Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hope for an Old Age Machine [Closed]


  • This topic is locked This topic is locked

#1
rocket985

rocket985

    Member

  • Member
  • PipPip
  • 64 posts

I have an old (not sure how old) computer running XP.  It has slowed down in the past few years but now is freezing for random amounts of time during browsing. 

 

I've used the forum before for other devices.  So I was suprised when OTL produced a second output file 'Extras'.  I've included it.

 

Thanks

 

 

 

 

OTL logfile created on: 9/4/2014 11:00:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
502.08 Mb Total Physical Memory | 29.19 Mb Available Physical Memory | 5.81% Memory free
1.20 Gb Paging File | 0.69 Gb Available in Paging File | 57.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.92 Gb Total Space | 10.30 Gb Free Space | 14.53% Space Free | Partition Type: NTFS
 
Computer Name: JOHN-D0FA019223 | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/04 10:32:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
PRC - [2014/08/04 15:46:45 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/08/04 15:45:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/30 15:25:40 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/02/06 18:09:56 | 000,046,184 | R--- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1239305799\ee\aolsoftware.exe
PRC - [2008/09/17 17:17:50 | 003,002,368 | ---- | M] (Foxconn Corporation) -- C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
PRC - [2008/04/13 20:12:36 | 000,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spider.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/27 13:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/04 10:28:14 | 002,844,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14090400\algo.dll
MOD - [2014/08/04 15:45:50 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/08/04 15:45:47 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/07/30 15:25:38 | 003,800,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/07/02 05:17:41 | 000,059,392 | ---- | M] () -- c:\Program Files\Common Files\AOL\1239305799\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\quartz.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll
MOD - [2007/01/18 10:29:22 | 000,102,400 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ASupplicant.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\001581~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0015811315916576mcinstcleanup)
SRV - [2014/08/04 15:45:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/30 15:25:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/08 23:45:08 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/06 18:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2003/08/27 13:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\npf.sys -- (NPF)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/08/04 15:46:38 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswsp.sys -- (aswSP)
DRV - [2014/08/04 15:45:52 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSnx.sys -- (aswSnx)
DRV - [2014/08/04 15:45:52 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/08/04 15:45:52 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/08/04 15:45:52 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2014/08/04 15:45:52 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2014/08/04 15:45:52 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/08/04 15:45:52 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswHwid.sys -- (aswHwid)
DRV - [2013/04/24 07:01:05 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/09/06 08:14:02 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wn311b.sys -- (BCM43XX)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\AWINDIS5.SYS -- (AWINDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {5C360052-17AB-43B1-8402-ADFE4EA4B852}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{5C360052-17AB-43B1-8402-ADFE4EA4B852}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3201318
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...x-en-us&query="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\6.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/04 15:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/07/30 15:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/07/30 15:25:17 | 000,000,000 | ---D | M]
 
[2012/10/20 09:02:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Extensions
[2014/08/08 06:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\extensions
[2012/04/04 06:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/02 11:10:41 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2010/01/01 14:31:48 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\aol-search.xml
[2012/09/21 19:23:06 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\Search_Results.xml
[2014/07/30 15:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/07/30 15:25:11 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2014/07/30 15:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/30 15:25:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/08/04 15:45:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
 
O1 HOSTS File: ([2013/12/03 10:36:01 | 000,000,741 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O4 - HKLM..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe (Foxconn Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1239305799\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [zzzHPSETUP] D:\Setup.exe File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.7b\AOL.EXE (AOL Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\dad.JOHN-D0FA019223\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1358090013593 (MUWebControl Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A6C7A2-6512-4FBB-9A0D-091A528B5FE3}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/31 08:27:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/04 10:32:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
[2014/08/08 06:23:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2009/02/09 20:51:36 | 009,788,656 | ---- | C] (Macrovision Corporation) -- C:\Program Files\SF_ENG.exe
[2005/06/06 17:35:53 | 002,421,544 | ---- | C] (Cisco Linksys Inc.                                          ) -- C:\Program Files\Linksys_QuickVPN_1028.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/04 10:44:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/09/04 10:32:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
[2014/09/04 10:04:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/09/04 03:46:06 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/09/01 22:02:55 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/09/01 22:02:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/09/01 22:02:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/24 08:45:00 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat
[2014/08/11 10:13:28 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/10 06:50:05 | 000,463,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/08/10 06:50:05 | 000,080,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/08/08 15:05:12 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
========== Files Created - No Company Name ==========
 
[2014/08/24 08:45:00 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat
[2014/08/04 15:46:20 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/20 15:33:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/01 13:04:42 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2013/03/17 18:41:47 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/17 18:41:45 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2010/08/02 14:02:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\jagex__preferences3.dat
[2010/05/23 10:01:55 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 12:54:23 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\jagex_runescape_preferences2.dat
[2009/08/15 16:44:29 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\jagex_runescape_preferences.dat
[2005/06/15 06:45:29 | 004,229,261 | ---- | C] () -- C:\Program Files\aawseplus.exe
[2005/06/06 17:38:33 | 000,045,456 | ---- | C] () -- C:\Program Files\tftp.exe
[2005/06/06 08:39:10 | 000,366,680 | ---- | C] () -- C:\Program Files\WRK54G_v1.55.02_FCC_code.bin
[2005/05/28 14:41:01 | 002,855,080 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
[2005/05/24 12:30:05 | 032,175,728 | ---- | C] () -- C:\Program Files\sj652en.exe
 
========== ZeroAccess Check ==========
 
[2009/07/28 18:06:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 21:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/08/06 06:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/03 08:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012/09/21 19:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2009/04/21 00:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IMSIDesign
[2012/10/28 13:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2014/04/01 05:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache
[2009/04/10 19:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Uninstall
[2011/01/22 11:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2014/02/16 13:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Western Digital
[2010/05/04 19:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/12 19:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/28 19:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\.minecraft
[2014/03/29 08:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Adblock Plus for IE
[2013/12/03 14:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\AVAST Software
[2012/04/11 07:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\ieSpell
[2009/04/13 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Juniper Networks
[2009/05/13 11:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Leadertech
[2012/06/06 21:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Oracle
[2012/09/24 19:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\searchquband
[2011/06/07 17:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Unity
[2010/02/07 17:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\W Photo Studio
[2010/02/07 20:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\W Photo Studio Viewer
[2010/10/28 19:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\webex
[2011/08/30 10:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\WinPatrol
 
========== Purity Check ==========
 
 

< End of report >
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

OTL Extras logfile created on: 9/4/2014 11:00:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
502.08 Mb Total Physical Memory | 29.19 Mb Available Physical Memory | 5.81% Memory free
1.20 Gb Paging File | 0.69 Gb Available in Paging File | 57.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.92 Gb Total Space | 10.30 Gb Free Space | 14.53% Space Free | Partition Type: NTFS
 
Computer Name: JOHN-D0FA019223 | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] --
https [open] --
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1239305799\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1239305799\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL -- (AOL Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AOL 9.5a\waol.exe" = C:\Program Files\AOL 9.5a\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL Desktop 9.6
"C:\Program Files\AOL Desktop 9.6a\waol.exe" = C:\Program Files\AOL Desktop 9.6a\waol.exe:*:Enabled:AOL Desktop 9.6a
"C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\Program Files\AOL Desktop 9.7\waol.exe" = C:\Program Files\AOL Desktop 9.7\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7a\waol.exe" = C:\Program Files\AOL Desktop 9.7a\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7b\waol.exe" = C:\Program Files\AOL Desktop 9.7b\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7b\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.7b\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1047106F-3AED-4661-B919-6D377BF641CF}" = RangeMax™ NEXT Wireless Adapter WN311B
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}" = Adblock Plus for IE (32-bit)
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{fd97d1e2-368a-4cd9-af63-8eeff938044a}" = Adblock Plus for IE
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast" = avast! Free Antivirus
"EPSON Printer and Utilities" = EPSON Printer Software
"GoZone iSync" = GoZone iSync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer Basic
"Scan-To-Web" = HP ScanJet Scan-to-Web Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/2/2014 11:27:25 AM | Computer Name = JOHN-D0FA019223 | Source = Application Error | ID = 1000
Description = Faulting application aolbrowser.exe, version 0.4.41.1, faulting module
 libcef.dll, version 1.1180.705.0, fault address 0x0038c72c.
 
Error - 7/2/2014 3:52:52 PM | Computer Name = JOHN-D0FA019223 | Source = Application Error | ID = 1000
Description = Faulting application aolbrowser.exe, version 0.4.41.1, faulting module
 libcef.dll, version 1.1180.705.0, fault address 0x0038c72c.
 
Error - 7/2/2014 4:01:08 PM | Computer Name = JOHN-D0FA019223 | Source = Application Error | ID = 1000
Description = Faulting application aolbrowser.exe, version 0.4.41.1, faulting module
 libcef.dll, version 1.1180.705.0, fault address 0x0038c72c.
 
Error - 7/22/2014 3:51:10 PM | Computer Name = JOHN-D0FA019223 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/28/2014 8:55:04 AM | Computer Name = JOHN-D0FA019223 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 30.0.0.5269, faulting
 module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.
 
Error - 7/28/2014 12:32:21 PM | Computer Name = JOHN-D0FA019223 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 30.0.0.5269, faulting
 module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.
 
Error - 8/11/2014 9:28:31 AM | Computer Name = JOHN-D0FA019223 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
 module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
 
Error - 8/11/2014 9:30:33 AM | Computer Name = JOHN-D0FA019223 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 31.0.0.5310, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 8/11/2014 9:30:37 AM | Computer Name = JOHN-D0FA019223 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
 module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
 
Error - 8/22/2014 2:36:46 PM | Computer Name = JOHN-D0FA019223 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
 module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
 
[ System Events ]
Error - 8/25/2014 3:15:24 PM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 8/25/2014 3:15:28 PM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 8/25/2014 3:17:51 PM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly.  It
has done this 2 time(s).
 
Error - 8/26/2014 6:16:20 AM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SASDIFSV  SASKUTIL
 
Error - 8/26/2014 4:35:45 PM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly.  It
has done this 1 time(s).
 
Error - 8/26/2014 5:00:20 PM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly.  It
has done this 2 time(s).
 
Error - 9/1/2014 10:02:59 PM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SASDIFSV  SASKUTIL
 
Error - 9/1/2014 10:04:21 PM | Computer Name = JOHN-D0FA019223 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
 DHCP  Server) for the Network Card with network address 00223FC5E575.  The following
 error  occurred:   %%121.  Your computer will continue to try and obtain an address on
 its own from  the network address (DHCP) server.
 
Error - 9/3/2014 7:45:27 AM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 9/3/2014 7:45:30 AM | Computer Name = JOHN-D0FA019223 | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly.  It
has done this 1 time(s).
 
 
< End of report >
 

 

 

 

 

 


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    :Commands
    [createrestorepoint]
    
    :OTL
    DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
    DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\001581~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0015811315916576mcinstcleanup)
    IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
    IE - HKCU\..\SearchScopes,DefaultScope = {5C360052-17AB-43B1-8402-ADFE4EA4B852}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3201318
    FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...x-en-us&query="
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
    FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\6.bin\NPFunWeb.dll File not found
    [2010/01/01 14:31:48 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\aol-search.xml
    [2012/09/21 19:23:06 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\Search_Results.xml
    [2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
    O4 - HKLM..\Run: [zzzHPSETUP] D:\Setup.exe File not found
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
    O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
    O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.) 
    O33 - MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
    [2012/10/28 13:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
    [2014/04/01 05:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache
    
    :Commands
    [emptytemp]
    
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


  • 0

#3
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hey Naat, 

 

Thanks for jumpin in.  I've been here three times in the past and know the drill.

 

You were not kidding when you said to be patient.  

 

Here are the outputs.

 

 

 

 

 

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Error: No service named SASKUTIL was found to stop!
No service named SASKUTIL was found to delete!
File C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS not found.
Error: No service named SASDIFSV was found to stop!
No service named SASDIFSV was found to delete!
File C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS not found.
Error: No service named 0015811315916576mcinstcleanup was found to stop!
No service named 0015811315916576mcinstcleanup was found to delete!
File C:\WINDOWS\TEMP\001581~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Unable to set value : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ deleted successfully.
File C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\aol-search.xml not found.
File C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\Search_Results.xml not found.
File move failed. C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zzzHPSETUP deleted successfully.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Lookup on Merriam Webster\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Lookup on Wikipedia\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ scheduled to be deleted on reboot.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
File move failed. C:\WINDOWS\Downloaded Program Files\swdir.inf scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd74eebb-94ee-11e3-90f7-00038a000015}\ not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd74eebb-94ee-11e3-90f7-00038a000015}\ not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd74eebb-94ee-11e3-90f7-00038a000015}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd74eebb-94ee-11e3-90f7-00038a000015}\ not found.
File "F:\WD Drive Unlock.exe" autoplay=true not found.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate\{007811BF-E310-4285-BFC6-55DB29B3EDDE}\38B6E44E41131678 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate\{007811BF-E310-4285-BFC6-55DB29B3EDDE} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache\{fd97d1e2-368a-4cd9-af63-8eeff938044a} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}v1.1 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
->Flash cache emptied: 0 bytes
 
User: All Users.WINDOWS
->Flash cache emptied: 88 bytes
 
User: Dad
 
User: dad.JOHN-D0FA019223
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
 
User: LocalService.NT AUTHORITY
 
User: NetworkService
 
User: NetworkService.NT AUTHORITY
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09052014_181333
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Zoek.exe v5.0.0.0 Updated 05-September-2014
Tool run by dad on Fri 09/05/2014 at 21:58:38.07.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
9/5/2014 10:08:42 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Installed Programs ======================
 
Adblock Plus for IE  
Adblock Plus for IE (32-bit)  
Adobe Flash Player 14 ActiveX  
Adobe Flash Player 14 Plugin  
Adobe Reader XI (11.0.06)  
AOL Uninstaller (Choose which Products to Remove)  
avast Free Antivirus  
Critical Update for Windows Media Player 11 (KB959772)  
Dell Driver Download Manager  
EPSON Printer Software  
GoZone iSync  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  
Hotfix for Windows Media Format 11 SDK (KB929399)  
Hotfix for Windows Media Player 11 (KB939683)  
Hotfix for Windows XP (KB2158563)  
Hotfix for Windows XP (KB2443685)  
Hotfix for Windows XP (KB2570791)  
Hotfix for Windows XP (KB2633952)  
Hotfix for Windows XP (KB2756822)  
Hotfix for Windows XP (KB2779562)  
Hotfix for Windows XP (KB952287)  
Hotfix for Windows XP (KB954550-v5)  
Hotfix for Windows XP (KB961118)  
Hotfix for Windows XP (KB970653-v3)  
Hotfix for Windows XP (KB976098-v2)  
Hotfix for Windows XP (KB979306)  
Hotfix for Windows XP (KB981793)  
HP PrecisionScan LTX  
HP ScanJet Scan-to-Web Wizard  
Java 7 Update 51  
Java Auto Updater  
Java™ 6 Update 21  
JavaFX 2.1.0  
Malwarebytes Anti-Malware version 2.0.2.1012  
Microsoft .NET Framework 2.0 Service Pack 2  
Microsoft .NET Framework 3.0 Service Pack 2  
Microsoft .NET Framework 3.5 SP1  
Microsoft Compression Client Pack 1.0 for Windows XP  
Microsoft Internationalized Domain Names Mitigation APIs  
Microsoft National Language Support Downlevel APIs  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office File Validation Add-In  
Microsoft Office Home and Student 2007  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Word MUI (English) 2007  
Microsoft Software Update for Web Folders  (English) 12  
Microsoft User-Mode Driver Framework Feature Pack 1.0  
Microsoft VC9 runtime libraries  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Mozilla Firefox 32.0 (x86 en-US)  
Mozilla Maintenance Service  
QuickTime  
RangeMax™ NEXT Wireless Adapter WN311B  
RealPlayer Basic  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition   
Security Update for Microsoft Windows (KB2564958)  
Security Update for Windows Internet Explorer 7 (KB2544521)  
Security Update for Windows Internet Explorer 7 (KB2761465)  
Security Update for Windows Internet Explorer 7 (KB2799329)  
Security Update for Windows Internet Explorer 7 (KB938127-v2)  
Security Update for Windows Internet Explorer 7 (KB956390)  
Security Update for Windows Internet Explorer 7 (KB961260)  
Security Update for Windows Internet Explorer 7 (KB963027)  
Security Update for Windows Internet Explorer 7 (KB969897)  
Security Update for Windows Internet Explorer 7 (KB972260)  
Security Update for Windows Internet Explorer 8 (KB2510531)  
Security Update for Windows Internet Explorer 8 (KB2544521)  
Security Update for Windows Internet Explorer 8 (KB2618444)  
Security Update for Windows Internet Explorer 8 (KB2744842)  
Security Update for Windows Internet Explorer 8 (KB2761465)  
Security Update for Windows Internet Explorer 8 (KB2792100)  
Security Update for Windows Internet Explorer 8 (KB2797052)  
Security Update for Windows Internet Explorer 8 (KB2799329)  
Security Update for Windows Internet Explorer 8 (KB2809289)  
Security Update for Windows Internet Explorer 8 (KB2817183)  
Security Update for Windows Internet Explorer 8 (KB2829530)  
Security Update for Windows Internet Explorer 8 (KB2838727)  
Security Update for Windows Internet Explorer 8 (KB2846071)  
Security Update for Windows Internet Explorer 8 (KB2847204)  
Security Update for Windows Internet Explorer 8 (KB2862772)  
Security Update for Windows Internet Explorer 8 (KB2870699)  
Security Update for Windows Internet Explorer 8 (KB2879017)  
Security Update for Windows Internet Explorer 8 (KB2888505)  
Security Update for Windows Internet Explorer 8 (KB2898785)  
Security Update for Windows Internet Explorer 8 (KB2909210)  
Security Update for Windows Internet Explorer 8 (KB2909921)  
Security Update for Windows Internet Explorer 8 (KB2925418)  
Security Update for Windows Internet Explorer 8 (KB2936068)  
Security Update for Windows Internet Explorer 8 (KB2964358)  
Security Update for Windows Internet Explorer 8 (KB982381)  
Security Update for Windows Media Player (KB2378111)  
Security Update for Windows Media Player (KB2834904-v2)  
Security Update for Windows Media Player (KB2834904)  
Security Update for Windows Media Player (KB952069)  
Security Update for Windows Media Player (KB954155)  
Security Update for Windows Media Player (KB968816)  
Security Update for Windows Media Player (KB973540)  
Security Update for Windows Media Player (KB975558)  
Security Update for Windows Media Player (KB978695)  
Security Update for Windows Media Player 11 (KB936782)  
Security Update for Windows Media Player 11 (KB954154)  
Security Update for Windows XP (KB2079403)  
Security Update for Windows XP (KB2115168)  
Security Update for Windows XP (KB2121546)  
Security Update for Windows XP (KB2160329)  
Security Update for Windows XP (KB2229593)  
Security Update for Windows XP (KB2259922)  
Security Update for Windows XP (KB2279986)  
Security Update for Windows XP (KB2286198)  
Security Update for Windows XP (KB2296011)  
Security Update for Windows XP (KB2296199)  
Security Update for Windows XP (KB2347290)  
Security Update for Windows XP (KB2360937)  
Security Update for Windows XP (KB2387149)  
Security Update for Windows XP (KB2393802)  
Security Update for Windows XP (KB2412687)  
Security Update for Windows XP (KB2419632)  
Security Update for Windows XP (KB2423089)  
Security Update for Windows XP (KB2436673)  
Security Update for Windows XP (KB2440591)  
Security Update for Windows XP (KB2443105)  
Security Update for Windows XP (KB2476490)  
Security Update for Windows XP (KB2476687)  
Security Update for Windows XP (KB2478960)  
Security Update for Windows XP (KB2478971)  
Security Update for Windows XP (KB2479628)  
Security Update for Windows XP (KB2479943)  
Security Update for Windows XP (KB2481109)  
Security Update for Windows XP (KB2483185)  
Security Update for Windows XP (KB2485376)  
Security Update for Windows XP (KB2485663)  
Security Update for Windows XP (KB2491683)  
Security Update for Windows XP (KB2503658)  
Security Update for Windows XP (KB2503665)  
Security Update for Windows XP (KB2506212)  
Security Update for Windows XP (KB2506223)  
Security Update for Windows XP (KB2507618)  
Security Update for Windows XP (KB2507938)  
Security Update for Windows XP (KB2508272)  
Security Update for Windows XP (KB2508429)  
Security Update for Windows XP (KB2509553)  
Security Update for Windows XP (KB2510581)  
Security Update for Windows XP (KB2511455)  
Security Update for Windows XP (KB2524375)  
Security Update for Windows XP (KB2535512)  
Security Update for Windows XP (KB2536276-v2)  
Security Update for Windows XP (KB2536276)  
Security Update for Windows XP (KB2544893-v2)  
Security Update for Windows XP (KB2544893)  
Security Update for Windows XP (KB2555917)  
Security Update for Windows XP (KB2562937)  
Security Update for Windows XP (KB2566454)  
Security Update for Windows XP (KB2567053)  
Security Update for Windows XP (KB2567680)  
Security Update for Windows XP (KB2570222)  
Security Update for Windows XP (KB2570947)  
Security Update for Windows XP (KB2584146)  
Security Update for Windows XP (KB2585542)  
Security Update for Windows XP (KB2592799)  
Security Update for Windows XP (KB2598479)  
Security Update for Windows XP (KB2603381)  
Security Update for Windows XP (KB2618451)  
Security Update for Windows XP (KB2619339)  
Security Update for Windows XP (KB2620712)  
Security Update for Windows XP (KB2621440)  
Security Update for Windows XP (KB2624667)  
Security Update for Windows XP (KB2631813)  
Security Update for Windows XP (KB2633171)  
Security Update for Windows XP (KB2639417)  
Security Update for Windows XP (KB2641653)  
Security Update for Windows XP (KB2646524)  
Security Update for Windows XP (KB2647518)  
Security Update for Windows XP (KB2653956)  
Security Update for Windows XP (KB2655992)  
Security Update for Windows XP (KB2659262)  
Security Update for Windows XP (KB2660465)  
Security Update for Windows XP (KB2661637)  
Security Update for Windows XP (KB2676562)  
Security Update for Windows XP (KB2685939)  
Security Update for Windows XP (KB2686509)  
Security Update for Windows XP (KB2691442)  
Security Update for Windows XP (KB2695962)  
Security Update for Windows XP (KB2698365)  
Security Update for Windows XP (KB2705219)  
Security Update for Windows XP (KB2707511)  
Security Update for Windows XP (KB2709162)  
Security Update for Windows XP (KB2712808)  
Security Update for Windows XP (KB2718523)  
Security Update for Windows XP (KB2719985)  
Security Update for Windows XP (KB2723135)  
Security Update for Windows XP (KB2724197)  
Security Update for Windows XP (KB2727528)  
Security Update for Windows XP (KB2731847)  
Security Update for Windows XP (KB2753842-v2)  
Security Update for Windows XP (KB2753842)  
Security Update for Windows XP (KB2757638)  
Security Update for Windows XP (KB2758857)  
Security Update for Windows XP (KB2761226)  
Security Update for Windows XP (KB2770660)  
Security Update for Windows XP (KB2778344)  
Security Update for Windows XP (KB2779030)  
Security Update for Windows XP (KB2780091)  
Security Update for Windows XP (KB2799494)  
Security Update for Windows XP (KB2802968)  
Security Update for Windows XP (KB2807986)  
Security Update for Windows XP (KB2808735)  
Security Update for Windows XP (KB2813170)  
Security Update for Windows XP (KB2813345)  
Security Update for Windows XP (KB2820197)  
Security Update for Windows XP (KB2820917)  
Security Update for Windows XP (KB2829361)  
Security Update for Windows XP (KB2834886)  
Security Update for Windows XP (KB2839229)  
Security Update for Windows XP (KB2845187)  
Security Update for Windows XP (KB2847311)  
Security Update for Windows XP (KB2849470)  
Security Update for Windows XP (KB2850851)  
Security Update for Windows XP (KB2850869)  
Security Update for Windows XP (KB2859537)  
Security Update for Windows XP (KB2862152)  
Security Update for Windows XP (KB2862330)  
Security Update for Windows XP (KB2862335)  
Security Update for Windows XP (KB2864063)  
Security Update for Windows XP (KB2868038)  
Security Update for Windows XP (KB2868626)  
Security Update for Windows XP (KB2876217)  
Security Update for Windows XP (KB2876315)  
Security Update for Windows XP (KB2876331)  
Security Update for Windows XP (KB2883150)  
Security Update for Windows XP (KB2892075)  
Security Update for Windows XP (KB2893294)  
Security Update for Windows XP (KB2893984)  
Security Update for Windows XP (KB2898715)  
Security Update for Windows XP (KB2900986)  
Security Update for Windows XP (KB2914368)  
Security Update for Windows XP (KB2916036)  
Security Update for Windows XP (KB2922229)  
Security Update for Windows XP (KB2929961)  
Security Update for Windows XP (KB2930275)  
Security Update for Windows XP (KB923561)  
Security Update for Windows XP (KB938464-v2)  
Security Update for Windows XP (KB941569)  
Security Update for Windows XP (KB946648)  
Security Update for Windows XP (KB950760)  
Security Update for Windows XP (KB950762)  
Security Update for Windows XP (KB950974)  
Security Update for Windows XP (KB951066)  
Security Update for Windows XP (KB951376-v2)  
Security Update for Windows XP (KB951698)  
Security Update for Windows XP (KB951748)  
Security Update for Windows XP (KB952004)  
Security Update for Windows XP (KB952954)  
Security Update for Windows XP (KB954459)  
Security Update for Windows XP (KB954600)  
Security Update for Windows XP (KB955069)  
Security Update for Windows XP (KB956572)  
Security Update for Windows XP (KB956744)  
Security Update for Windows XP (KB956802)  
Security Update for Windows XP (KB956803)  
Security Update for Windows XP (KB956841)  
Security Update for Windows XP (KB956844)  
Security Update for Windows XP (KB957097)  
Security Update for Windows XP (KB958215)  
Security Update for Windows XP (KB958644)  
Security Update for Windows XP (KB958687)  
Security Update for Windows XP (KB958690)  
Security Update for Windows XP (KB958869)  
Security Update for Windows XP (KB959426)  
Security Update for Windows XP (KB960225)  
Security Update for Windows XP (KB960714)  
Security Update for Windows XP (KB960715)  
Security Update for Windows XP (KB960803)  
Security Update for Windows XP (KB960859)  
Security Update for Windows XP (KB961371)  
Security Update for Windows XP (KB961373)  
Security Update for Windows XP (KB961501)  
Security Update for Windows XP (KB968537)  
Security Update for Windows XP (KB969059)  
Security Update for Windows XP (KB969898)  
Security Update for Windows XP (KB969947)  
Security Update for Windows XP (KB970238)  
Security Update for Windows XP (KB970430)  
Security Update for Windows XP (KB971468)  
Security Update for Windows XP (KB971486)  
Security Update for Windows XP (KB971557)  
Security Update for Windows XP (KB971633)  
Security Update for Windows XP (KB971657)  
Security Update for Windows XP (KB972270)  
Security Update for Windows XP (KB973346)  
Security Update for Windows XP (KB973354)  
Security Update for Windows XP (KB973507)  
Security Update for Windows XP (KB973525)  
Security Update for Windows XP (KB973869)  
Security Update for Windows XP (KB973904)  
Security Update for Windows XP (KB974112)  
Security Update for Windows XP (KB974318)  
Security Update for Windows XP (KB974392)  
Security Update for Windows XP (KB974571)  
Security Update for Windows XP (KB975025)  
Security Update for Windows XP (KB975467)  
Security Update for Windows XP (KB975560)  
Security Update for Windows XP (KB975561)  
Security Update for Windows XP (KB975562)  
Security Update for Windows XP (KB975713)  
Security Update for Windows XP (KB977165)  
Security Update for Windows XP (KB977816)  
Security Update for Windows XP (KB977914)  
Security Update for Windows XP (KB978037)  
Security Update for Windows XP (KB978251)  
Security Update for Windows XP (KB978262)  
Security Update for Windows XP (KB978338)  
Security Update for Windows XP (KB978542)  
Security Update for Windows XP (KB978601)  
Security Update for Windows XP (KB978706)  
Security Update for Windows XP (KB979309)  
Security Update for Windows XP (KB979482)  
Security Update for Windows XP (KB979559)  
Security Update for Windows XP (KB979683)  
Security Update for Windows XP (KB979687)  
Security Update for Windows XP (KB980195)  
Security Update for Windows XP (KB980218)  
Security Update for Windows XP (KB980232)  
Security Update for Windows XP (KB980436)  
Security Update for Windows XP (KB981322)  
Security Update for Windows XP (KB981852)  
Security Update for Windows XP (KB981957)  
Security Update for Windows XP (KB981997)  
Security Update for Windows XP (KB982132)  
Security Update for Windows XP (KB982214)  
Security Update for Windows XP (KB982665)  
Security Update for Windows XP (KB982802)  
SoundMAX  
swMSM  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Windows Internet Explorer 8 (KB2598845)  
Update for Windows XP (KB2141007)  
Update for Windows XP (KB2345886)  
Update for Windows XP (KB2467659)  
Update for Windows XP (KB2541763)  
Update for Windows XP (KB2607712)  
Update for Windows XP (KB2616676)  
Update for Windows XP (KB2641690)  
Update for Windows XP (KB2661254-v2)  
Update for Windows XP (KB2718704)  
Update for Windows XP (KB2736233)  
Update for Windows XP (KB2749655)  
Update for Windows XP (KB2863058)  
Update for Windows XP (KB2904266)  
Update for Windows XP (KB2934207)  
Update for Windows XP (KB951978)  
Update for Windows XP (KB955759)  
Update for Windows XP (KB955839)  
Update for Windows XP (KB967715)  
Update for Windows XP (KB968389)  
Update for Windows XP (KB971029)  
Update for Windows XP (KB971737)  
Update for Windows XP (KB973687)  
Update for Windows XP (KB973815)  
Viewpoint Media Player  
WebFldrs XP  
Windows Genuine Advantage Validation Tool (KB892130)  
Windows Internet Explorer 7  
Windows Internet Explorer 8  
Windows Media Format 11 runtime  
Windows Media Player 11  
Windows XP Service Pack 3  
 
==== Running Processes ======================
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
C:\Program Files\Common Files\AOL\1239305799\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AOL Desktop 9.7b\waol.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AOL Desktop 9.7b\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\winmine.exe
C:\Program Files\AOL Desktop 9.7b\aolbrowser.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
 
==== Services ======================
 
You do not have Microsoft .NET Framework 4.0(or higher) installed.
 
==== System Specs ======================
 
Windows: Windows XP Home Edition Service Pack 3 (Build 2600)
Memory (RAM): 503 MB
CPU Info: Intel® Pentium® 4 CPU 2.80GHz
CPU Speed: 2723.9 MHz
Sound Card: SoundMAX Digital Audio | 
Display Adapters: | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; 
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: RangeMax™ NEXT Wireless Adapter WN311B - Packet Scheduler Miniport
CD / DVD Drives: 1x (D: | ) D: HL-DT-STCD-RW GCE-8483B
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  70.9GB
Hard Disks - Free: C:  10.1GB
Manufacturer *: Dell Inc.                
BIOS Info: AT/AT COMPATIBLE | 01/10/05 | DELL   - 7
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc.           0M3918
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: avast! Antivirus On-access scanning disabled (Updated)
Internet Explorer version: 8.0.6001.18702 
Mozilla Firefox version: 32.0 (x86 en-US)
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit) 
Flash Player version: 14.0.0.145
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
2014-09-04 22:17:23 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-09-04 22:13:25 AED25CDB09FB4E56F45DAF6C9A1D3ED3 53208 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-09-04 22:13:24 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data ======
2014-08-24 12:45:00 52BAE44A47935B935471345C56D2F9E3 664 ----a-w- C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat
====== C:\Documents and Settings\dad.JOHN-D0FA019223 ======
2014-09-04 14:32:28 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
 
====== C: exe-files ==
=== C: other files ==
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-220523388-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"AOL Fast Start"="C:\Program Files\AOL Desktop 9.7b\AOL.EXE -b"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_WN311B"="C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide"
"HostManager"="C:\Program Files\Common Files\AOL\1239305799\ee\AOLSoftware.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"AOL Fast Start"="C:\Program Files\AOL Desktop 9.7b\AOL.EXE -b"
 
==== Startup Registry Disabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
 
 
==== Startup Folders ======================
 
2010-05-11 21:38:49 714 ----a-w- C:\Documents and Settings\dad.JOHN-D0FA019223\Start Menu\Programs\Startup\GoZone iSync.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ C:\WINDOWS\system32\xp_eos.exe [02/25/2014 09:59 PM]
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ C:\WINDOWS\system32\xp_eos.exe [02/25/2014 09:59 PM]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/04/2014 03:45 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\9k4rcgf9.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
- Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- Location Navigator - %ProfilePath%\extensions\{914DC373-ACF6-4305-B877-8508A576E9B6}
 
ProfilePath: C:\Documents and Settings\DAD~1.JOH\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
 
ProfilePath: C:\Documents and Settings\LOCALS~1\Application Data\Mozilla\Firefox\Profiles\5pm07c5z.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
 
AppDir: C:\Program Files\Mozilla Firefox
- Talkback - %AppDir%\extensions\talkback@mozilla(2).org
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Undetermined - %AppDir%\extensions\installed-extensions-processed.txt
 
==== Firefox Plugins ======================
 
Profilepath: C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
8EE5C38C01E28D6746B0F99E0D3E3388 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.2
BAA307F0F5E4F8DD8D1B377B069F8144 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.2
617F94A61ECBC12D58F18910E5D940D8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.2
85EF10E340D8610D4BE2D3451D241B4E - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.2
ADE2E22C79A6E80FC52198431B83B427 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.2
C99CF76FF158525429DCB6BDFDF57CFC - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.2
530FBD022BE3C1A0712CA220D9A9BFB0 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.2
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
BCDFF548F7D31A2BCF1CF98DA7EB5445 - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll - MetaStream 3 Plugin
 
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/04/2014 03:45 PM]
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{5C360052-17AB-43B1-8402-ADFE4EA4B852}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Unknown  Url="Not_Found"
{443789B7-F39C-4b5c-9287-DA72D38F4FE6} AOL Search Url="http://slirsredirect...romesbox-en-us"
{5C360052-17AB-43B1-8402-ADFE4EA4B852} Google  Url="http://www.google.co...ge={startPage}"
{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Search Results Url="http://dts.search-re...={searchTerms}"
{afdbddaa-5d3f-42ee-b79c-185a7020515b} FLV Runner Customized Web Search Url="http://search.condui...ctid=CT3201318"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Fri 09/05/2014 at 22:18:43.54 ======================
 
 
 

  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
 
Looks like oTL couldn't handle it and ZOEK didn't show what I wanted to. We'll reach for FRST.
 
 
FRST.gif Scan with Farbar Recovery Scan Tool

 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#5
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Next round. 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2014
Ran by dad (administrator) on JOHN-D0FA019223 on 06-09-2014 15:34:12
Running from C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AOL Inc.) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Foxconn Corporation) C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1239305799\ee\aolsoftware.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7b\waol.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\WBEM\unsecapp.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7b\shellmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\winmine.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AS00_WN311B] => C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe [3002368 2008-09-17] (Foxconn Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1239305799\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-220523388-573735546-682003330-1004\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7b\AOL.EXE [72296 2014-07-02] (AOL Inc.)
HKU\S-1-5-21-220523388-573735546-682003330-1004\...\MountPoints2: {bd74eebb-94ee-11e3-90f7-00038a000015} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\Documents and Settings\dad.JOHN-D0FA019223\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {5C360052-17AB-43B1-8402-ADFE4EA4B852} URL = http://www.google.co...age={startPage}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...hromesbox-en-us
SearchScopes: HKCU - {5C360052-17AB-43B1-8402-ADFE4EA4B852} URL = http://www.google.co...age={startPage}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3201318
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default
FF SearchEngineOrder.1: Search Results
FF Homepage: about:home
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
FF SearchPlugin: C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\Search_Results.xml
FF Extension: No Name - C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-04-04]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-02]
FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org [2014-09-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46184 2014-02-06] (AOL Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
S4 0015811315916576mcinstcleanup; C:\WINDOWS\TEMP\001581~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2013-04-24] (Windows ® 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-04] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-04] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-04] ()
R3 AWINDIS5; C:\WINDOWS\system32\AWINDIS5.SYS [16194 2002-04-11] (AMBIT Microsystems Corporation.) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\wn311b.sys [822400 2007-09-06] (Broadcom Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 NPF; system32\drivers\npf.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 15:34 - 2014-09-06 15:35 - 00012869 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.txt
2014-09-06 15:33 - 2014-09-06 15:34 - 00000000 ____D () C:\FRST
2014-09-06 15:27 - 2014-09-06 15:28 - 01096704 _____ (Farbar) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.exe
2014-09-05 22:08 - 2014-09-05 22:18 - 00031807 _____ () C:\zoek-results.log
2014-09-05 21:56 - 2014-09-05 21:56 - 00000000 ____D () C:\zoek_backup
2014-09-05 21:55 - 2014-09-05 22:04 - 01288704 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\zoek.exe
2014-09-05 17:58 - 2014-09-05 17:58 - 00000000 ____D () C:\_OTL
2014-09-04 18:17 - 2014-09-04 18:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 18:13 - 2014-09-04 18:13 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 18:13 - 2014-09-04 18:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-04 18:13 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-04 18:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-04 11:24 - 2014-09-04 11:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-04 11:23 - 2014-09-04 11:23 - 00053314 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.Txt
2014-09-04 11:23 - 2014-09-04 11:23 - 00039752 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\Extras.Txt
2014-09-04 10:32 - 2014-09-04 10:32 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
2014-08-24 08:45 - 2014-08-24 08:45 - 00000664 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat
2014-08-08 06:23 - 2014-08-08 06:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 15:35 - 2014-09-06 15:34 - 00012869 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.txt
2014-09-06 15:35 - 2009-04-09 17:52 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp
2014-09-06 15:34 - 2014-09-06 15:33 - 00000000 ____D () C:\FRST
2014-09-06 15:28 - 2014-09-06 15:27 - 01096704 _____ (Farbar) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.exe
2014-09-06 14:44 - 2012-11-06 10:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-06 11:23 - 2009-04-09 17:44 - 01407940 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-06 11:22 - 2012-07-11 06:41 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-06 11:17 - 2009-04-09 10:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-06 11:16 - 2014-03-27 06:35 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-06 11:16 - 2009-04-09 17:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-06 11:16 - 2009-04-09 10:07 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-06 11:15 - 2009-04-09 17:52 - 00000178 ___SH () C:\Documents and Settings\dad.JOHN-D0FA019223\ntuser.ini
2014-09-06 11:15 - 2009-04-09 17:51 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-05 22:18 - 2014-09-05 22:08 - 00031807 _____ () C:\zoek-results.log
2014-09-05 22:04 - 2014-09-05 21:55 - 01288704 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\zoek.exe
2014-09-05 21:56 - 2014-09-05 21:56 - 00000000 ____D () C:\zoek_backup
2014-09-05 18:05 - 2014-07-24 07:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-05 17:58 - 2014-09-05 17:58 - 00000000 ____D () C:\_OTL
2014-09-05 17:08 - 2014-04-20 15:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-04 18:17 - 2014-09-04 18:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 18:13 - 2014-09-04 18:13 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 18:13 - 2014-09-04 18:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Malwarebytes
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-09-04 11:25 - 2014-09-04 11:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-04 11:23 - 2014-09-04 11:23 - 00053314 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.Txt
2014-09-04 11:23 - 2014-09-04 11:23 - 00039752 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\Extras.Txt
2014-09-04 10:32 - 2014-09-04 10:32 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
2014-09-04 07:37 - 2009-04-09 17:41 - 00097857 _____ () C:\WINDOWS\wmsetup.log
2014-09-01 22:02 - 2004-08-04 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-24 08:45 - 2014-08-24 08:45 - 00000664 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat
2014-08-15 03:14 - 2009-05-14 09:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2014-08-15 03:14 - 2009-05-14 09:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2014-08-15 03:11 - 2013-08-01 09:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-15 03:03 - 2009-04-09 20:31 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-11 10:13 - 2010-05-23 10:01 - 00013824 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-10 06:50 - 2009-04-09 10:02 - 00554244 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-10 06:49 - 2011-10-13 03:02 - 00344757 _____ () C:\WINDOWS\setupapi.log
2014-08-08 15:05 - 2014-03-27 06:35 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 06:25 - 2012-09-21 19:19 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\Temp
2014-08-08 06:23 - 2014-08-08 06:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com

Files to move or delete:
====================
C:\Documents and Settings\Dad\neoteris_read_21006965.reg
C:\Documents and Settings\Dad\neoteris_read_5312057.reg
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex_runescape_preferences.dat
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex_runescape_preferences2.dat
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex__preferences3.dat


Some content of TEMP:
====================
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\AcsInstall.dll
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\AOLFirewallMgr.dll
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\AOLInstallerfw.dll
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\SHFOLDER.DLL


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-09-2014
Ran by dad at 2014-09-06 15:37:47
Running from C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Driver Download Manager (HKCU\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
GoZone iSync (Version: 2.0.0 - Virgin HealthMiles) Hidden
HP PrecisionScan LTX (HKLM\...\HP PrecisionScan LTX) (Version:  - )
HP ScanJet Scan-to-Web Wizard (HKLM\...\Scan-To-Web) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.210 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
RangeMax™ NEXT Wireless Adapter WN311B (HKLM\...\{1047106F-3AED-4661-B919-6D377BF641CF}) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-06-2014 14:13:14 System Checkpoint
25-06-2014 16:30:12 System Checkpoint
26-06-2014 17:58:53 System Checkpoint
27-06-2014 18:49:15 System Checkpoint
28-06-2014 19:44:57 System Checkpoint
29-06-2014 20:15:12 System Checkpoint
30-06-2014 20:36:15 System Checkpoint
01-07-2014 21:15:11 System Checkpoint
02-07-2014 22:44:27 System Checkpoint
05-07-2014 23:00:15 System Checkpoint
06-07-2014 23:30:45 System Checkpoint
07-07-2014 23:59:39 System Checkpoint
09-07-2014 00:10:41 System Checkpoint
10-07-2014 01:11:22 System Checkpoint
10-07-2014 02:58:49 Software Distribution Service 3.0
11-07-2014 10:03:30 System Checkpoint
12-07-2014 10:32:48 System Checkpoint
13-07-2014 18:32:56 System Checkpoint
14-07-2014 18:35:47 System Checkpoint
15-07-2014 19:14:08 System Checkpoint
16-07-2014 21:30:09 System Checkpoint
17-07-2014 21:59:19 System Checkpoint
22-07-2014 00:21:41 System Checkpoint
23-07-2014 03:23:30 System Checkpoint
24-07-2014 04:08:40 System Checkpoint
25-07-2014 09:54:28 System Checkpoint
26-07-2014 10:41:08 System Checkpoint
27-07-2014 11:15:54 System Checkpoint
28-07-2014 11:48:04 System Checkpoint
29-07-2014 11:55:48 System Checkpoint
30-07-2014 12:23:24 System Checkpoint
31-07-2014 13:34:11 System Checkpoint
01-08-2014 14:25:56 System Checkpoint
02-08-2014 15:09:12 System Checkpoint
03-08-2014 15:58:22 System Checkpoint
04-08-2014 16:05:27 System Checkpoint
04-08-2014 19:44:13 avast! antivirus system restore point
05-08-2014 19:48:46 System Checkpoint
06-08-2014 21:14:02 System Checkpoint
07-08-2014 21:23:32 System Checkpoint
08-08-2014 21:32:57 System Checkpoint
09-08-2014 22:33:16 System Checkpoint
10-08-2014 22:45:21 System Checkpoint
11-08-2014 22:57:24 System Checkpoint
12-08-2014 23:41:18 System Checkpoint
13-08-2014 23:45:52 System Checkpoint
14-08-2014 23:49:03 System Checkpoint
15-08-2014 07:01:27 Software Distribution Service 3.0
16-08-2014 11:19:51 System Checkpoint
17-08-2014 21:34:46 System Checkpoint
18-08-2014 22:51:29 System Checkpoint
19-08-2014 23:19:39 System Checkpoint
20-08-2014 23:20:44 System Checkpoint
22-08-2014 02:54:05 System Checkpoint
23-08-2014 03:07:02 System Checkpoint
24-08-2014 03:23:42 System Checkpoint
25-08-2014 11:10:34 System Checkpoint
26-08-2014 11:17:07 System Checkpoint
27-08-2014 11:20:50 System Checkpoint
02-09-2014 03:01:32 System Checkpoint
03-09-2014 03:06:15 System Checkpoint
04-09-2014 03:36:24 System Checkpoint
05-09-2014 04:06:17 System Checkpoint
05-09-2014 21:59:18 OTL Restore Point - 9/5/2014 5:59:09 PM
06-09-2014 02:08:42 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 06:00 - 2013-12-03 10:36 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2011-09-21 07:35 - 2014-08-04 15:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-06 15:25 - 2014-09-06 15:25 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090601\algo.dll
2009-04-09 18:07 - 2007-01-18 10:29 - 00102400 _____ () C:\WINDOWS\system32\ASupplicant.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 00059392 _____ () c:\program files\common files\aol\1239305799\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
2013-12-03 08:44 - 2014-08-04 15:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7b\zlib.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 21151232 _____ () C:\Program Files\AOL Desktop 9.7b\libcef.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 00648704 _____ () C:\Program Files\AOL Desktop 9.7b\libglesv2.dll
2014-07-02 05:17 - 2014-07-02 05:17 - 00122880 _____ () C:\Program Files\AOL Desktop 9.7b\libegl.dll
2014-09-04 11:24 - 2014-09-04 11:25 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CTFMON.EXE =>
MSCONFIG\startupreg: MSMSGS =>
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: RealTray =>
MSCONFIG\startupreg: SunJavaUpdateSched =>

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2014 03:34:34 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/06/2014 03:34:34 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/22/2014 02:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/11/2014 09:30:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/11/2014 09:30:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5310, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/11/2014 09:28:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/28/2014 00:32:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/28/2014 08:55:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/22/2014 03:51:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/02/2014 04:01:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application aolbrowser.exe, version 0.4.41.1, faulting module libcef.dll, version 1.1180.705.0, fault address 0x0038c72c.
Processing media-specific event for [aolbrowser.exe!ws!]


System errors:
=============
Error: (09/05/2014 09:38:55 PM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 00223FC5E575.  The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 85%
Total physical RAM: 502.08 MB
Available physical RAM: 73.31 MB
Total Pagefile: 1226.89 MB
Available Pagefile: 649.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:70.92 GB) (Free:10.04 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=70.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.5 GB) - (Type=DB)

==================== End Of Log ============================


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

What do you think about AOL? Are you really using it for everyday browsing?

 

There is plenty of this here. If I will deploy my tools, it will probably be deleted/wiped off.. AOL doesn't have good reputation here.


  • 0

#7
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Got ya.  I need to get out from under the hog?   :X   Go to a new browser and email?

 

 


  • 0

#8
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

No, if you are used to it, I will try to do my best not to harm it and that means we have to deal with some part of the stuff manually.



FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...hromesbox-en-us
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
    SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3201318
    Toolbar: HKCU - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    FF SearchEngineOrder.1: Search Results
    FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    S4 0015811315916576mcinstcleanup; C:\WINDOWS\TEMP\001581~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
    S3 NPF; system32\drivers\npf.sys [X]
    S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
    U1 WS2IFSL; No ImagePath
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.



gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.
 


  • 0

#9
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

I won't tell you how long Ive been used to it. :D

 

Next round:

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by dad at 2014-09-08 07:04:17 Run:1
Running from C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...hromesbox-en-us
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3201318
Toolbar: HKCU - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF SearchEngineOrder.1: Search Results
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
S4 0015811315916576mcinstcleanup; C:\WINDOWS\TEMP\001581~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 NPF; system32\drivers\npf.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; No ImagePath
EmptyTemp:
end
*****************
 
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
"HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key deleted successfully.
"HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => value deleted successfully.
"HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox Keyword.URL deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
0015811315916576mcinstcleanup => Service deleted successfully.
NPF => Service deleted successfully.
USBAAPL => Service deleted successfully.
WS2IFSL => Service deleted successfully.
EmptyTemp: => Removed 537.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-08 10:15:00
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Maxtor_6Y080M0 rev.YAR51HW0 74.51GB
Running: xw1fmxqn.exe; Driver: C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp\kgdcrfod.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwAddBootEntry [0xF71D0BA6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwAssignProcessToJobObject [0xF71D1684]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwClose [0xF7215D80]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateEvent [0xF71DD6F8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateEventPair [0xF71DD744]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateIoCompletion [0xF71DD8DE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateKey [0xF7215734]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateMutant [0xF71DD666]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateSection [0xF71DD788]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateSemaphore [0xF71DD6AE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateThread [0xF71D1BBA]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwCreateTimer [0xF71DD898]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwDebugActiveProcess [0xF71D2472]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwDeleteBootEntry [0xF71D0C0C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwDeleteKey [0xF7216446]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwDeleteValueKey [0xF72166FC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwDuplicateObject [0xF71D5C68]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwEnumerateKey [0xF72162B1]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwEnumerateValueKey [0xF721611C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwLoadDriver [0xF71D07F8]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                       ZwMapViewOfSection [0xF7482ED0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwModifyBootEntry [0xF71D0C72]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwNotifyChangeKey [0xF71D605E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwNotifyChangeMultipleKeys [0xF71D2F5A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenEvent [0xF71DD722]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenEventPair [0xF71DD766]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenIoCompletion [0xF71DD902]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenKey [0xF7215A90]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenMutant [0xF71DD68C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenProcess [0xF71D5560]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenSection [0xF71DD816]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenSemaphore [0xF71DD6D6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenThread [0xF71D594C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwOpenTimer [0xF71DD8BC]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                       ZwProtectVirtualMemory [0xF7482C6E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwQueryKey [0xF7215F97]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwQueryObject [0xF71D2DCE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwQueryValueKey [0xF7215DE9]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwQueueApcThread [0xF71D2924]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                       ZwRenameKey [0xF7490E1A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwRestoreKey [0xF7214D77]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetBootEntryOrder [0xF71D0CD8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetBootOptions [0xF71D0D3E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetContextThread [0xF71D22EC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetSystemInformation [0xF71D0892]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetSystemPowerState [0xF71D0A64]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSetValueKey [0xF721654D]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwShutdownSystem [0xF71D09F2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSuspendProcess [0xF71D263C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSuspendThread [0xF71D279E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwSystemDebugControl [0xF71D0AEC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwTerminateProcess [0xF71D212A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwTerminateThread [0xF71D22CC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwVdmControl [0xF71D0DA4]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                      ZwWriteVirtualMemory [0xF71D16E0]
 
---- Kernel code sections - GMER 2.1 ----
 
.text           ntkrnlpa.exe!ZwCallbackReturn + 26E8                                                                         80501F44 4 Bytes  [E9, 5D, 21, F7]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2770                                                                         80501FCC 12 Bytes  [D8, 0C, 1D, F7, 3E, 0D, 1D, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2818                                                                         80502074 12 Bytes  [3C, 26, 1D, F7, 9E, 27, 1D, ...]
init            C:\WINDOWS\system32\drivers\senfilt.sys                                                                      entry point in "init" section [0xF7658F80]
 
---- User code sections - GMER 2.1 ----
 
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[492] ntdll.dll!RtlDosSearchPath_U + 186                                7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[492] kernel32.dll!GetBinaryTypeW + 80                                  7C869AB4 1 Byte  [62]
.text           C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe[504] ntdll.dll!RtlDosSearchPath_U + 186                   7C916865 1 Byte  [62]
.text           C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe[504] kernel32.dll!GetBinaryTypeW + 80                     7C869AB4 1 Byte  [62]
.text           C:\Program Files\Common Files\AOL\1239305799\ee\AOLSoftware.exe[512] ntdll.dll!RtlDosSearchPath_U + 186      7C916865 1 Byte  [62]
.text           C:\Program Files\Common Files\AOL\1239305799\ee\AOLSoftware.exe[512] kernel32.dll!GetBinaryTypeW + 80        7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\System32\smss.exe[584] ntdll.dll!RtlDosSearchPath_U + 186                                         7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[632] ntdll.dll!RtlDosSearchPath_U + 186                                        7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[632] KERNEL32.dll!GetBinaryTypeW + 80                                          7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[700] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!RtlDosSearchPath_U + 186                                        7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetBinaryTypeW + 80                                          7C869AB4 1 Byte  [62]
.text           C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[832] ntdll.dll!RtlDosSearchPath_U + 186          7C916865 1 Byte  [62]
.text           C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe[832] kernel32.dll!GetBinaryTypeW + 80            7C869AB4 1 Byte  [62]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[848] ntdll.dll!RtlDosSearchPath_U + 186                    7C916865 1 Byte  [62]
.text           C:\Program Files\Analog Devices\Core\smax4pnp.exe[848] kernel32.dll!GetBinaryTypeW + 80                      7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[864] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 80                                        7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 80                                        7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80                                        7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186                   7C916865 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[1124] kernel32.dll!SetUnhandledExceptionFilter             7C844EE5 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[1124] kernel32.dll!GetBinaryTypeW + 80                     7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186                                      7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[1136] kernel32.dll!GetBinaryTypeW + 80                                        7C869AB4 1 Byte  [62]
.text           C:\Program Files\AOL Desktop 9.7b\waol.exe[1156] ntdll.dll!RtlDosSearchPath_U + 186                          7C916865 1 Byte  [62]
.text           C:\Program Files\AOL Desktop 9.7b\waol.exe[1156] kernel32.dll!GetBinaryTypeW + 80                            7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1312] ntdll.dll!RtlDosSearchPath_U + 186                                             7C916865 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1312] kernel32.dll!GetBinaryTypeW + 80                                               7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] ntdll.dll!RtlDosSearchPath_U + 186                  7C916865 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] kernel32.dll!SetUnhandledExceptionFilter            7C844EE5 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] kernel32.dll!GetBinaryTypeW + 80                    7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\taskmgr.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\taskmgr.exe[1536] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186                            7C916865 1 Byte  [62]
.text           C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1856] kernel32.dll!GetBinaryTypeW + 80                              7C869AB4 1 Byte  [62]
.text           C:\Program Files\Java\jre7\bin\jqs.exe[1892] ntdll.dll!RtlDosSearchPath_U + 186                              7C916865 1 Byte  [62]
.text           C:\Program Files\Java\jre7\bin\jqs.exe[1892] kernel32.dll!GetBinaryTypeW + 80                                7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\wanmpsvc.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186                                             7C916865 1 Byte  [62]
.text           C:\WINDOWS\wanmpsvc.exe[2012] kernel32.dll!GetBinaryTypeW + 80                                               7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[2148] ntdll.dll!RtlDosSearchPath_U + 186                                         7C916865 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[2148] kernel32.dll!GetBinaryTypeW + 80                                           7C869AB4 1 Byte  [62]
.text           C:\Program Files\AOL Desktop 9.7b\shellmon.exe[2512] ntdll.dll!RtlDosSearchPath_U + 186                      7C916865 1 Byte  [62]
.text           C:\Program Files\AOL Desktop 9.7b\shellmon.exe[2512] kernel32.dll!GetBinaryTypeW + 80                        7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\SYSTEM32\winmine.exe[2656] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\SYSTEM32\winmine.exe[2656] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\Program Files\AOL Desktop 9.7b\aolbrowser.exe[2744] ntdll.dll!RtlDosSearchPath_U + 186                    7C916865 1 Byte  [62]
.text           C:\Program Files\AOL Desktop 9.7b\aolbrowser.exe[2744] kernel32.dll!GetBinaryTypeW + 80                      7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[3420] ntdll.dll!RtlDosSearchPath_U + 186                                     7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[3420] kernel32.dll!GetBinaryTypeW + 80                                       7C869AB4 1 Byte  [62]
.text           C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\xw1fmxqn.exe[3648] ntdll.dll!RtlDosSearchPath_U + 186  7C916865 1 Byte  [62]
.text           C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\xw1fmxqn.exe[3648] kernel32.dll!GetBinaryTypeW + 80    7C869AB4 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\unsecapp.exe[4084] ntdll.dll!RtlDosSearchPath_U + 186                               7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\wbem\unsecapp.exe[4084] kernel32.dll!GetBinaryTypeW + 80                                 7C869AB4 1 Byte  [62]
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                     aswTdi.sys
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                    aswTdi.sys
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                    aswTdi.sys
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                  aswTdi.sys
 
Device                                                                                                                       mrxsmb.sys
Device                                                                                                                       Fastfat.SYS
 
AttachedDevice                                                                                                               fltmgr.sys
 
---- Registry - GMER 2.1 ----
 
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\AOL - [email protected]@MessageCount              56
 
---- EOF - GMER 2.1 ----
 
 

  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

And the next round. However, my logfiles have limited scanning time, and may not have taken everything down... So please tell me do you face any other issues after this one scan?



windows_xp_logo.jpg Windows XP notes

I've noticed that you're a Windows XP user. I need to tell you that my canned speeches (texts I use to present instructions) are designed for newer systems in first place. Therefore, whenever you will see a request to Run as Administrator, please ignore it and instead run the tool just by a double-click on the aforementioned icon.

warning.gif Windows XP end of support warning!

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft.
Any patches, updates or security releases are ceased for this System.

This is just an information for you if not aware.
My recommendation would be to start thinking about replacing it with some newer edition, like Windows Vista, Windows 7 or Windows 8.



51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E};c
    {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406};c
    {afdbddaa-5d3f-42ee-b79c-185a7020515b};c
    {D4027C7F-154A-4066-A1AD-4243D8127440};c
    C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\Search_Results.xml;f
    C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll;f
    C:\Windows\Jumpshot.com;f
    resethosts;
    emptyclsid;
    emptyalltemp;
    emptyiecache;
    emptyffcache;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


  • 0

Advertisements


#11
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Naat, I understand about XP.  I'm just trying to limp along an old machine.

 

Not sure I understand what other issues you mean.

 

Thanks

 

 

 

 

Zoek.exe v5.0.0.0 Updated 09-September-2014
Tool run by dad on Tue 09/09/2014 at 11:16:50.50.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-09-06-021843.log    31807 bytes

==== System Restore Info ======================

9/9/2014 11:29:20 AM Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
127.0.0.1       localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-220523388-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-220523388-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Files \ Folders ======================

"C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\Search_Results.xml" deleted
"C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll" deleted
"C:\Windows\jumpshot.com" deleted

==== Empty IE Cache ======================

C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\45erioto.default\Cache emptied successfully
C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\9k4rcgf9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=1 89016 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Dad\Local Settings\Temp emptied successfully
C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\DAD~1.JOH\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Cookies" not found
"C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\History" not found
"C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files" not found

==== EOF on Tue 09/09/2014 at 11:39:46.54 ======================
 


  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 

So please tell me do you face any other issues after this one scan?

What I mean is that I don't see your mahcine and due to online nature of help, I need you to tell me if there is any improvement noticeable after the scans/fixes we are doing :)

 
FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#13
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

No change in machine performance.

 

Latest output:

 

 

Thanks

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by dad (administrator) on JOHN-D0FA019223 on 11-09-2014 07:57:27
Running from C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AOL Inc.) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Foxconn Corporation) C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1239305799\ee\aolsoftware.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7b\waol.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\WBEM\unsecapp.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7b\shellmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AS00_WN311B] => C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe [3002368 2008-09-17] (Foxconn Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1239305799\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-220523388-573735546-682003330-1004\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7b\AOL.EXE [72296 2014-07-02] (AOL Inc.)
HKU\S-1-5-21-220523388-573735546-682003330-1004\...\MountPoints2: {bd74eebb-94ee-11e3-90f7-00038a000015} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\Documents and Settings\dad.JOHN-D0FA019223\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {5C360052-17AB-43B1-8402-ADFE4EA4B852} URL = http://www.google.co...age={startPage}
SearchScopes: HKCU - {5C360052-17AB-43B1-8402-ADFE4EA4B852} URL = http://www.google.co...age={startPage}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
FF SearchPlugin: C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\aol-search.xml
FF Extension: No Name - C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-04-04]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-02]
FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org [2014-09-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46184 2014-02-06] (AOL Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2013-04-24] (Windows ® 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-04] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-04] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-04] ()
R3 AWINDIS5; C:\WINDOWS\system32\AWINDIS5.SYS [16194 2002-04-11] (AMBIT Microsystems Corporation.) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\wn311b.sys [822400 2007-09-06] (Broadcom Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:03 - 2014-09-11 07:58 - 00011343 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.txt
2014-09-09 15:44 - 2014-09-09 15:45 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-09-09 11:41 - 2014-09-09 11:41 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-09-09 11:33 - 2014-09-11 07:58 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:16 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-09-09 11:28 - 2014-09-05 22:18 - 00031807 _____ () C:\zoek-results2014-09-06-021843.log
2014-09-09 11:16 - 2014-09-09 11:16 - 01290240 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\zoek.exe
2014-09-08 10:15 - 2014-09-08 10:15 - 00021490 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\gmer.log
2014-09-08 09:50 - 2014-09-08 09:50 - 00380416 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\xw1fmxqn.exe
2014-09-08 07:04 - 2014-09-08 07:04 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST-OlderVersion
2014-09-06 15:33 - 2014-09-11 07:57 - 00000000 ____D () C:\FRST
2014-09-06 15:27 - 2014-09-08 07:04 - 01097728 _____ (Farbar) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.exe
2014-09-05 22:08 - 2014-09-09 11:39 - 00005273 _____ () C:\zoek-results.log
2014-09-05 21:56 - 2014-09-09 11:39 - 00000000 ____D () C:\zoek_backup
2014-09-05 17:58 - 2014-09-05 17:58 - 00000000 ____D () C:\_OTL
2014-09-04 18:17 - 2014-09-04 18:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 18:13 - 2014-09-04 18:13 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 18:13 - 2014-09-04 18:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-04 18:13 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-04 18:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-04 11:24 - 2014-09-04 11:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-04 11:23 - 2014-09-04 11:23 - 00053314 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.Txt
2014-09-04 11:23 - 2014-09-04 11:23 - 00039752 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\Extras.Txt
2014-09-04 10:32 - 2014-09-04 10:32 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
2014-08-24 08:45 - 2014-09-08 16:00 - 00000664 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:58 - 2014-09-11 07:03 - 00011343 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.txt
2014-09-11 07:58 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp
2014-09-11 07:57 - 2014-09-06 15:33 - 00000000 ____D () C:\FRST
2014-09-11 07:57 - 2009-04-09 17:44 - 01514363 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-11 07:44 - 2012-11-06 10:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-11 06:26 - 2012-07-11 06:41 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-11 06:20 - 2014-03-27 06:35 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-11 06:20 - 2009-04-09 17:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-11 06:20 - 2009-04-09 10:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-11 06:20 - 2009-04-09 10:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-10 23:33 - 2009-04-09 17:51 - 00032520 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-10 23:32 - 2009-04-09 17:52 - 00000178 ___SH () C:\Documents and Settings\dad.JOHN-D0FA019223\ntuser.ini
2014-09-10 19:36 - 2014-04-20 15:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-09 15:45 - 2014-09-09 15:44 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-09-09 15:45 - 2012-07-11 06:36 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-09 15:45 - 2011-07-31 08:08 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 11:41 - 2014-09-09 11:41 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-09-09 11:39 - 2014-09-05 22:08 - 00005273 _____ () C:\zoek-results.log
2014-09-09 11:39 - 2014-09-05 21:56 - 00000000 ____D () C:\zoek_backup
2014-09-09 11:39 - 2009-04-09 17:51 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Temp
2014-09-09 11:16 - 2014-09-09 11:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-09-09 11:16 - 2014-09-09 11:16 - 01290240 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\zoek.exe
2014-09-08 16:00 - 2014-08-24 08:45 - 00000664 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat
2014-09-08 15:00 - 2014-03-27 06:35 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-08 10:15 - 2014-09-08 10:15 - 00021490 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\gmer.log
2014-09-08 09:50 - 2014-09-08 09:50 - 00380416 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\xw1fmxqn.exe
2014-09-08 07:21 - 2013-04-13 16:56 - 00002347 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-08 07:21 - 2013-04-13 16:56 - 00002347 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-08 07:04 - 2014-09-08 07:04 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST-OlderVersion
2014-09-08 07:04 - 2014-09-06 15:27 - 01097728 _____ (Farbar) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.exe
2014-09-07 18:32 - 2009-05-13 12:04 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\My Documents\Rockets
2014-09-06 19:23 - 2011-10-13 03:02 - 00346133 _____ () C:\WINDOWS\setupapi.log
2014-09-05 22:18 - 2014-09-09 11:28 - 00031807 _____ () C:\zoek-results2014-09-06-021843.log
2014-09-05 18:05 - 2014-07-24 07:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-05 17:58 - 2014-09-05 17:58 - 00000000 ____D () C:\_OTL
2014-09-04 18:17 - 2014-09-04 18:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 18:13 - 2014-09-04 18:13 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 18:13 - 2014-09-04 18:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Malwarebytes
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-09-04 11:25 - 2014-09-04 11:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-04 11:23 - 2014-09-04 11:23 - 00053314 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.Txt
2014-09-04 11:23 - 2014-09-04 11:23 - 00039752 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\Extras.Txt
2014-09-04 10:32 - 2014-09-04 10:32 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
2014-09-04 07:37 - 2009-04-09 17:41 - 00097857 _____ () C:\WINDOWS\wmsetup.log
2014-09-01 22:02 - 2004-08-04 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-15 03:14 - 2009-05-14 09:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2014-08-15 03:14 - 2009-05-14 09:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2014-08-15 03:11 - 2013-08-01 09:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-15 03:03 - 2009-04-09 20:31 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\Documents and Settings\Dad\neoteris_read_21006965.reg
C:\Documents and Settings\Dad\neoteris_read_5312057.reg
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex_runescape_preferences.dat
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex_runescape_preferences2.dat
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex__preferences3.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by dad (administrator) on JOHN-D0FA019223 on 11-09-2014 07:57:27
Running from C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AOL Inc.) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Foxconn Corporation) C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1239305799\ee\aolsoftware.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7b\waol.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\WBEM\unsecapp.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7b\shellmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AS00_WN311B] => C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe [3002368 2008-09-17] (Foxconn Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1239305799\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-220523388-573735546-682003330-1004\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7b\AOL.EXE [72296 2014-07-02] (AOL Inc.)
HKU\S-1-5-21-220523388-573735546-682003330-1004\...\MountPoints2: {bd74eebb-94ee-11e3-90f7-00038a000015} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\Documents and Settings\dad.JOHN-D0FA019223\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {5C360052-17AB-43B1-8402-ADFE4EA4B852} URL = http://www.google.co...age={startPage}
SearchScopes: HKCU - {5C360052-17AB-43B1-8402-ADFE4EA4B852} URL = http://www.google.co...age={startPage}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
FF SearchPlugin: C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\searchplugins\aol-search.xml
FF Extension: No Name - C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-04-04]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Mozilla\Firefox\Profiles\3mgk3tqf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-02]
FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org [2014-09-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46184 2014-02-06] (AOL Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2013-04-24] (Windows ® 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-04] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-04] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-04] ()
R3 AWINDIS5; C:\WINDOWS\system32\AWINDIS5.SYS [16194 2002-04-11] (AMBIT Microsystems Corporation.) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\wn311b.sys [822400 2007-09-06] (Broadcom Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:03 - 2014-09-11 07:58 - 00011343 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.txt
2014-09-09 15:44 - 2014-09-09 15:45 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-09-09 11:41 - 2014-09-09 11:41 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-09-09 11:33 - 2014-09-11 07:58 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:16 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-09-09 11:28 - 2014-09-05 22:18 - 00031807 _____ () C:\zoek-results2014-09-06-021843.log
2014-09-09 11:16 - 2014-09-09 11:16 - 01290240 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\zoek.exe
2014-09-08 10:15 - 2014-09-08 10:15 - 00021490 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\gmer.log
2014-09-08 09:50 - 2014-09-08 09:50 - 00380416 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\xw1fmxqn.exe
2014-09-08 07:04 - 2014-09-08 07:04 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST-OlderVersion
2014-09-06 15:33 - 2014-09-11 07:57 - 00000000 ____D () C:\FRST
2014-09-06 15:27 - 2014-09-08 07:04 - 01097728 _____ (Farbar) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.exe
2014-09-05 22:08 - 2014-09-09 11:39 - 00005273 _____ () C:\zoek-results.log
2014-09-05 21:56 - 2014-09-09 11:39 - 00000000 ____D () C:\zoek_backup
2014-09-05 17:58 - 2014-09-05 17:58 - 00000000 ____D () C:\_OTL
2014-09-04 18:17 - 2014-09-04 18:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 18:13 - 2014-09-04 18:13 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 18:13 - 2014-09-04 18:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-04 18:13 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-04 18:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-04 11:24 - 2014-09-04 11:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-04 11:23 - 2014-09-04 11:23 - 00053314 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.Txt
2014-09-04 11:23 - 2014-09-04 11:23 - 00039752 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\Extras.Txt
2014-09-04 10:32 - 2014-09-04 10:32 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
2014-08-24 08:45 - 2014-09-08 16:00 - 00000664 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:58 - 2014-09-11 07:03 - 00011343 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.txt
2014-09-11 07:58 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Temp
2014-09-11 07:57 - 2014-09-06 15:33 - 00000000 ____D () C:\FRST
2014-09-11 07:57 - 2009-04-09 17:44 - 01514363 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-11 07:44 - 2012-11-06 10:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-11 06:26 - 2012-07-11 06:41 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-11 06:20 - 2014-03-27 06:35 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-11 06:20 - 2009-04-09 17:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-11 06:20 - 2009-04-09 10:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-11 06:20 - 2009-04-09 10:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-10 23:33 - 2009-04-09 17:51 - 00032520 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-10 23:32 - 2009-04-09 17:52 - 00000178 ___SH () C:\Documents and Settings\dad.JOHN-D0FA019223\ntuser.ini
2014-09-10 19:36 - 2014-04-20 15:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-09 15:45 - 2014-09-09 15:44 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-09-09 15:45 - 2012-07-11 06:36 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-09 15:45 - 2011-07-31 08:08 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 11:41 - 2014-09-09 11:41 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-09-09 11:39 - 2014-09-05 22:08 - 00005273 _____ () C:\zoek-results.log
2014-09-09 11:39 - 2014-09-05 21:56 - 00000000 ____D () C:\zoek_backup
2014-09-09 11:39 - 2009-04-09 17:51 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp
2014-09-09 11:33 - 2014-09-09 11:33 - 00000000 ____D () C:\Documents and Settings\Dad\Local Settings\Temp
2014-09-09 11:16 - 2014-09-09 11:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-09-09 11:16 - 2014-09-09 11:16 - 01290240 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\zoek.exe
2014-09-08 16:00 - 2014-08-24 08:45 - 00000664 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Local Settings\Application Data\d3d9caps.dat
2014-09-08 15:00 - 2014-03-27 06:35 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-08 10:15 - 2014-09-08 10:15 - 00021490 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\gmer.log
2014-09-08 09:50 - 2014-09-08 09:50 - 00380416 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\xw1fmxqn.exe
2014-09-08 07:21 - 2013-04-13 16:56 - 00002347 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-08 07:21 - 2013-04-13 16:56 - 00002347 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-08 07:04 - 2014-09-08 07:04 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST-OlderVersion
2014-09-08 07:04 - 2014-09-06 15:27 - 01097728 _____ (Farbar) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\FRST.exe
2014-09-07 18:32 - 2009-05-13 12:04 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\My Documents\Rockets
2014-09-06 19:23 - 2011-10-13 03:02 - 00346133 _____ () C:\WINDOWS\setupapi.log
2014-09-05 22:18 - 2014-09-09 11:28 - 00031807 _____ () C:\zoek-results2014-09-06-021843.log
2014-09-05 18:05 - 2014-07-24 07:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-05 17:58 - 2014-09-05 17:58 - 00000000 ____D () C:\_OTL
2014-09-04 18:17 - 2014-09-04 18:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 18:13 - 2014-09-04 18:13 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 18:13 - 2014-09-04 18:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\dad.JOHN-D0FA019223\Application Data\Malwarebytes
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-09-04 18:13 - 2011-08-29 07:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-09-04 11:25 - 2014-09-04 11:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-04 11:23 - 2014-09-04 11:23 - 00053314 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.Txt
2014-09-04 11:23 - 2014-09-04 11:23 - 00039752 _____ () C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\Extras.Txt
2014-09-04 10:32 - 2014-09-04 10:32 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\dad.JOHN-D0FA019223\Desktop\OTL.exe
2014-09-04 07:37 - 2009-04-09 17:41 - 00097857 _____ () C:\WINDOWS\wmsetup.log
2014-09-01 22:02 - 2004-08-04 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-15 03:14 - 2009-05-14 09:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2014-08-15 03:14 - 2009-05-14 09:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2014-08-15 03:11 - 2013-08-01 09:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-15 03:03 - 2009-04-09 20:31 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\Documents and Settings\Dad\neoteris_read_21006965.reg
C:\Documents and Settings\Dad\neoteris_read_5312057.reg
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex_runescape_preferences.dat
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex_runescape_preferences2.dat
C:\Documents and Settings\dad.JOHN-D0FA019223\jagex__preferences3.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 


  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)
 

I don't believe that your issues are malware related, however I want to perform some more scans just to be sure.

After peeking at system specifications I think that there isn't much to be done here...
 

==== System Specs ======================

Windows: Windows XP Home Edition Service Pack 3 (Build 2600)
Memory (RAM): 503 MB
CPU Info: Intel® Pentium® 4 CPU 2.80GHz
CPU Speed: 2723.9 MHz
Sound Card: SoundMAX Digital Audio |
Display Adapters: | NetMeeting driver | RDPDD Chained DD
Monitors: 1x;
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: RangeMax™ NEXT Wireless Adapter WN311B - Packet Scheduler Miniport
CD / DVD Drives: 1x (D: | ) D: HL-DT-STCD-RW GCE-8483B
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  70.9GB
Hard Disks - Free: C:  10.1GB
Manufacturer *: Dell Inc.               
BIOS Info: AT/AT COMPATIBLE | 01/10/05 | DELL   - 7
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc.           0M3918
Country: United States
Language: ENU



Let's finish the cleaning! :)
I'd also like to inform you that I will not be available until Monday (or Tuesday). But I've asked a friend to keep an eye on this thread, so you won't be alone here :)


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.



panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.
Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
  • 0

#15
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Have a great weekend.  

 

Next round:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/13/2014
Scan Time: 8:45:02 PM
Logfile: Mal csan log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.13.07
Rootkit Database: v2014.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: dad
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454824
Time Elapsed: 1 hr, 31 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-220523388-573735546-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, No Action By User, [f437836adf9c092db8694cd426ddcd33], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Datamngr.A, C:\Documents and Settings\dad.JOHN-D0FA019223\AppData\LocalLow\DataMngr, No Action By User, [32f9707db6c59b9b18affcda82805aa6], 
 
Files: 1
PUP.Optional.Datamngr.A, C:\Documents and Settings\dad.JOHN-D0FA019223\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, No Action By User, [32f9707db6c59b9b18affcda82805aa6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
 
 
 
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SHOWSUPERHIDDEN] to be changed to: 0
 
. REGKEY: HKLM\SOFTWARE\CONDUIT. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\APPDATALOW\SOFTWARE\CONDUIT. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\SMARTBAR. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\CONDUIT. Key to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\APPNOTIFICATION.JS to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\CLOSE.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\CLOSE.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\NEXT.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\NEXT_HOVER.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\POWERED-BY.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\PREV.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\PREV_HOVER.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\SETTINGS.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\CLOSE.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\NEXT.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\NEXT_HOVER.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\POWERED-BY.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\PREV.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\PREV_HOVER.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\SETTINGS.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\THUMBS.DB to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIKE.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\NEXT.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\NEXT_HOVER.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\POWERED-BY.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\PREV.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\PREV_HOVER.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\SETTINGS.PNG to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\THUMBS.DB to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\INITIALNOTIFICATION.HTML to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\MAIN.HTML to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\NOTIFICATIONDIALOGSTYLE.CSS to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\SAMPLENOTIFICATION.HTML to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\DIALOGSAPI.JS to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\PIE.HTC to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\SETTINGS.JS to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\DIALOGS\VERSION.TXT to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\FEEDS\HTTP___ALERTS_CONDUIT-SERVICES_COM_ROOT_1620587_1613894_US.XML to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT\COMMUNITY ALERTS\LANGUAGEPACKS\EN.XML to be deleted.
 
. FOLDER: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\CONDUIT to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\ILIVID PLAYER\SCRIPT.QSCRIPT to be deleted.
 
. FOLDER: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\LOCAL SETTINGS\APPLICATION DATA\ILIVID PLAYER to be deleted.
 
. FOLDER: C:\PROGRAM FILES\CONDUIT to be deleted.
 
. FILE: C:\DOCUMENTS AND SETTINGS\DAD.JOHN-D0FA019223\APPDATA\LOCALLOW\DATAMNGR\{7CA1F051-A4FB-4143-B263-02B41E571EED} to be deleted.
 
. FOLDER: C:\\DOCUMENTS AND SETTINGS\\DAD.JOHN-D0FA019223\\APPDATA\LOCALLOW\DATAMNGR to be deleted.
 
 
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP