Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

new to me computer need help [Solved]


  • This topic is locked This topic is locked

#1
William Wisdom

William Wisdom

    Member

  • Member
  • PipPip
  • 10 posts

i have a dell latituce 120l with windows xp its unning slush and full of junk. does any one have any suggestions?

 

 

thank you

william wisdom


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Let's get a look at your system and see what's going on.


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:

FRST Log

Addition.txt Log

aswMBR Log

  • 0

#3
William Wisdom

William Wisdom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

nice to meet you Pystryker

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-05-2014 Ran by Valued Customer (administrator) on 8783B561B2C0457 on 23-05-2014 22:40:43 Running from C:\Documents and Settings\Valued Customer\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 6 Boot Mode: Normal

The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

() C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\WINDOWS\system32\osk.exe (Microsoft Corporation) C:\WINDOWS\system32\msswchx.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.) HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-06-06] (Intel Corporation) HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-06-06] (Intel Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2006-11-07] (AVAST Software) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {5581d4f4-4de3-11e1-9668-001422a97fb0} - E:\TL_Bootstrap.exe HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {866574c2-6e84-11e3-9a39-0016ce47aa18} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {8d53cf82-328a-11e1-9653-001422a97fb0} - E:\RunClubSanDisk.exe Startup: C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\IMVU.lnk ShortcutTarget: IMVU.lnk -> C:\Documents and Settings\Valued Customer\Application Data\IMVUClient\IMVUQualityAgent.exe (No File) Startup: C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo...._g_e&fr=conduit HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....erms}&fr=mkg028 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....ds={searchTerms} SearchScopes: HKCU - {5320B10F-040D-4C5A-93C6-E20CC123CE96} URL = http://ecostartpage....?q={searchTerms} SearchScopes: HKCU - {536B710E-863A-417A-B905-FFEDADE9AD36} URL = http://delicious.com...?p={searchTerms} SearchScopes: HKCU - {59F925C3-024B-4C10-8400-E53E0F826D91} URL = http://www.mysearchr...&q={searchTerms} SearchScopes: HKCU - {93122B3C-764A-4120-ADA8-06ABC3246CEE} URL = http://www.flickr.co...?q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...&q={searchTerms} SearchScopes: HKCU - {AAE0DFD1-128D-42A5-B269-7E7243252B15} URL = http://rover.ebay.co...le={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....erms}&fr=mkg028 BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1323105735812 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox: ======== FF ProfilePath: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\e3y9d7tb.default-1399343344640 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10] FF Extension: DnsBasic - C:\Program Files\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-05-10] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09]

Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "https://www.google.c...e&btmpl=authsub" CHR Extension: (Radio) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2013-01-18] CHR Extension: (Google Docs) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18] CHR Extension: (Google Drive) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18] CHR Extension: (YouTube) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18] CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2013-01-18] CHR Extension: (Classic Games) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckmoikambnjgjnhaefiklkblfjoolnaf [2013-01-18] CHR Extension: (Google Search) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18] CHR Extension: (Pandora) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-01-18] CHR Extension: (Digital Clock) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-01-18] CHR Extension: (UNO 3 3D) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnljegjnioppmpieleiegimongopeanj [2013-01-18] CHR Extension: (Glitterboo) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp [2013-01-18] CHR Extension: (Faerie Alchemy HD) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imdilajngppdgdbemeighbingnbmpnpl [2013-01-18] CHR Extension: (Lady Popular) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnamdlacgipmoldlhfgjficjiclhgibm [2013-01-18] CHR Extension: (Planner 5D) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-01-18] CHR Extension: (Egypt Crystals) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nkeakaijkcjjkiiomkamofognihfnckl [2013-01-18] CHR Extension: (My Chrome Theme) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-01-18] CHR Extension: (Sassy Susan DressUp) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oghdemokodfinoaoiilibelpkmconine [2013-01-18] CHR Extension: (Gmail) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18] CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-09]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-09] (AVAST Software) S3 Imapi Helper; C:\Program Files\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) S2 DnsBasic Service; "C:\Program Files\DnsBasic\dnsbasic.exe" "C:\Program Files\DnsBasic\dnsbasic.dll" jipigizom wososurar

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-09] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-09] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-03-09] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-03-09] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-03-09] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-09] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-03-09] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-01-20] () S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2012-10-10] (AnchorFree Inc) S3 Andbus; system32\DRIVERS\lgandbus.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag.sys [X] S3 AndGps; system32\DRIVERS\lgandgps.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X] S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X] S3 NPF; system32\DRIVERS\npf.sys [X] S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 UsbGps; system32\DRIVERS\lgusbgps.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-23 22:40 - 2014-05-23 22:41 - 00018465 _____ () C:\Documents and Settings\Valued Customer\Desktop\FRST.txt 2014-05-23 22:30 - 2014-05-23 22:40 - 00000000 ____D () C:\FRST 2014-05-23 22:28 - 2014-05-23 22:28 - 01056768 _____ (Farbar) C:\Documents and Settings\Valued Customer\Desktop\FRST.exe 2014-05-10 11:58 - 2014-05-10 11:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-06 18:01 - 2014-05-06 18:04 - 00005554 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-04-28 15:31 - 2014-04-28 15:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-04-28 15:26 - 2014-04-28 15:31 - 00011180 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-04-23 17:15 - 2014-04-23 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-23 17:14 - 2014-04-23 17:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-04-23 17:14 - 2014-04-23 17:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Yahoo! 2014-04-23 17:00 - 2014-04-28 15:32 - 00014259 _____ () C:\WINDOWS\KB2930275.log 2014-04-23 16:48 - 2014-04-23 17:15 - 00132021 _____ () C:\WINDOWS\KB2922229.log 2014-04-23 16:47 - 2014-04-23 17:15 - 00131725 _____ () C:\WINDOWS\KB2929961.log 2014-04-23 16:41 - 2014-04-23 16:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect

==================== One Month Modified Files and Folders =======

2014-05-23 22:41 - 2014-05-23 22:40 - 00018465 _____ () C:\Documents and Settings\Valued Customer\Desktop\FRST.txt 2014-05-23 22:40 - 2014-05-23 22:30 - 00000000 ____D () C:\FRST 2014-05-23 22:28 - 2014-05-23 22:28 - 01056768 _____ (Farbar) C:\Documents and Settings\Valued Customer\Desktop\FRST.exe 2014-05-23 22:25 - 2012-04-09 20:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-23 22:04 - 2013-12-09 14:37 - 00000496 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job 2014-05-23 21:26 - 2011-12-05 11:24 - 01432234 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-23 20:40 - 2013-07-18 11:06 - 00000456 _____ () C:\WINDOWS\Tasks\At2.job 2014-05-23 18:49 - 2011-12-05 11:31 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-23 15:17 - 2014-03-09 15:17 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-05-23 14:54 - 2011-12-05 03:07 - 00521886 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-05-23 14:51 - 2011-12-05 11:21 - 00046241 ____C () C:\WINDOWS\wmsetup.log 2014-05-23 14:50 - 2004-08-12 03:34 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-23 14:49 - 2011-12-05 11:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-23 14:49 - 2011-12-05 03:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-05-23 14:49 - 2011-12-05 03:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-05-23 14:49 - 2006-11-07 01:03 - 00000242 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-05-23 14:48 - 2011-12-05 11:35 - 00000178 ___SH () C:\Documents and Settings\Valued Customer\ntuser.ini 2014-05-23 14:48 - 2011-12-05 11:35 - 00000000 ____D () C:\Documents and Settings\Valued Customer 2014-05-23 14:44 - 2011-12-05 12:40 - 00001718 ____C () C:\WINDOWS\system32\ROXECDC6Inst.log 2014-05-23 14:39 - 2012-11-12 13:29 - 00000000 ____D () C:\Program Files\QuickTime 2014-05-23 14:15 - 2013-10-04 13:46 - 00000000 ____D () C:\Documents and Settings\Valued Customer\Desktop\New Folder 2014-05-23 14:00 - 2013-07-18 11:06 - 00000456 _____ () C:\WINDOWS\Tasks\At4.job 2014-05-22 21:57 - 2013-12-06 06:49 - 00383989 _____ () C:\WINDOWS\setupapi.log 2014-05-22 11:06 - 2013-07-18 11:06 - 00000456 _____ () C:\WINDOWS\Tasks\At3.job 2014-05-22 10:10 - 2013-07-18 11:06 - 00000456 _____ () C:\WINDOWS\Tasks\At1.job 2014-05-17 09:22 - 2012-11-01 08:31 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-17 09:21 - 2012-11-01 08:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-05-14 09:29 - 2012-04-09 20:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-05-14 09:29 - 2012-01-02 19:20 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-05-11 19:55 - 2012-04-07 15:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-10 11:59 - 2014-05-10 11:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-08 08:14 - 2014-01-20 18:45 - 00000803 _____ () C:\Documents and Settings\Valued Customer\Start Menu\Programs\Internet Explorer.lnk 2014-05-08 08:14 - 2014-01-20 18:45 - 00000000 ____D () C:\Documents and Settings\Valued Customer\Start Menu\Programs\Accessories 2014-05-08 08:13 - 2011-12-05 02:57 - 00000000 ____D () C:\WINDOWS\Help 2014-05-07 23:22 - 2013-01-14 06:01 - 00109977 ____C () C:\WINDOWS\ie8Uninst.log 2014-05-07 23:22 - 2011-12-05 12:33 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-05-07 23:22 - 2011-12-05 03:07 - 01685083 ____C () C:\WINDOWS\iis6.log 2014-05-07 23:22 - 2011-12-05 03:07 - 00704816 ____C () C:\WINDOWS\tsoc.log 2014-05-07 23:22 - 2011-12-05 03:07 - 00521899 ____C () C:\WINDOWS\comsetup.log 2014-05-07 23:22 - 2011-12-05 03:07 - 00314462 ____C () C:\WINDOWS\ntdtcsetup.log 2014-05-07 23:22 - 2011-12-05 03:07 - 00085017 ____C () C:\WINDOWS\ocmsn.log 2014-05-07 23:22 - 2011-12-05 03:07 - 00077800 ____C () C:\WINDOWS\tabletoc.log 2014-05-07 23:22 - 2011-12-05 03:07 - 00001355 _____ () C:\WINDOWS\imsins.log 2014-05-07 23:21 - 2011-12-05 12:32 - 00244087 ____C () C:\WINDOWS\updspapi.log 2014-05-07 23:21 - 2011-12-05 02:57 - 00000000 ____D () C:\WINDOWS\Media 2014-05-07 23:20 - 2011-12-05 03:07 - 01532509 ____C () C:\WINDOWS\FaxSetup.log 2014-05-07 23:20 - 2011-12-05 03:07 - 00741948 ____C () C:\WINDOWS\ocgen.log 2014-05-07 23:20 - 2011-12-05 03:07 - 00472258 ____C () C:\WINDOWS\msmqinst.log 2014-05-07 23:20 - 2011-12-05 03:07 - 00269208 ____C () C:\WINDOWS\netfxocm.log 2014-05-07 23:20 - 2011-12-05 03:07 - 00106048 ____C () C:\WINDOWS\MedCtrOC.log 2014-05-07 23:20 - 2011-12-05 03:07 - 00076885 ____C () C:\WINDOWS\msgsocm.log 2014-05-06 18:04 - 2014-05-06 18:01 - 00005554 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-05-06 18:04 - 2011-12-05 03:07 - 00001355 _____ () C:\WINDOWS\imsins.BAK 2014-05-06 08:57 - 2006-11-07 01:03 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-05-05 22:05 - 2013-12-06 06:53 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-28 15:32 - 2014-04-28 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-04-28 15:32 - 2014-04-23 17:00 - 00014259 _____ () C:\WINDOWS\KB2930275.log 2014-04-28 15:31 - 2014-04-28 15:26 - 00011180 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-04-23 17:15 - 2014-04-23 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-23 17:15 - 2014-04-23 16:48 - 00132021 _____ () C:\WINDOWS\KB2922229.log 2014-04-23 17:15 - 2014-04-23 16:47 - 00131725 _____ () C:\WINDOWS\KB2929961.log 2014-04-23 17:15 - 2014-01-07 00:32 - 00000000 ____D () C:\WINDOWS\system32\cache 2014-04-23 17:14 - 2014-04-23 17:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-04-23 17:14 - 2014-04-23 17:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Yahoo! 2014-04-23 17:14 - 2014-01-20 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2014-04-23 17:05 - 2012-04-06 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-04-23 16:41 - 2014-04-23 16:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect

Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job

Some content of TEMP: ==================== C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsx55.exe C:\Documents and Settings\Valued Customer\Local Settings\Temp\SPSetup.exe C:\Documents and Settings\Valued Customer\Local Settings\Temp\UNINSTALL.EXE

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-05-2014 Ran by Valued Customer at 2014-05-23 22:41:52 Running from C:\Documents and Settings\Valued Customer\Desktop Boot Mode: Normal ==========================================================

==================== Security Center ========================

AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB} AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) Atomic Clock Sync (HKLM\...\Atomic Clock Sync) (Version: - ) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software) Broadcom 440x 10/100 Integrated Controller (HKLM\...\{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}) (Version: 8.03.06 - Broadcom Corporation) Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - ) Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.) DnsBasic 1.0 build 111 (HKLM\...\DnsBasic) (Version: - ) HP Deskjet 3510 series Basic Device Software (HKLM\...\{93E5D4DF-E42D-4E26-9B27-BB6A3CA5AF0C}) (Version: 28.0.989.0 - Hewlett-Packard Co.) HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard) HP Deskjet 3510 series Product Improvement Study (HKLM\...\{E5930634-77B2-46FF-B5B1-EFD86D41E2E9}) (Version: 28.0.989.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12412 - HP) HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4609 - ) IrfanView (remove only) (HKLM\...\IrfanView) (Version: - ) ISO Recorder (HKLM\...\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}) (Version: 2.0.0 - Alex Feinman) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation) Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - CyberLink Corporation) SanDiskSecureAccess_Manager.exe (HKCU\...\@@[email protected]@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER) SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics) The Print Shop Deluxe III (HKLM\...\The Print Shop Deluxe) (Version: - ) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden WinZip (HKLM\...\WinZip) (Version: - ) Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Restore Points =========================

06-05-2014 23:00:44 Software Distribution Service 3.0 07-05-2014 23:52:31 System Checkpoint 08-05-2014 04:14:52 Removed Bing Bar 09-05-2014 04:45:47 System Checkpoint 10-05-2014 16:12:05 System Checkpoint 11-05-2014 16:43:48 System Checkpoint 12-05-2014 16:52:26 System Checkpoint 13-05-2014 17:09:33 System Checkpoint 14-05-2014 22:33:32 System Checkpoint 15-05-2014 22:35:54 System Checkpoint 16-05-2014 23:44:10 System Checkpoint 17-05-2014 23:54:13 System Checkpoint 19-05-2014 02:27:33 System Checkpoint 20-05-2014 02:59:35 System Checkpoint 21-05-2014 03:02:40 System Checkpoint 22-05-2014 03:06:08 System Checkpoint 23-05-2014 19:18:39 Removed Apple Application Support 23-05-2014 19:20:14 Removed Apple Mobile Device Support 23-05-2014 19:22:00 Removed Apple Software Update 23-05-2014 19:39:07 Removed QuickTime 23-05-2014 19:40:31 Removed Roxio Creator DE 23-05-2014 19:41:12 Removed Roxio Activation Module 23-05-2014 19:41:33 Removed Roxio Creator Audio 23-05-2014 19:41:48 Removed Roxio Creator Copy 23-05-2014 19:42:02 Removed Roxio Creator Data 23-05-2014 19:42:16 Removed Roxio Creator Tools 23-05-2014 19:44:19 Removed Roxio Drag-to-Disc 23-05-2014 19:44:45 Removed Roxio Express Labeler 3

==================== Hosts content: ==========================

2004-08-12 03:19 - 2004-08-12 03:19 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2011-12-05 11:56 - 1998-10-17 10:00 - 00033792 _____ () C:\Program Files\WinZip\WZSHLEXT.DLL 2011-12-05 11:50 - 2006-11-01 15:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE 2011-12-05 11:50 - 2006-11-01 15:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll 2014-05-23 13:10 - 2014-05-23 10:56 - 02255872 _____ () C:\Program Files\AVAST Software\Avast\defs\14052300\algo.dll 2014-03-09 15:15 - 2014-03-09 15:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-05-10 11:58 - 2014-05-10 11:59 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-05-14 09:28 - 2014-05-14 09:29 - 16361136 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors: ================== Error: (05/23/2014 10:30:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application frst.exe, version 21.5.2014.0, faulting module , version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [frst.exe!ws!]

Error: (05/23/2014 10:01:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/23/2014 10:01:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/23/2014 09:56:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/23/2014 09:56:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/23/2014 08:12:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/23/2014 08:12:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/23/2014 08:03:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/23/2014 08:03:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (05/23/2014 06:31:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

System errors: ============= Error: (05/23/2014 02:21:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: %%1058

Error: (05/23/2014 02:20:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/22/2014 03:01:38 PM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457) Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.

Error: (05/18/2014 08:47:10 PM) (Source: Dhcp) (EventID: 1002) (User: ) Description: The IP address lease 192.168.0.37 for the Network Card with network address 001422A97FB0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/17/2014 04:31:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Adobe Flash Player Update Service service failed to start due to the following error: %%1053

Error: (05/17/2014 04:31:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.

Error: (05/17/2014 01:56:10 PM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457) Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.

Error: (05/17/2014 01:53:01 PM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457) Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.

Error: (05/17/2014 00:42:01 AM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457) Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.

Error: (05/17/2014 00:39:42 AM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457) Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.

Microsoft Office Sessions: ========================= Error: (05/23/2014 10:30:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: frst.exe21.5.2014.00.0.0.000000000

Error: (05/23/2014 10:01:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/23/2014 10:01:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/23/2014 09:56:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/23/2014 09:56:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/23/2014 08:12:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/23/2014 08:12:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/23/2014 08:03:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (05/23/2014 08:03:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (05/23/2014 06:31:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY) Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

==================== Memory info ===========================

Percentage of memory in use: 66% Total physical RAM: 1015.37 MB Available physical RAM: 339.23 MB Total Pagefile: 2442.4 MB Available Pagefile: 1858.29 MB Total Virtual: 2047.88 MB Available Virtual: 1971.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.25 GB) (Free:21.59 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 5C405C40) Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-05-23 22:45:18 ----------------------------- 22:45:18.296 OS Version: Windows 5.1.2600 Service Pack 3 22:45:18.296 Number of processors: 1 586 0xD08 22:45:18.296 ComputerName: 8783B561B2C0457 UserName: Valued Customer 22:45:19.781 Initialize success 22:45:24.500 AVAST engine defs: 14052300 22:45:37.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 22:45:37.390 Disk 0 Vendor: Hitachi_HTS541040G9AT00 MB2OA61A Size: 38154MB BusType: 3 22:45:37.625 Disk 0 MBR read successfully 22:45:37.625 Disk 0 MBR scan 22:45:37.625 Disk 0 Windows XP default MBR code 22:45:37.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63 22:45:37.656 Disk 0 scanning sectors +78124095 22:45:37.687 Disk 0 scanning C:\WINDOWS\system32\drivers 22:45:47.703 Service scanning 22:46:04.406 Modules scanning 22:46:12.671 Disk 0 trace - called modules: 22:46:12.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS 22:46:12.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d72ab8] 22:46:13.062 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86d35d98] 22:46:13.562 AVAST engine scan C:\WINDOWS 22:46:29.359 AVAST engine scan C:\WINDOWS\system32 22:48:26.843 AVAST engine scan C:\WINDOWS\system32\drivers 22:48:39.078 AVAST engine scan C:\Documents and Settings\Valued Customer 23:11:45.609 AVAST engine scan C:\Documents and Settings\All Users 23:13:46.015 Scan finished successfully 23:15:38.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\MBR.dat" 23:15:38.500 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt"

 
 

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

nice to meet you Pystryker


Hello :) Nice to meet you as well.

For some reason, the logs are all jumbled up and I can't read them. Please re-open the notepad files on your desktop. Are they in neat columns in the file? If they are not, please click on Format at the top and see if Word Wrap is checked. If it is, click it and see if it puts the text into columns.

If they are in neat columns, click anywhere in the window and then hit Ctrl-A to select all of the text, then Ctrl-C to copy all the text. In your next reply, click in the body of the message and hit Ctrl-V to paste the log and let's see if it pastes it correctly. :thumbsup:
  • 0

#5
William Wisdom

William Wisdom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

im sorry about that i dont know what happen i hope its right this time

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-05-2014
Ran by Valued Customer (administrator) on 8783B561B2C0457 on 23-05-2014 22:40:43
Running from C:\Documents and Settings\Valued Customer\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/  
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/  
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\osk.exe
(Microsoft Corporation) C:\WINDOWS\system32\msswchx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-06-06] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-06-06] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2006-11-07] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {5581d4f4-4de3-11e1-9668-001422a97fb0} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {866574c2-6e84-11e3-9a39-0016ce47aa18} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {8d53cf82-328a-11e1-9653-001422a97fb0} - E:\RunClubSanDisk.exe
Startup: C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Documents and Settings\Valued Customer\Application Data\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo...._g_e&fr=conduit
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....erms}&fr=mkg028
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =  
SearchScopes: HKCU - {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKCU - {5320B10F-040D-4C5A-93C6-E20CC123CE96} URL = http://ecostartpage....q={searchTerms}
SearchScopes: HKCU - {536B710E-863A-417A-B905-FFEDADE9AD36} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {59F925C3-024B-4C10-8400-E53E0F826D91} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKCU - {93122B3C-764A-4120-ADA8-06ABC3246CEE} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {AAE0DFD1-128D-42A5-B269-7E7243252B15} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....erms}&fr=mkg028
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} -  No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1323105735812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\e3y9d7tb.default-1399343344640
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: DnsBasic - C:\Program Files\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09]
 
Chrome:  
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.c...&btmpl=authsub"
CHR Extension: (Radio) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2013-01-18]
CHR Extension: (Google Docs) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18]
CHR Extension: (Google Drive) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2013-01-18]
CHR Extension: (Classic Games) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckmoikambnjgjnhaefiklkblfjoolnaf [2013-01-18]
CHR Extension: (Google Search) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18]
CHR Extension: (Pandora) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-01-18]
CHR Extension: (Digital Clock) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-01-18]
CHR Extension: (UNO 3 3D) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnljegjnioppmpieleiegimongopeanj [2013-01-18]
CHR Extension: (Glitterboo) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp [2013-01-18]
CHR Extension: (Faerie Alchemy HD) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imdilajngppdgdbemeighbingnbmpnpl [2013-01-18]
CHR Extension: (Lady Popular) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnamdlacgipmoldlhfgjficjiclhgibm [2013-01-18]
CHR Extension: (Planner 5D) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-01-18]
CHR Extension: (Egypt Crystals) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nkeakaijkcjjkiiomkamofognihfnckl [2013-01-18]
CHR Extension: (My Chrome Theme) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-01-18]
CHR Extension: (Sassy Susan DressUp) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oghdemokodfinoaoiilibelpkmconine [2013-01-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-09]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-09] (AVAST Software)
S3 Imapi Helper; C:\Program Files\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
S2 DnsBasic Service; "C:\Program Files\DnsBasic\dnsbasic.exe" "C:\Program Files\DnsBasic\dnsbasic.dll" jipigizom wososurar
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-03-09] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-03-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-03-09] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-03-09] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-01-20] ()
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2012-10-10] (AnchorFree Inc)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 UsbGps; system32\DRIVERS\lgusbgps.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
U1 WS2IFSL;  
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-23 22:40 - 2014-05-23 22:41 - 00018465 _____ () C:\Documents and Settings\Valued Customer\Desktop\FRST.txt
2014-05-23 22:30 - 2014-05-23 22:40 - 00000000 ____D () C:\FRST
2014-05-23 22:28 - 2014-05-23 22:28 - 01056768 _____ (Farbar) C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
2014-05-10 11:58 - 2014-05-10 11:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 18:01 - 2014-05-06 18:04 - 00005554 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-04-28 15:31 - 2014-04-28 15:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-28 15:26 - 2014-04-28 15:31 - 00011180 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-23 17:15 - 2014-04-23 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-23 17:14 - 2014-04-23 17:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-04-23 17:14 - 2014-04-23 17:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Yahoo!
2014-04-23 17:00 - 2014-04-28 15:32 - 00014259 _____ () C:\WINDOWS\KB2930275.log
2014-04-23 16:48 - 2014-04-23 17:15 - 00132021 _____ () C:\WINDOWS\KB2922229.log
2014-04-23 16:47 - 2014-04-23 17:15 - 00131725 _____ () C:\WINDOWS\KB2929961.log
2014-04-23 16:41 - 2014-04-23 16:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
 
==================== One Month Modified Files and Folders =======
 
2014-05-23 22:41 - 2014-05-23 22:40 - 00018465 _____ () C:\Documents and Settings\Valued Customer\Desktop\FRST.txt
2014-05-23 22:40 - 2014-05-23 22:30 - 00000000 ____D () C:\FRST
2014-05-23 22:28 - 2014-05-23 22:28 - 01056768 _____ (Farbar) C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
2014-05-23 22:25 - 2012-04-09 20:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-23 22:04 - 2013-12-09 14:37 - 00000496 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-05-23 21:26 - 2011-12-05 11:24 - 01432234 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-23 20:40 - 2013-07-18 11:06 - 00000456 _____ () C:\WINDOWS\Tasks\At2.job
2014-05-23 18:49 - 2011-12-05 11:31 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-23 15:17 - 2014-03-09 15:17 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-23 14:54 - 2011-12-05 03:07 - 00521886 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-23 14:51 - 2011-12-05 11:21 - 00046241 ____C () C:\WINDOWS\wmsetup.log
2014-05-23 14:50 - 2004-08-12 03:34 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-23 14:49 - 2011-12-05 11:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-23 14:49 - 2011-12-05 03:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-23 14:49 - 2011-12-05 03:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-23 14:49 - 2006-11-07 01:03 - 00000242 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-23 14:48 - 2011-12-05 11:35 - 00000178 ___SH () C:\Documents and Settings\Valued Customer\ntuser.ini
2014-05-23 14:48 - 2011-12-05 11:35 - 00000000 ____D () C:\Documents and Settings\Valued Customer
2014-05-23 14:44 - 2011-12-05 12:40 - 00001718 ____C () C:\WINDOWS\system32\ROXECDC6Inst.log
2014-05-23 14:39 - 2012-11-12 13:29 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-23 14:15 - 2013-10-04 13:46 - 00000000 ____D () C:\Documents and Settings\Valued Customer\Desktop\New Folder
2014-05-23 14:00 - 2013-07-18 11:06 - 00000456 _____ () C:\WINDOWS\Tasks\At4.job
2014-05-22 21:57 - 2013-12-06 06:49 - 00383989 _____ () C:\WINDOWS\setupapi.log
2014-05-22 11:06 - 2013-07-18 11:06 - 00000456 _____ () C:\WINDOWS\Tasks\At3.job
2014-05-22 10:10 - 2013-07-18 11:06 - 00000456 _____ () C:\WINDOWS\Tasks\At1.job
2014-05-17 09:22 - 2012-11-01 08:31 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:21 - 2012-11-01 08:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-14 09:29 - 2012-04-09 20:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-14 09:29 - 2012-01-02 19:20 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-11 19:55 - 2012-04-07 15:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 11:59 - 2014-05-10 11:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 08:14 - 2014-01-20 18:45 - 00000803 _____ () C:\Documents and Settings\Valued Customer\Start Menu\Programs\Internet Explorer.lnk
2014-05-08 08:14 - 2014-01-20 18:45 - 00000000 ____D () C:\Documents and Settings\Valued Customer\Start Menu\Programs\Accessories
2014-05-08 08:13 - 2011-12-05 02:57 - 00000000 ____D () C:\WINDOWS\Help
2014-05-07 23:22 - 2013-01-14 06:01 - 00109977 ____C () C:\WINDOWS\ie8Uninst.log
2014-05-07 23:22 - 2011-12-05 12:33 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-07 23:22 - 2011-12-05 03:07 - 01685083 ____C () C:\WINDOWS\iis6.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00704816 ____C () C:\WINDOWS\tsoc.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00521899 ____C () C:\WINDOWS\comsetup.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00314462 ____C () C:\WINDOWS\ntdtcsetup.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00085017 ____C () C:\WINDOWS\ocmsn.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00077800 ____C () C:\WINDOWS\tabletoc.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-07 23:21 - 2011-12-05 12:32 - 00244087 ____C () C:\WINDOWS\updspapi.log
2014-05-07 23:21 - 2011-12-05 02:57 - 00000000 ____D () C:\WINDOWS\Media
2014-05-07 23:20 - 2011-12-05 03:07 - 01532509 ____C () C:\WINDOWS\FaxSetup.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00741948 ____C () C:\WINDOWS\ocgen.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00472258 ____C () C:\WINDOWS\msmqinst.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00269208 ____C () C:\WINDOWS\netfxocm.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00106048 ____C () C:\WINDOWS\MedCtrOC.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00076885 ____C () C:\WINDOWS\msgsocm.log
2014-05-06 18:04 - 2014-05-06 18:01 - 00005554 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-06 18:04 - 2011-12-05 03:07 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-05-06 08:57 - 2006-11-07 01:03 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-05 22:05 - 2013-12-06 06:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-28 15:32 - 2014-04-28 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-28 15:32 - 2014-04-23 17:00 - 00014259 _____ () C:\WINDOWS\KB2930275.log
2014-04-28 15:31 - 2014-04-28 15:26 - 00011180 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-23 17:15 - 2014-04-23 17:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-23 17:15 - 2014-04-23 16:48 - 00132021 _____ () C:\WINDOWS\KB2922229.log
2014-04-23 17:15 - 2014-04-23 16:47 - 00131725 _____ () C:\WINDOWS\KB2929961.log
2014-04-23 17:15 - 2014-01-07 00:32 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-04-23 17:14 - 2014-04-23 17:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-04-23 17:14 - 2014-04-23 17:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Yahoo!
2014-04-23 17:14 - 2014-01-20 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2014-04-23 17:05 - 2012-04-06 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-04-23 16:41 - 2014-04-23 16:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsx55.exe
C:\Documents and Settings\Valued Customer\Local Settings\Temp\SPSetup.exe
C:\Documents and Settings\Valued Customer\Local Settings\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-05-2014
Ran by Valued Customer at 2014-05-23 22:41:52
Running from C:\Documents and Settings\Valued Customer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Atomic Clock Sync (HKLM\...\Atomic Clock Sync) (Version:  - )
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}) (Version: 8.03.06 - Broadcom Corporation)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
DnsBasic 1.0 build 111 (HKLM\...\DnsBasic) (Version:  - )
HP Deskjet 3510 series Basic Device Software (HKLM\...\{93E5D4DF-E42D-4E26-9B27-BB6A3CA5AF0C}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{E5930634-77B2-46FF-B5B1-EFD86D41E2E9}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4609 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
ISO Recorder (HKLM\...\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}) (Version: 2.0.0 - Alex Feinman)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@[email protected]@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
The Print Shop Deluxe III (HKLM\...\The Print Shop Deluxe) (Version:  - )
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinZip (HKLM\...\WinZip) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
06-05-2014 23:00:44 Software Distribution Service 3.0
07-05-2014 23:52:31 System Checkpoint
08-05-2014 04:14:52 Removed Bing Bar
09-05-2014 04:45:47 System Checkpoint
10-05-2014 16:12:05 System Checkpoint
11-05-2014 16:43:48 System Checkpoint
12-05-2014 16:52:26 System Checkpoint
13-05-2014 17:09:33 System Checkpoint
14-05-2014 22:33:32 System Checkpoint
15-05-2014 22:35:54 System Checkpoint
16-05-2014 23:44:10 System Checkpoint
17-05-2014 23:54:13 System Checkpoint
19-05-2014 02:27:33 System Checkpoint
20-05-2014 02:59:35 System Checkpoint
21-05-2014 03:02:40 System Checkpoint
22-05-2014 03:06:08 System Checkpoint
23-05-2014 19:18:39 Removed Apple Application Support
23-05-2014 19:20:14 Removed Apple Mobile Device Support
23-05-2014 19:22:00 Removed Apple Software Update
23-05-2014 19:39:07 Removed QuickTime
23-05-2014 19:40:31 Removed Roxio Creator DE
23-05-2014 19:41:12 Removed Roxio Activation Module
23-05-2014 19:41:33 Removed Roxio Creator Audio
23-05-2014 19:41:48 Removed Roxio Creator Copy
23-05-2014 19:42:02 Removed Roxio Creator Data
23-05-2014 19:42:16 Removed Roxio Creator Tools
23-05-2014 19:44:19 Removed Roxio Drag-to-Disc
23-05-2014 19:44:45 Removed Roxio Express Labeler 3
 
==================== Hosts content: ==========================
 
2004-08-12 03:19 - 2004-08-12 03:19 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-12-05 11:56 - 1998-10-17 10:00 - 00033792 _____ () C:\Program Files\WinZip\WZSHLEXT.DLL
2011-12-05 11:50 - 2006-11-01 15:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2011-12-05 11:50 - 2006-11-01 15:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-05-23 13:10 - 2014-05-23 10:56 - 02255872 _____ () C:\Program Files\AVAST Software\Avast\defs\14052300\algo.dll
2014-03-09 15:15 - 2014-03-09 15:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-10 11:58 - 2014-05-10 11:59 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-14 09:28 - 2014-05-14 09:29 - 16361136 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/23/2014 10:30:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 21.5.2014.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [frst.exe!ws!]
 
Error: (05/23/2014 10:01:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (05/23/2014 10:01:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (05/23/2014 09:56:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (05/23/2014 09:56:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (05/23/2014 08:12:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (05/23/2014 08:12:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (05/23/2014 08:03:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (05/23/2014 08:03:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (05/23/2014 06:31:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (05/23/2014 02:21:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error:  
%%1058
 
Error: (05/23/2014 02:20:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/22/2014 03:01:38 PM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457)
Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.
 
Error: (05/18/2014 08:47:10 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.37 for the Network Card with network address 001422A97FB0 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (05/17/2014 04:31:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:  
%%1053
 
Error: (05/17/2014 04:31:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
 
Error: (05/17/2014 01:56:10 PM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457)
Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.
 
Error: (05/17/2014 01:53:01 PM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457)
Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.
 
Error: (05/17/2014 00:42:01 AM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457)
Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.
 
Error: (05/17/2014 00:39:42 AM) (Source: DCOM) (EventID: 10010) (User: 8783B561B2C0457)
Description: The server {F25AF245-4A81-40DC-92F9-E9021F207706} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
Error: (05/23/2014 10:30:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe21.5.2014.00.0.0.000000000
 
Error: (05/23/2014 10:01:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (05/23/2014 10:01:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (05/23/2014 09:56:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (05/23/2014 09:56:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (05/23/2014 08:12:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (05/23/2014 08:12:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (05/23/2014 08:03:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (05/23/2014 08:03:56 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (05/23/2014 06:31:55 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
 
==================== Memory info ===========================  
 
Percentage of memory in use: 66%
Total physical RAM: 1015.37 MB
Available physical RAM: 339.23 MB
Total Pagefile: 2442.4 MB
Available Pagefile: 1858.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:37.25 GB) (Free:21.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 5C405C40)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-23 22:45:18
-----------------------------
22:45:18.296    OS Version: Windows 5.1.2600 Service Pack 3
22:45:18.296    Number of processors: 1 586 0xD08
22:45:18.296    ComputerName: 8783B561B2C0457  UserName: Valued Customer
22:45:19.781    Initialize success
22:45:24.500    AVAST engine defs: 14052300
22:45:37.390    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:45:37.390    Disk 0 Vendor: Hitachi_HTS541040G9AT00 MB2OA61A Size: 38154MB BusType: 3
22:45:37.625    Disk 0 MBR read successfully
22:45:37.625    Disk 0 MBR scan
22:45:37.625    Disk 0 Windows XP default MBR code
22:45:37.640    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        38146 MB offset 63
22:45:37.656    Disk 0 scanning sectors +78124095
22:45:37.687    Disk 0 scanning C:\WINDOWS\system32\drivers
22:45:47.703    Service scanning
22:46:04.406    Modules scanning
22:46:12.671    Disk 0 trace - called modules:
22:46:12.703    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS  
22:46:12.703    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d72ab8]
22:46:13.062    3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86d35d98]
22:46:13.562    AVAST engine scan C:\WINDOWS
22:46:29.359    AVAST engine scan C:\WINDOWS\system32
22:48:26.843    AVAST engine scan C:\WINDOWS\system32\drivers
22:48:39.078    AVAST engine scan C:\Documents and Settings\Valued Customer
23:11:45.609    AVAST engine scan C:\Documents and Settings\All Users
23:13:46.015    Scan finished successfully
23:15:38.500    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\MBR.dat"
23:15:38.500    The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt"
 


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

im sorry about that i dont know what happen i hope its right this time


No worries :thumbsup: :)


We have some work to do, so let's get started.

Step 1: Windows XP End of Life and Program Uninstalls

Windows XP Advice

With the end support for Windows XP, machines running this OS are more vulnerable than ever. There will be no more updates to close any found vulnerabilities in the software.

Please consider an upgrade to Windows 7. You can check and see if your machine is capable of running it by clicking the link below:

Windows 7 Upgrade Advisor


Program Uninstalls

Please uinstall the following program from your machine:

DNSBasic 1.0


Step 2: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
SearchScopes: HKCU - {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKCU - {5320B10F-040D-4C5A-93C6-E20CC123CE96} URL = http://ecostartpage....q={searchTerms}
SearchScopes: HKCU - {536B710E-863A-417A-B905-FFEDADE9AD36} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {59F925C3-024B-4C10-8400-E53E0F826D91} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Extension: DnsBasic - C:\Program Files\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-05-10]
S2 DnsBasic Service; "C:\Program Files\DnsBasic\dnsbasic.exe" "C:\Program Files\DnsBasic\dnsbasic.dll" jipigizom wososurar
C:\Program Files\DnsBasic
2014-04-23 16:41 - 2014-04-23 16:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
C:\Windows\Tasks\At*.job
2004-08-12 03:19 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Too

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Temporary File Cleaner

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 6: Fresh FRST Scan

Start Farbar's Recovery Scan Tool and press the Scan button.

FRST will scan your system and produce one log this time.

Please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST Scan Log (FRST.txt)

Question: How is the computer running now?

  • 0

#7
William Wisdom

William Wisdom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

its running  a litte better know and here are the logs you requested

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-05-2014 1
Ran by Valued Customer at 2014-05-24 15:04:50 Run:1
Running from C:\Documents and Settings\Valued Customer\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
SearchScopes: HKCU - {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKCU - {5320B10F-040D-4C5A-93C6-E20CC123CE96} URL = http://ecostartpage....q={searchTerms}
SearchScopes: HKCU - {536B710E-863A-417A-B905-FFEDADE9AD36} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {59F925C3-024B-4C10-8400-E53E0F826D91} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Extension: DnsBasic - C:\Program Files\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-05-10]
S2 DnsBasic Service; "C:\Program Files\DnsBasic\dnsbasic.exe" "C:\Program Files\DnsBasic\dnsbasic.dll" jipigizom wososurar
C:\Program Files\DnsBasic
2014-04-23 16:41 - 2014-04-23 16:41 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
C:\Windows\Tasks\At*.job
2004-08-12 03:19 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
End
*****************
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5320B10F-040D-4C5A-93C6-E20CC123CE96} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5320B10F-040D-4C5A-93C6-E20CC123CE96} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{536B710E-863A-417A-B905-FFEDADE9AD36} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{536B710E-863A-417A-B905-FFEDADE9AD36} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59F925C3-024B-4C10-8400-E53E0F826D91} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{59F925C3-024B-4C10-8400-E53E0F826D91} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\!{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} => Moved successfully.
DnsBasic Service => Service deleted successfully.
C:\Program Files\DnsBasic => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect => Moved successfully.
C:\Windows\Tasks\At*.job => Moved successfully.
"C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":B54E4B5A" ADS removed successfully.
 
==== End of Fixlog ====

 

 

# AdwCleaner v3.210 - Report created 24/05/2014 at 15:19:10
# Updated 19/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Valued Customer - 8783B561B2C0457
# Running from : C:\Documents and Settings\Valued Customer\Desktop\adwcleaner_3.210.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : DnsBasic Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\WINDOWS\system32\hotspot shield
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\FileTypeAssistant
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\visi_coupon
Folder Deleted : C:\Documents and Settings\Valued Customer\AppData\LocalLow\DataMngr
Folder Deleted : C:\Documents and Settings\Valued Customer\Application Data\SearchProtect
File Deleted : C:\END
File Deleted : C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\Uninstall.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v6.0.2900.5512
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\e3y9d7tb.default-1399343344640\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=ieb&appid=100&systemid=2&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={5232C620-2A01-4898-8E46-F359EDD6A55C}&mid=15da2e04517947d0bb17d15d644d9643-550bc7a85795ba4b0e3a92ccb8abb4ea19ad0497&lang=en&ds=AVG&pr=fr&d=2013-01-15 20:34:01&v=13.3.0.17&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=100&systemid=2&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://uk.ask.com/ar?siteid=38302770&qsrc=999&l=dis&x=-401&y=-200&q={searchTerms}
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
*************************
 
AdwCleaner[R0].txt - [10480 octets] - [24/05/2014 15:17:33]
AdwCleaner[S0].txt - [10397 octets] - [24/05/2014 15:19:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10458 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Valued Customer on Sat 05/24/2014 at 15:31:28.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011461139}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\Valued Customer\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\Valued Customer\Application Data\pcpro"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/24/2014 at 15:38:53.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-05-2014 1
Ran by Valued Customer (administrator) on 8783B561B2C0457 on 24-05-2014 15:55:14
Running from C:\Documents and Settings\Valued Customer\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/  
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/  
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-06-06] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-06-06] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2006-11-07] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {5581d4f4-4de3-11e1-9668-001422a97fb0} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {866574c2-6e84-11e3-9a39-0016ce47aa18} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-583907252-1078145449-1177238915-1003\...\MountPoints2: {8d53cf82-328a-11e1-9653-001422a97fb0} - E:\RunClubSanDisk.exe
Startup: C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Documents and Settings\Valued Customer\Application Data\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {93122B3C-764A-4120-ADA8-06ABC3246CEE} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {AAE0DFD1-128D-42A5-B269-7E7243252B15} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....erms}&fr=mkg028
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1323105735812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\e3y9d7tb.default-1399343344640
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09]
 
Chrome:  
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.c...&btmpl=authsub"
CHR Plugin: (Shockwave Flash) - C:\program files\google\chrome\application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\program files\google\chrome\application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files\google\chrome\application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Radio) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2013-01-18]
CHR Extension: (Google Docs) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18]
CHR Extension: (Google Drive) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2013-01-18]
CHR Extension: (Classic Games) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckmoikambnjgjnhaefiklkblfjoolnaf [2013-01-18]
CHR Extension: (Google Search) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18]
CHR Extension: (Pandora) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-01-18]
CHR Extension: (Digital Clock) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-01-18]
CHR Extension: (UNO 3 3D) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnljegjnioppmpieleiegimongopeanj [2013-01-18]
CHR Extension: (Glitterboo) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp [2013-01-18]
CHR Extension: (Faerie Alchemy HD) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imdilajngppdgdbemeighbingnbmpnpl [2013-01-18]
CHR Extension: (Lady Popular) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnamdlacgipmoldlhfgjficjiclhgibm [2013-01-18]
CHR Extension: (Planner 5D) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-01-18]
CHR Extension: (Egypt Crystals) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nkeakaijkcjjkiiomkamofognihfnckl [2013-01-18]
CHR Extension: (My Chrome Theme) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-01-18]
CHR Extension: (Sassy Susan DressUp) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oghdemokodfinoaoiilibelpkmconine [2013-01-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-09]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-09] (AVAST Software)
S3 Imapi Helper; C:\Program Files\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-03-09] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-03-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-03-09] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-03-09] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-01-20] ()
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2012-10-10] (AnchorFree Inc)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 UsbGps; system32\DRIVERS\lgusbgps.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
U1 WS2IFSL;  
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-24 15:41 - 2014-05-24 15:41 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Valued Customer\Desktop\TFC.exe
2014-05-24 15:38 - 2014-05-24 15:38 - 00002174 _____ () C:\Documents and Settings\Valued Customer\Desktop\JRT.txt
2014-05-24 15:31 - 2014-05-24 15:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-24 15:30 - 2014-05-24 15:30 - 01016261 _____ (Thisisu) C:\Documents and Settings\Valued Customer\Desktop\JRT.exe
2014-05-24 15:23 - 2014-05-24 15:23 - 00010539 _____ () C:\Documents and Settings\Valued Customer\Desktop\AdwCleaner[S0].txt
2014-05-24 15:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-24 15:13 - 2014-05-24 15:19 - 00000000 ____D () C:\AdwCleaner
2014-05-24 15:12 - 2014-05-24 15:12 - 01326389 _____ () C:\Documents and Settings\Valued Customer\Desktop\adwcleaner_3.210.exe
2014-05-24 15:03 - 2014-05-24 15:03 - 00000000 ____D () C:\Documents and Settings\Valued Customer\Desktop\FRST-OlderVersion
2014-05-23 23:15 - 2014-05-23 23:15 - 00001892 _____ () C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt
2014-05-23 23:15 - 2014-05-23 23:15 - 00000512 _____ () C:\Documents and Settings\Valued Customer\Desktop\MBR.dat
2014-05-23 22:44 - 2014-05-23 22:45 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Valued Customer\Desktop\aswmbr.exe
2014-05-23 22:41 - 2014-05-23 22:42 - 00019165 _____ () C:\Documents and Settings\Valued Customer\Desktop\Addition.txt
2014-05-23 22:40 - 2014-05-24 15:56 - 00018603 _____ () C:\Documents and Settings\Valued Customer\Desktop\FRST.txt
2014-05-23 22:30 - 2014-05-24 15:55 - 00000000 ____D () C:\FRST
2014-05-23 22:28 - 2014-05-24 15:03 - 01055232 _____ (Farbar) C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
2014-05-10 11:58 - 2014-05-10 11:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 18:01 - 2014-05-06 18:04 - 00005554 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-04-28 15:31 - 2014-04-28 15:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-28 15:26 - 2014-04-28 15:31 - 00011180 _____ () C:\WINDOWS\KB2936068-IE8.log
 
==================== One Month Modified Files and Folders =======
 
2014-05-24 15:56 - 2014-05-23 22:40 - 00018603 _____ () C:\Documents and Settings\Valued Customer\Desktop\FRST.txt
2014-05-24 15:55 - 2014-05-23 22:30 - 00000000 ____D () C:\FRST
2014-05-24 15:54 - 2011-12-05 03:07 - 00521886 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-24 15:51 - 2011-12-05 11:24 - 01449660 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-24 15:50 - 2014-03-09 15:17 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-24 15:50 - 2011-12-05 11:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-24 15:50 - 2011-12-05 03:09 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-05-24 15:50 - 2011-12-05 03:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-24 15:50 - 2006-11-07 01:03 - 00000242 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-24 15:50 - 2004-08-12 03:34 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-24 15:49 - 2013-12-09 14:37 - 00000496 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-05-24 15:49 - 2011-12-05 11:35 - 00000178 ___SH () C:\Documents and Settings\Valued Customer\ntuser.ini
2014-05-24 15:49 - 2011-12-05 11:31 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-24 15:41 - 2014-05-24 15:41 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Valued Customer\Desktop\TFC.exe
2014-05-24 15:38 - 2014-05-24 15:38 - 00002174 _____ () C:\Documents and Settings\Valued Customer\Desktop\JRT.txt
2014-05-24 15:31 - 2014-05-24 15:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-24 15:30 - 2014-05-24 15:30 - 01016261 _____ (Thisisu) C:\Documents and Settings\Valued Customer\Desktop\JRT.exe
2014-05-24 15:25 - 2012-04-09 20:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-24 15:23 - 2014-05-24 15:23 - 00010539 _____ () C:\Documents and Settings\Valued Customer\Desktop\AdwCleaner[S0].txt
2014-05-24 15:19 - 2014-05-24 15:13 - 00000000 ____D () C:\AdwCleaner
2014-05-24 15:12 - 2014-05-24 15:12 - 01326389 _____ () C:\Documents and Settings\Valued Customer\Desktop\adwcleaner_3.210.exe
2014-05-24 15:03 - 2014-05-24 15:03 - 00000000 ____D () C:\Documents and Settings\Valued Customer\Desktop\FRST-OlderVersion
2014-05-24 15:03 - 2014-05-23 22:28 - 01055232 _____ (Farbar) C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
2014-05-23 23:15 - 2014-05-23 23:15 - 00001892 _____ () C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt
2014-05-23 23:15 - 2014-05-23 23:15 - 00000512 _____ () C:\Documents and Settings\Valued Customer\Desktop\MBR.dat
2014-05-23 22:45 - 2014-05-23 22:44 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Valued Customer\Desktop\aswmbr.exe
2014-05-23 22:42 - 2014-05-23 22:41 - 00019165 _____ () C:\Documents and Settings\Valued Customer\Desktop\Addition.txt
2014-05-23 14:51 - 2011-12-05 11:21 - 00046241 ____C () C:\WINDOWS\wmsetup.log
2014-05-23 14:48 - 2011-12-05 11:35 - 00000000 ____D () C:\Documents and Settings\Valued Customer
2014-05-23 14:44 - 2011-12-05 12:40 - 00001718 ____C () C:\WINDOWS\system32\ROXECDC6Inst.log
2014-05-23 14:39 - 2012-11-12 13:29 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-23 14:15 - 2013-10-04 13:46 - 00000000 ____D () C:\Documents and Settings\Valued Customer\Desktop\New Folder
2014-05-22 21:57 - 2013-12-06 06:49 - 00383989 _____ () C:\WINDOWS\setupapi.log
2014-05-17 09:22 - 2012-11-01 08:31 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:21 - 2012-11-01 08:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-14 09:29 - 2012-04-09 20:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-14 09:29 - 2012-01-02 19:20 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-11 19:55 - 2012-04-07 15:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 11:59 - 2014-05-10 11:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 08:14 - 2014-01-20 18:45 - 00000803 _____ () C:\Documents and Settings\Valued Customer\Start Menu\Programs\Internet Explorer.lnk
2014-05-08 08:14 - 2014-01-20 18:45 - 00000000 ____D () C:\Documents and Settings\Valued Customer\Start Menu\Programs\Accessories
2014-05-08 08:13 - 2011-12-05 02:57 - 00000000 ____D () C:\WINDOWS\Help
2014-05-07 23:22 - 2013-01-14 06:01 - 00109977 ____C () C:\WINDOWS\ie8Uninst.log
2014-05-07 23:22 - 2011-12-05 12:33 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-07 23:22 - 2011-12-05 03:07 - 01685083 ____C () C:\WINDOWS\iis6.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00704816 ____C () C:\WINDOWS\tsoc.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00521899 ____C () C:\WINDOWS\comsetup.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00314462 ____C () C:\WINDOWS\ntdtcsetup.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00085017 ____C () C:\WINDOWS\ocmsn.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00077800 ____C () C:\WINDOWS\tabletoc.log
2014-05-07 23:22 - 2011-12-05 03:07 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-07 23:21 - 2011-12-05 12:32 - 00244087 ____C () C:\WINDOWS\updspapi.log
2014-05-07 23:21 - 2011-12-05 02:57 - 00000000 ____D () C:\WINDOWS\Media
2014-05-07 23:20 - 2011-12-05 03:07 - 01532509 ____C () C:\WINDOWS\FaxSetup.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00741948 ____C () C:\WINDOWS\ocgen.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00472258 ____C () C:\WINDOWS\msmqinst.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00269208 ____C () C:\WINDOWS\netfxocm.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00106048 ____C () C:\WINDOWS\MedCtrOC.log
2014-05-07 23:20 - 2011-12-05 03:07 - 00076885 ____C () C:\WINDOWS\msgsocm.log
2014-05-06 18:04 - 2014-05-06 18:01 - 00005554 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-06 18:04 - 2011-12-05 03:07 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-05-06 08:57 - 2006-11-07 01:03 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-05 22:05 - 2013-12-06 06:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-28 15:32 - 2014-04-28 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-28 15:32 - 2014-04-23 17:00 - 00014259 _____ () C:\WINDOWS\KB2930275.log
2014-04-28 15:31 - 2014-04-28 15:26 - 00011180 _____ () C:\WINDOWS\KB2936068-IE8.log
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

its running a litte better know and here are the logs you requested


Looking good, I see a couple of items that need to be removed, but let's run a sweep for remnants and check for any out of date programs on your machine first. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#9
William Wisdom

William Wisdom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

i thank this is the eset scan log

 

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57d9caf2d0f7414bbc6cd467b01115ec
# engine=18399
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-24 11:14:29
# local_time=2014-05-24 06:14:29 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 71 76 6490711 237179636 0 0
# scanned=39507
# found=5
# cleaned=0
# scan_time=2181
sh=9FE1F2B1FB6F2E1BBBE7B068CD5F79832C36BE39 ft=1 fh=526118062f73ede6 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\Valued Customer\Application Data\SearchProtect\Res\SPSetup.exe.vir"
sh=F4F2E1AEAC893207C23FD85BF4E22044811114FD ft=1 fh=8f4bdf14802df49f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Valued Customer\.frostwire5\updates\frostwire-5.5.1.windows.exe"
sh=52FD1CAB5E1CAF9749632E8F212DC0BAD2E1274A ft=1 fh=c71c001128bc6050 vn="a variant of Win32/Adware.OneStep.CG application" ac=I fn="C:\FRST\Quarantine\C\Program Files\DnsBasic\dnsbasic.dll"
sh=5670E93A2679CCB54AA0AA99B6D603951572C552 ft=0 fh=0000000000000000 vn="Win32/Adware.OneStep application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}\chrome\dnsbasic.jar"
sh=69595AF44CCF38529A1B60B104155B4B9AC56488 ft=1 fh=3c59a9600311861f vn="a variant of Win32/PCCleaners potentially unwanted application" ac=I fn="C:\WINDOWS\uninst.exe"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57d9caf2d0f7414bbc6cd467b01115ec
# engine=18399
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-24 11:25:32
# local_time=2014-05-24 06:25:32 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 71 76 6491374 237180061 0 0
# scanned=12
# found=0
# cleaned=0
# scan_time=23

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2014
Scan Time: 4:57:47 PM
Logfile: 1222.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.08
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Valued Customer
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 263832
Time Elapsed: 13 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-583907252-1078145449-1177238915-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [5db2ce86fd7ea98d7e2b6cc4f80a6997],  
PUP.Optional.Qwiklinx.A, HKU\S-1-5-21-583907252-1078145449-1177238915-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3E7C8B5A-96AB-438F-BF9B-782400655440}, Quarantined, [97787ada8af1a6907f2f6ac37f8310f0],  
PUP.Optional.Qwiklinx.A, HKU\S-1-5-21-583907252-1078145449-1177238915-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3E7C8B5A-96AB-438F-BF9B-782400655440}, Quarantined, [97787ada8af1a6907f2f6ac37f8310f0],  
PUP.Optional.ShopToWin, HKU\S-1-5-21-583907252-1078145449-1177238915-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EE146ACC-D881-1414-2148-B1D008B47ADB}, Quarantined, [97780054661556e0efb3d164ec169f61],  
PUP.Optional.ShopToWin, HKU\S-1-5-21-583907252-1078145449-1177238915-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EE146ACC-D881-1414-2148-B1D008B47ADB}, Quarantined, [97780054661556e0efb3d164ec169f61],  
PUP.Optional.ShopToWin, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EE146ACC-D881-1414-2148-B1D008B47ADB}, Quarantined, [97780054661556e0efb3d164ec169f61],  
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 2
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[33dcf3617a0137ffe4baba97a46043bd]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[19f6d08491ea6fc79d0387ca2ed609f7]
 
Folders: 26
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\common, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\common\proppage, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\msgboxplugin, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\css, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\weatherplugin, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\weatherplugin\proppage, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\util, Quarantined, [0f0030248af1b1853078720bfc06758b],  
 
Files: 167
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\bookmarksplugin.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\emailchecker.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\msgboxplugin.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\radioplugin.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\rssreader.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\searchcomponent.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\weatherplugin.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\drag-drop-folder-tree.css, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\drag-drop-folder-tree.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\dummy.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\editDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\importDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\labelDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\manageDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\menuarrow.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\removeDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\bookmark_on.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\context-menu-gradient.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\dhtmlgoodies_folder.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\dhtmlgoodies_minus.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\dhtmlgoodies_plus.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\dhtmlgoodies_sheet.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\dragDrop_ind1.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\dragDrop_ind2.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\folder_close.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\folder_dots.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\folder_folder.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\folder_lastsub.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\folder_open.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images\folder_sub.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\common\proppage\container.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\common\proppage\loading.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\accountDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\configure.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\pwdDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets\jscompatibilitylib.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets\jsgeneral.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets\jsimage.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets\jslabel.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets\jslistview.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets\jslistviewitem.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets\jsstyle.css, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\emailchecker\proppage\widgets\jstranslation.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\msgboxplugin\bubble.xsl, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\msgboxplugin\popup.xsl, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\ui-vol.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\ui.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\css\boxsizing.htc, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\css\winclassic.css, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_stop_over.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\audio.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_dropdwn_down.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_dropdwn_over.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_dropdwn_up.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_max_down.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_max_over.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_max_up.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_min_down.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_min_over.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_min_up.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_pause_down.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_pause_over.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_pause_up.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_playcntrl_over.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_playcntrl_up.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_play_down.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_play_over.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_play_up.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_stop_down.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_stop_up.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_volcntrl_over.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\btn_volcntrl_up.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\efolder.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\equalizer.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\equalizer_loading.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\folder.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\podcast.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\radio.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\radio.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\radio_minimalized.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\radio_minimalized_old.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\radio_old.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\volslide_bg.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\vol_01.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\vol_02.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\images\vol_03.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\js\range.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\js\slider.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\js\timer.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\drag-drop-folder-tree.css, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\drag-drop-folder-tree.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\folderDeleteDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\folderEditDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\mediaAddDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\mediaEditDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\mediaSearchDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\optionsDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\tabctrl.css, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\tabctrl.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\context-menu-gradient.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\dhtmlgoodies_folder.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\dhtmlgoodies_minus.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\dhtmlgoodies_plus.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\dhtmlgoodies_sheet.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\dragDrop_ind1.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\dragDrop_ind2.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\dummy.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\folder.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\folder_close.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\folder_dots.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\folder_folder.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\folder_lastsub.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\folder_open.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\folder_sub.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\itemAudio.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\itemPodcast.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\images\itemRadio.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets\jscompatibilitylib.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets\jsgeneral.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets\jsimage.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets\jslabel.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets\jslistview.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets\jslistviewitem.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets\jsstyle.css, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\radioplugin\proppage\widgets\jstranslation.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\atom2rss.xsl, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\rdf2rss.xsl, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\transform.xsl, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\channelEditDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\configureDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\drag-drop-folder-tree.css, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\drag-drop-folder-tree.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\folderDeleteDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\folderEditDlg.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\context-menu-gradient.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\dhtmlgoodies_folder.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\dhtmlgoodies_minus.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\dhtmlgoodies_plus.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\dhtmlgoodies_sheet.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\dragDrop_ind1.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\dragDrop_ind2.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\feed.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\folder.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\folder_close.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\folder_dots.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\folder_folder.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\folder_lastsub.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\folder_open.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\rssreader\proppage\images\folder_sub.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent\defsearch.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent\droparrow.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent\droparrow_over.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent\logoyahoo.bmp, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent\menuarrow.gif, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent\transform.xsl, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent\ui-ac.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\searchcomponent\ui.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\weatherplugin\bubble.xsl, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\weatherplugin\dummy.png, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\weatherplugin\proppage\search_location.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\res\weatherplugin\proppage\settings.html, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\util\commalist.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\util\commands.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\util\consts.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\util\dialogs.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\util\json.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
PUP.Optional.ShopToWin.A, C:\Program Files\Shop to Win 27\js_components\util\utils.js, Quarantined, [0f0030248af1b1853078720bfc06758b],  
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

 Results of screen317's Security Check version 0.99.83   
 Windows XP Service Pack 3 x86    
 Internet Explorer 6 Out of date!  
``````````````Antivirus/Firewall Check:``````````````  
 Windows Firewall Enabled!   
PC Cleaner Pro      
avast! Antivirus    
 Antivirus up to date! (On Access scanning disabled!)  
`````````Anti-malware/Other Utilities Check:`````````  
 Java 7 Update 51   
 Java version out of Date!  
 Adobe Flash Player     13.0.0.214   
 Adobe Reader XI   
 Mozilla Firefox (29.0.1)  
````````Process Check: objlist.exe by Laurent````````   
 Malwarebytes Anti-Malware mbamservice.exe   
 Malwarebytes Anti-Malware mbam.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe    
 AVAST Software Avast AvastSvc.exe   
 AVAST Software Avast AvastUI.exe   
`````````````````System Health check`````````````````  
 Total Fragmentation on Drive C:: 9%  
````````````````````End of Log``````````````````````


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Excellent :) ESET found only a few things, and MBAM didn't find anything serious other than PUP's that it quarantined. Let's clear the ones ESET found out.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
HKLM\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
2004-08-12 03:19 - 2004-08-12 03:19 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
C:\WINDOWS\uninst.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

  • 0

Advertisements


#11
William Wisdom

William Wisdom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-05-2014 1
Ran by Valued Customer at 2014-05-24 19:08:57 Run:2
Running from C:\Documents and Settings\Valued Customer\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
2004-08-12 03:19 - 2004-08-12 03:19 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
C:\WINDOWS\uninst.exe
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
C:\WINDOWS\system32\Drivers\etc\hosts => Moved successfully.
C:\WINDOWS\uninst.exe => Moved successfully.
 
==== End of Fixlog ====


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :) How is the machine running?
  • 0

#13
William Wisdom

William Wisdom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

its running better and not freezing up like it was


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

its running better and not freezing up like it was


Good :) Then I'll tidy up and give you some information that will help protect you in the future.


Step 1: Tool Removal and Creation of a Clean Restore Point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Java Warning, Program Updates, and Installation of FileHippo


A word about Java

Your current version of Java is out of date, however, please read the information below before updating it.

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa
  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Installation of FileHippo

Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Protection Against CryptoLocker

Do not use P2P programs to download media, files, etc. The large majority of them are infected.

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg

Please post the DelFix log so I can make sure everything has been properly removed and the new restore point created.
  • 0

#15
William Wisdom

William Wisdom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

# DelFix v10.7 - Logfile created 24/05/2014 at 19:47:57
# Updated 27/04/2014 by Xplode
# Username : Valued Customer - 8783B561B2C0457
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Valued Customer\Desktop\FRST-OlderVersion
Deleted : C:\Documents and Settings\Valued Customer\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Valued Customer\Desktop\AdwCleaner[S0].txt
Deleted : C:\Documents and Settings\Valued Customer\Desktop\adwcleaner_3.210.exe
Deleted : C:\Documents and Settings\Valued Customer\Desktop\aswmbr.exe
Deleted : C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt
Deleted : C:\Documents and Settings\Valued Customer\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Documents and Settings\Valued Customer\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Valued Customer\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Valued Customer\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Valued Customer\Desktop\FRST5.txt
Deleted : C:\Documents and Settings\Valued Customer\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Valued Customer\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Valued Customer\Desktop\loges.txt
Deleted : C:\Documents and Settings\Valued Customer\Desktop\MBR.dat
Deleted : C:\Documents and Settings\Valued Customer\Desktop\SecurityCheck.exe
Deleted : C:\Documents and Settings\Valued Customer\Desktop\TFC.exe
Deleted : C:\Documents and Settings\Valued Customer\My Documents\Downloads\Extras.Txt
Deleted : C:\Documents and Settings\Valued Customer\My Documents\Downloads\OTL.Txt
Deleted : C:\Documents and Settings\Valued Customer\My Documents\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #456 [Software Distribution Service 3.0 | 05/06/2014 23:00:44]
Deleted : RP #457 [System Checkpoint | 05/07/2014 23:52:31]
Deleted : RP #458 [Removed Bing Bar | 05/08/2014 04:14:52]
Deleted : RP #459 [System Checkpoint | 05/09/2014 04:45:47]
Deleted : RP #460 [System Checkpoint | 05/10/2014 16:12:05]
Deleted : RP #461 [System Checkpoint | 05/11/2014 16:43:48]
Deleted : RP #462 [System Checkpoint | 05/12/2014 16:52:26]
Deleted : RP #463 [System Checkpoint | 05/13/2014 17:09:33]
Deleted : RP #464 [System Checkpoint | 05/14/2014 22:33:32]
Deleted : RP #465 [System Checkpoint | 05/15/2014 22:35:54]
Deleted : RP #466 [System Checkpoint | 05/16/2014 23:44:10]
Deleted : RP #467 [System Checkpoint | 05/17/2014 23:54:13]
Deleted : RP #468 [System Checkpoint | 05/19/2014 02:27:33]
Deleted : RP #469 [System Checkpoint | 05/20/2014 02:59:35]
Deleted : RP #470 [System Checkpoint | 05/21/2014 03:02:40]
Deleted : RP #471 [System Checkpoint | 05/22/2014 03:06:08]
Deleted : RP #472 [Removed Apple Application Support | 05/23/2014 19:18:39]
Deleted : RP #473 [Removed Apple Mobile Device Support | 05/23/2014 19:20:14]
Deleted : RP #474 [Removed Apple Software Update | 05/23/2014 19:22:00]
Deleted : RP #475 [Removed QuickTime | 05/23/2014 19:39:07]
Deleted : RP #476 [Removed Roxio Creator DE | 05/23/2014 19:40:31]
Deleted : RP #477 [Removed Roxio Activation Module | 05/23/2014 19:41:12]
Deleted : RP #478 [Removed Roxio Creator Audio | 05/23/2014 19:41:33]
Deleted : RP #479 [Removed Roxio Creator Copy | 05/23/2014 19:41:48]
Deleted : RP #480 [Removed Roxio Creator Data | 05/23/2014 19:42:02]
Deleted : RP #481 [Removed Roxio Creator Tools | 05/23/2014 19:42:16]
Deleted : RP #482 [Removed Roxio Drag-to-Disc | 05/23/2014 19:44:19]
Deleted : RP #483 [Removed Roxio Express Labeler 3 | 05/23/2014 19:44:45]
Deleted : RP #484 [System Checkpoint | 05/24/2014 22:48:14]
 
New restore point created !
 
########## - EOF - ##########


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP