2014-02-19 20:28 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-04-22 20:45 - 2014-02-18 16:34 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Michael's Stuff
2014-04-22 19:46 - 2014-04-22 19:46 - 00087906 _____ () C:\Documents and Settings\Owner\Desktop\OTL.Txt
2014-04-22 19:46 - 2014-04-22 19:46 - 00035032 _____ () C:\Documents and Settings\Owner\Desktop\Extras.Txt
2014-04-22 19:33 - 2014-04-22 19:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2014-04-22 18:44 - 2014-04-08 07:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\bookmarkbackups
2014-04-22 16:34 - 2014-04-22 16:34 - 00724703 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2014-04-22 16:33 - 2014-04-22 16:33 - 00219657 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2014-04-22 16:03 - 2014-04-22 16:03 - 00000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2014-04-22 06:40 - 2014-03-02 16:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-21 17:11 - 2014-04-21 16:50 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-04-21 17:02 - 2014-04-21 17:02 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\gnupg
2014-04-21 12:14 - 2014-04-21 12:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-21 12:14 - 2014-04-21 12:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-04-21 12:14 - 2014-04-01 20:21 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-04-21 12:14 - 2014-04-01 20:20 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-21 12:14 - 2014-04-01 20:20 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-21 12:14 - 2014-04-01 20:20 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-21 12:14 - 2014-04-01 20:20 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-21 12:14 - 2014-04-01 20:20 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-04-21 12:14 - 2014-04-01 20:20 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-04-21 12:14 - 2014-04-01 20:20 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-21 12:14 - 2014-04-01 20:20 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-21 10:06 - 2014-04-21 17:02 - 00000000 __SHD () C:\Jumpshot
2014-04-20 19:51 - 2014-04-20 19:50 - 00000188 _____ () C:\Documents and Settings\Owner\Desktop\New Text Document (2).txt
2014-04-19 19:32 - 2014-04-19 19:32 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Uniblue
2014-04-19 19:31 - 2014-04-19 19:31 - 00000000 ____D () C:\Program Files\Uniblue
2014-04-19 19:31 - 2014-02-18 16:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue PowerSuite
2014-04-19 18:05 - 2014-04-19 18:05 - 00000000 ____D () C:\Program Files\Comical
2014-04-19 18:05 - 2014-04-19 18:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Comical
2014-04-19 17:40 - 2004-08-26 11:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-19 17:40 - 2004-08-26 11:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-19 17:40 - 2004-08-26 11:01 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-19 13:52 - 2014-03-02 16:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-04-16 14:56 - 2014-02-19 20:39 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Xilisoft
2014-04-16 14:56 - 2014-02-19 20:38 - 00000000 ____D () C:\Program Files\Xilisoft
2014-04-16 14:43 - 2014-02-20 18:23 - 00000432 _____ () C:\temp.txt
2014-04-16 14:26 - 2014-04-16 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Privacy Guardian
2014-04-16 14:16 - 2014-03-21 08:14 - 00000000 ____D () C:\Program Files\Innovative Solutions
2014-04-14 17:23 - 2004-08-26 09:12 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-12 18:45 - 2014-04-12 18:45 - 02230619 _____ () C:\Documents and Settings\Owner\Desktop\Lunchables with Smoothie Kabobbles - Street Casting.mp4
2014-04-12 16:47 - 2014-02-18 20:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-12 16:44 - 2014-04-09 18:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-12 16:44 - 2014-04-09 18:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 16:44 - 2014-02-18 20:44 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Malwarebytes
2014-04-09 18:26 - 2014-02-18 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-09 15:17 - 2014-04-09 15:17 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-09 15:17 - 2014-04-09 15:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-04-09 15:14 - 2014-02-18 16:33 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2014-04-09 15:14 - 2014-02-18 12:43 - 00000000 ____D () C:\Program Files\Google
2014-04-09 15:01 - 2014-02-18 12:56 - 00000000 ____D () C:\Program Files\McAfee
2014-04-09 13:55 - 2014-04-09 13:54 - 14482352 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\grimefighter.exe
2014-04-09 13:49 - 2014-03-09 10:24 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Firefox
2014-04-09 13:23 - 2014-03-11 10:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 13:17 - 2014-02-18 14:47 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 13:16 - 2014-04-08 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 12:58 - 2014-04-09 07:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\chrome
2014-04-09 07:46 - 2014-03-02 09:24 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\pics
2014-04-09 06:09 - 2014-03-06 10:16 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-08 12:30 - 2014-02-18 14:54 - 00000000 ____D () C:\WINDOWS\ie7updates
2014-04-08 09:16 - 2014-02-18 19:48 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-04-08 09:15 - 2014-02-18 21:27 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-08 09:15 - 2014-02-18 21:27 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-08 09:04 - 2014-04-08 08:07 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Mozilla
2014-04-08 09:03 - 2014-04-08 09:03 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-08 09:03 - 2014-04-08 09:03 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-04-08 09:03 - 2014-04-08 09:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-08 09:03 - 2014-04-08 09:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-08 08:51 - 2014-04-08 08:51 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
2014-04-08 08:51 - 2014-04-08 08:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-04-08 08:51 - 2014-04-08 08:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox(2)
2014-04-08 08:07 - 2014-04-08 08:07 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla(2)
2014-04-08 08:06 - 2014-04-08 08:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla(2)
2014-04-08 07:02 - 2014-04-07 19:20 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\QuickScan
2014-04-06 13:53 - 2013-04-22 14:50 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Windows XP
2014-04-03 09:50 - 2014-02-18 20:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 14:28 - 2014-02-19 20:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-01 20:21 - 2014-04-01 20:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVAST Software
2014-04-01 20:21 - 2014-04-01 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-04-01 20:19 - 2014-04-01 20:19 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-01 20:17 - 2014-02-20 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-04-01 14:55 - 2014-04-01 14:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-04-01 07:04 - 2014-02-18 15:31 - 00020568 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-01 06:48 - 2014-01-22 11:08 - 00074226 _____ () C:\Documents and Settings\Owner\Desktop\links 4.txt
2014-03-31 16:31 - 2004-08-26 03:54 - 00121336 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-31 12:37 - 2009-06-12 10:52 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Movies
2014-03-30 11:50 - 2014-03-24 18:51 - 00000838 _____ () C:\Documents and Settings\Owner\Desktop\New Text Document.txt
2014-03-30 08:15 - 2014-02-19 19:13 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Chessmaster Challenge
2014-03-26 20:10 - 2013-12-01 09:36 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\desk top 2
2014-03-25 18:27 - 2014-03-12 08:35 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\DivX
2014-03-25 17:30 - 2014-03-25 17:29 - 00010498 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat
2014-03-25 17:14 - 2014-03-03 12:59 - 00005120 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-25 17:10 - 2014-03-25 17:10 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\DDMSettings
2014-03-25 17:08 - 2014-03-25 17:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2014-03-25 17:08 - 2014-03-12 08:30 - 00000000 ____D () C:\Program Files\DivX
2014-03-25 17:08 - 2014-03-12 08:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-03-25 17:07 - 2014-03-12 08:34 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-03-25 16:56 - 2014-02-20 06:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinAce
2014-03-25 16:54 - 2014-03-21 08:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2014-03-25 09:10 - 2014-03-25 09:10 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\dvdcss
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-04-2014
Ran by Owner at 2014-04-24 16:49:52
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: StopSign® Antivirus (Disabled - Up to date) {3E1D4556-3240-40c8-BBED-64A8690A3FB4}
FW: StopSign® Firewall (Disabled) {06936B90-CB61-4dcb-AABD-C0E25320F6C3}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
Chinese (Simplified) Language Support (HKLM\...\ZHCIELangPack) (Version:  - )
Comical 0.8 (HKLM\...\Comical_is1) (Version:  - James Athey)
DAEMON Tools (HKLM\...\{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}) (Version: 3.47.0 - DAEMON'S HOME)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Desktop Lara (Anniversary Edition) (HKCU\...\5d3da13d1ccdb7f8) (Version: 0.1.1.3 - Desktop Lara (Anniversary Edition))
Digital Media Reader (HKLM\...\InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}) (Version: 2.01.00.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.00.02 - AlcorMicro) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DVD Solution (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Free Any Burn (HKLM\...\Free Any Burn) (Version: 1.4 - Power Software Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
IsoBuster 2.2 (HKLM\...\IsoBuster_is1) (Version: 2.2 - Smart Projects)
J2SE Runtime Environment 5.0 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150020}) (Version: 1.5.0.20 - Sun Microsystems, Inc.)
Japanese Language Support (HKLM\...\JAIELangPack) (Version:  - )
K-Lite Mega Codec Pack 10.1.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Malwarebytes Anti-Exploit version 0.09.5.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.09.5.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.121 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Ootake ver2.75 (HKLM\...\Ootake_is1) (Version:  - Kitao Nakamura)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.98 - Panda Security)
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
Privacy Eraser Pro (HKLM\...\{F7AD1EF2-2670-40C2-A541-939265AF2F18}_is1) (Version: Privacy Eraser Pro 7.0 - PrivacyEraser Computing, Inc.)
Privacy Guardian 4.1 (HKLM\...\Privacy Guardian_is1) (Version: 4.1 - PC Tools)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 1.96 - Realtek Semiconductor Corp.)
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
River Past Video Cleaner Pro (HKLM\...\Video Cleaner Pro) (Version: 7.5.1 - River Past)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StopSign Internet Security (HKLM\...\EaccelSetup) (Version:  - eAcceleration)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Total Video Converter 3.12 080330 (HKLM\...\Total Video Converter 3.12_is1) (Version:  - EffectMatrix Inc.)
UltraISO 8.0 Premium Edition (HKLM\...\UltraISO_is1) (Version:  - )
Uniblue PowerSuite (HKLM\...\SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1) (Version:  - Uniblue)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinAce Archiver (HKLM\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xilisoft DVD Copy Express (HKLM\...\Xilisoft DVD Copy Express) (Version: 1.1.29.0220 - Xilisoft)
Xilisoft DVD Ripper Ultimate (HKLM\...\Xilisoft DVD Ripper Ultimate 5) (Version: 5.0.30.0229 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 5.0.64.0630 - Xilisoft)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
10-04-2014 15:12:30 System Checkpoint
10-04-2014 15:12:29 computer clean
10-04-2014 15:12:30 Software Distribution Service 3.0
10-04-2014 15:12:29 System Checkpoint
10-04-2014 15:12:30 avast! antivirus system restore point
10-04-2014 15:12:30 avast! antivirus system restore point
10-04-2014 15:12:29 System Checkpoint
10-04-2014 15:12:29 before firefox reset
10-04-2014 15:12:30 Restore Operation
10-04-2014 15:12:29 Restore Operation
10-04-2014 15:12:29 Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 en-US)
10-04-2014 15:12:29 Revo Uninstaller's restore point - Mozilla Maintenance Service
10-04-2014 15:12:29 firefox working
10-04-2014 15:12:30 computer clean
10-04-2014 15:12:30 before install
10-04-2014 15:12:30 Software Distribution Service 3.0
10-04-2014 15:12:29 before DivXInstaller
10-04-2014 15:12:30 System Checkpoint
10-04-2014 15:12:29 System Checkpoint
10-04-2014 15:12:29 System Checkpoint
10-04-2014 15:12:29 System Checkpoint
10-04-2014 15:12:29 System Checkpoint
10-04-2014 15:12:30 Restore Operation
10-04-2014 15:12:29 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 en-US)
10-04-2014 15:12:29 Revo Uninstaller's restore point - Mozilla Maintenance Service
10-04-2014 15:12:29 Before Advanced Uninstaller Pro
10-04-2014 15:12:29 After installing Advanced Uninstaller PRO
10-04-2014 15:12:29 Removed Napster Burn Engine
10-04-2014 15:12:29 computer working
10-04-2014 15:12:29 System Checkpoint
10-04-2014 15:12:29 before adaware anti-virus
10-04-2014 15:12:29 avast! antivirus system restore point
10-04-2014 15:12:30 Installed Windows XP KB942288-v3.
10-04-2014 15:12:30 AA11
10-04-2014 15:12:30 AA11
10-04-2014 15:12:30 avast! antivirus system restore point
10-04-2014 15:12:30 avast! antivirus system restore point
10-04-2014 15:12:30 avast! antivirus system restore point
10-04-2014 15:12:30 Restore Operation
10-04-2014 15:12:30 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 en-US)
10-04-2014 15:12:30 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 en-US)
10-04-2014 15:12:30 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 en-US)
10-04-2014 15:12:31 avast! antivirus system restore point
10-04-2014 15:12:30 Revo Uninstaller's restore point - Privacy Guardian 4.1
10-04-2014 15:12:30 firefox clean
10-04-2014 15:12:30 System Checkpoint
10-04-2014 15:12:29 firefox
10-04-2014 15:12:29 Restore Operation
10-04-2014 15:12:29 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 en-US)
10-04-2014 15:12:29 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 en-US)
10-04-2014 15:12:31 Restore Operation
10-04-2014 15:12:31 firefox fixed
10-04-2014 15:12:31 Software Distribution Service 3.0
10-04-2014 15:12:28 Restore Operation
10-04-2014 15:12:28 Software Distribution Service 3.0
09-04-2014 22:31:12 04-09-2014
10-04-2014 18:06:12 04-10-2014
10-04-2014 23:22:39 m-bytes clean
12-04-2014 00:27:21 System Checkpoint
12-04-2014 03:20:53 04-11-14
12-04-2014 23:15:50 04-12-2014
16-04-2014 13:26:16 04-16-2014
16-04-2014 20:48:17 Revo Uninstaller's restore point - Xilisoft Video Converter Ultimate
16-04-2014 20:51:28 Revo Uninstaller's restore point - Xilisoft Video Converter Ultimate
16-04-2014 21:10:45 Revo Uninstaller's restore point - Advanced Uninstaller PRO - Version 11
16-04-2014 21:14:02 Revo Uninstaller's restore point - Advanced Uninstaller PRO - Version 11
16-04-2014 21:21:24 Revo Uninstaller's restore point - Privacy Guardian 4.1
16-04-2014 21:31:47 Revo Uninstaller's restore point - Xilisoft DVD Ripper Ultimate
16-04-2014 21:33:34 Revo Uninstaller's restore point - Xilisoft DVD Ripper Ultimate
16-04-2014 21:47:29 Revo Uninstaller's restore point - Xilisoft DVD Copy Express
16-04-2014 21:49:41 Revo Uninstaller's restore point - Xilisoft DVD Copy Express
16-04-2014 22:01:54 re-installed programs
18-04-2014 16:39:55 System Checkpoint
19-04-2014 21:55:25 Revo Uninstaller's restore point - Comical 0.8
19-04-2014 21:57:13 Revo Uninstaller's restore point - Comical 0.8
20-04-2014 00:20:24 Restore Operation
20-04-2014 00:39:41 Restore Operation
20-04-2014 00:55:19 Revo Uninstaller's restore point - Comical 0.8
20-04-2014 00:58:25 Revo Uninstaller's restore point - Comical 0.8
20-04-2014 01:19:03 04-19-2014
21-04-2014 19:13:29 avast! antivirus system restore point
24-04-2014 15:21:11 System Checkpoint
 
==================== Hosts content: ==========================
 
2006-05-26 21:02 - 2004-08-04 12:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-24 14:52 - 2014-04-24 14:52 - 02215936 _____ () C:\Program Files\AVAST Software\Avast\defs\14042401\algo.dll
2010-07-04 14:32 - 2010-07-04 14:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-02-20 17:18 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-18 20:25 - 2014-03-07 10:57 - 00190752 _____ () C:\Program Files\StopSign\ThreatScanner\engines\vipre\vdb\libBase64.dll
2014-02-18 20:25 - 2014-03-07 10:57 - 00178464 _____ () C:\Program Files\StopSign\ThreatScanner\engines\vipre\vdb\libMachoUniv.dll
2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-04-01 20:20 - 2014-04-01 20:20 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-20 12:29 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-02-20 12:29 - 2012-05-25 05:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2006-05-26 21:04 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-05-26 21:03 - 2008-04-14 06:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-04-09 15:17 - 2014-04-01 18:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 15:17 - 2014-04-01 18:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 15:17 - 2014-04-01 18:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-09 15:17 - 2014-04-01 18:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\viprecomsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\viprecomsvc => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2014 04:47:24 PM) (Source: Application Error) (User: )
Description: Faulting application frst.exe, version 3.3.10.2, faulting module frst.exe, version 3.3.10.2, fault address 0x0001fff9.
Processing media-specific event for [frst.exe!ws!]
 
Error: (04/14/2014 05:39:07 PM) (Source: Application Hang) (User: )
Description: Fault bucket 137060566.
 
Error: (04/14/2014 05:39:02 PM) (Source: Application Hang) (User: )
Description: Hanging application AvastUI.exe, version 9.0.2016.330, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/14/2014 05:38:58 PM) (Source: Application Hang) (User: )
Description: Hanging application AvastUI.exe, version 9.0.2016.330, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/10/2014 06:26:04 PM) (Source: Application Hang) (User: )
Description: Fault bucket 137060566.
 
Error: (04/10/2014 06:25:53 PM) (Source: Application Hang) (User: )
Description: Hanging application AvastUI.exe, version 9.0.2016.330, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/10/2014 06:24:36 PM) (Source: Application Hang) (User: )
Description: Fault bucket 137060566.
 
Error: (04/10/2014 06:24:19 PM) (Source: Application Hang) (User: )
Description: Hanging application AvastUI.exe, version 9.0.2016.330, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/10/2014 06:24:14 PM) (Source: Application Hang) (User: )
Description: Fault bucket 137060566.
 
Error: (04/10/2014 06:24:07 PM) (Source: Application Hang) (User: )
Description: Hanging application AvastUI.exe, version 9.0.2016.330, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (04/23/2014 08:02:33 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2014 06:14:13 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2014 06:11:32 AM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/22/2014 06:11:24 AM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2014 06:11:24 AM) (Source: Service Control Manager) (User: )
Description: The FWService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2014 06:11:24 AM) (Source: Service Control Manager) (User: )
Description: The StopSign® Antivirus Security Center Provider service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2014 06:11:24 AM) (Source: Service Control Manager) (User: )
Description: The StopSign® Firewall Security Center Provider service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2014 06:11:24 AM) (Source: Service Control Manager) (User: )
Description: The eAcceleration Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2014 06:11:24 AM) (Source: Service Control Manager) (User: )
Description: The Vipre COM Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2014 06:11:24 AM) (Source: Service Control Manager) (User: )
Description: The PrismXL service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (04/24/2014 04:47:24 PM) (Source: Application Error)(User: )
Description: frst.exe3.3.10.2frst.exe3.3.10.20001fff9
 
Error: (04/14/2014 05:39:07 PM) (Source: Application Hang)(User: )
Description: 137060566
 
Error: (04/14/2014 05:39:02 PM) (Source: Application Hang)(User: )
Description: AvastUI.exe9.0.2016.330hungapp0.0.0.000000000
 
Error: (04/14/2014 05:38:58 PM) (Source: Application Hang)(User: )
Description: AvastUI.exe9.0.2016.330hungapp0.0.0.000000000
 
Error: (04/10/2014 06:26:04 PM) (Source: Application Hang)(User: )
Description: 137060566
 
Error: (04/10/2014 06:25:53 PM) (Source: Application Hang)(User: )
Description: AvastUI.exe9.0.2016.330hungapp0.0.0.000000000
 
Error: (04/10/2014 06:24:36 PM) (Source: Application Hang)(User: )
Description: 137060566
 
Error: (04/10/2014 06:24:19 PM) (Source: Application Hang)(User: )
Description: AvastUI.exe9.0.2016.330hungapp0.0.0.000000000
 
Error: (04/10/2014 06:24:14 PM) (Source: Application Hang)(User: )
Description: 137060566
 
Error: (04/10/2014 06:24:07 PM) (Source: Application Hang)(User: )
Description: AvastUI.exe9.0.2016.330hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 65%
Total physical RAM: 895.36 MB
Available physical RAM: 308.49 MB
Total Pagefile: 2167.08 MB
Available Pagefile: 1081.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:181.87 GB) (Free:22.18 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.43 GB) (Free:2.26 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 186 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=182 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4 GB) - (Type=0B)
 
==================== End Of Log ============================

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I am still not seeing malware.
 

No it's not my security programs. I tried disabling them and I have the same problem.

I take it that applied to all your security programs including Avast and Stopsign AV and Stopsign Firewall. Also, just disabling doesn't always do the trick. Nowadays AVs work at such a low level they never completely turn off.

In any event running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

You should uninstall either:

Avast

or

Stopsign Internet Security see (eAcceleration Stopsign)

Of the two I would recommend keeping Avast.

I would say though that Avast is showing Application errors. This might be because of conflict with Stopsign or it might be some corruption somewhere. If you do uninstall Stopsign then I would recommend a reinstallation of Avast as well just to make sure it is working fully.

There are also some firewall service and other errors showing for Stopsign. Again I suspect this if because of conflict issues. Uninstallation is the best solution but if you do decide to keep it then the same advice goes, that is a reinstallation to make sure any corruption is dealt with.

Now

My best thought still is that you have a security program problem but let's check some services in case there is an issue there.

Please download Farbar Service Scanner and run.
  • Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
  • Press Scan
  • A log (FSS.txt) will be created in the same directory the tool is run.
  • Copy and paste the log back here.

  • 0

#5
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

I paid for Stop Sign. I've had it for years, It saved my computer lots of times. Avast is just back-up because I like it's real time protection.

There hasn't been much conflict between the two , but for now I'll uninstall Avast. Avast says Farbar Service Scanner is a virus.

I turned off Avast real time protection to download . Do i uninstall one of my AV before I run Farbar Service Scanner ?


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

Do i uninstall one of my AV before I run Farbar Service Scanner ?

 

Very unlikely there would be any problem running FSS but may as well uninstall Avast anyway. After you have uninstalled it please reboot and try Firefox and see if there is any change.


  • 0

#7
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

:yeah: Everything works now after I uninstalled Avast. I can save images but where can I go for better real time protection ?

 

Here is my log :

 

Farbar Service Scanner Version: 25-02-2014
Ran by Owner (administrator) on 24-04-2014 at 19:09:52
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fwcore(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000060000000700000005000000
IpSec Tag value is correct.

**** End of log ****


Edited by koolkat1939, 24 April 2014 - 08:14 PM.

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello again Koolkat1939,

 

 

Everything works now after I uninstalled Avast.


Excellent news. :thumbsup:

The FSS scan shows everything working fine too.

 

 

I can save images but where can I go for better real time protection ?

 

You already have a number of security programs an anti-virus and a firewall. Not much more to add without conflict occurring.

We could run an online AV scan to have a last check on things but I really don't see any need. Your logs look clean to me.

I think your machines is good to go now.

We have a couple of last steps to perform and then you're all set.smile.gif
 

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
 

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Add or Remove Programs
       
  • Remove all Java updates except the latest one you have just installed.

----------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!


  • 0

#9
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

:lol: OK thank you.


  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

OK thank you.

 

You are welcome. :happy:

 

I will keep this topic open for a day or two in case any issues develop.


  • 0

#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP