Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

tijawani.DLL, zibipudo.DLL,govezamu.DLL. bogging down GF's dell i


  • This topic is locked This topic is locked

#1
elkski

elkski

    Member

  • Member
  • PipPipPip
  • 144 posts
Win xp so 3 just installed the other day.
Hi, my GF's laptop she hasn't used in 5 years is infected. She wants to start using it again but it is worthless. It gives three popups on all starts ups except this last one
Govezamu.dll
Tijawani.dll
Zibipudo.dll

It said update was ready the other day so I let it install sp3. Yes I guess it was that out of date.
Also getting the secure connection failed, invalid security certificate at all websites?

I will wait to hear if I should run mbam or not?
Thanks

Randy
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Topic moved to Virus, Spyware, and Malware Removal forum.
  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to GeeksToGo! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.

aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

  • 0

#4
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2014
Ran by enkhmart (administrator) on EKHMART on 08-09-2014 04:47:02
Running from C:\Documents and Settings\enkhmart\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel® Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
() C:\WINDOWS\system32\ati2evxx.exe
(Intel) C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
(Dell Inc.) C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
() C:\Program Files\Dell\QuickSet\quickset.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [155648 2005-01-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [32881 2003-11-19] ()
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [385024 2004-10-30] (Intel Corporation)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2004-08-31] (ATI Technologies, Inc.)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [684032 2005-09-01] ()
HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2005-11-25] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2005-11-25] (Apple Computer, Inc.)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] ()
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-31] (Corel, Inc.)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2011-05-13] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
HKLM\...\Run: [ac442c10] => rundll32.exe "C:\WINDOWS\system32\govezamu.dll",b
HKLM\...\Run: [CPMaf771f8c] => Rundll32.exe "c:\windows\system32\tijawani.dll",a
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [188416 2003-06-26] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard)
HKLM\...\Run: [DeviceDiscovery] => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [229437 2003-05-21] (Hewlett-Packard)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll ()
Winlogon\Notify\IntelWireless: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
HKU\S-1-5-20\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
HKU\S-1-5-21-2987564195-3664300104-303828230-1005\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKU\S-1-5-21-2987564195-3664300104-303828230-1005\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-2987564195-3664300104-303828230-1005\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [233936 2010-12-31] (Adobe Systems, Inc.)
HKU\S-1-5-21-2987564195-3664300104-303828230-1005\...\MountPoints2: {1f31f940-e85b-11d9-8f1b-0013ce554ee3} - E:\AboutYourMINI.exe
AppInit_DLLs: C:\WINDOWS\system32\bopedisu.dll => C:\WINDOWS\system32\bopedisu.dll File Not Found
AppInit_DLLs:  c:\windows\system32\tijawani.dll => c:\windows\system32\tijawani.dll File Not Found
Lsa: [Notification Packages] scecli C:\WINDOWS\system32\bopedisu.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
Startup: C:\Documents and Settings\enkhmart\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tijawani.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo....ei=utf-8&fr=ysp
SearchScopes: HKCU - DefaultScope {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo....ei=utf-8&fr=ysp
SearchScopes: HKCU - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo....ei=utf-8&fr=ysp
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Yahooo Search Protection -> {25BC7718-0BFA-40EA-B381-4B2D9732D686} -> C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: No Name -> {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -> C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name -> {c5c137a7-73ff-45d2-a152-4299eef3a486} -> C:\WINDOWS\system32\puwisuro.dll No File
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://nac3.app.byu.../auth/taweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1250442847704
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\enkhmart\Application Data\Mozilla\Firefox\Profiles\b0lwfx3t.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Documents and Settings\enkhmart\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Documents and Settings\enkhmart\Application Data\Mozilla\Firefox\Profiles\b0lwfx3t.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\enkhmart\Application Data\Mozilla\Firefox\Profiles\b0lwfx3t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-12-04]

Chrome:
=======
CHR HomePage: Default -> 0DFC6E712A9625EF60D8AF666DAE86F8E224E046AC45A7449E28972895D1A942
CHR DefaultSearchKeyword: Default -> 0EEDAC7B6B35DE4D002E40A8C9D8E05DB9D0C7100A5A2D613663A245C923792D
CHR DefaultSearchProvider: Default -> 23728026CA4620F9A7AE0386B18A184CA607481F234B5127547A29EF092FACB6
CHR DefaultSearchURL: Default -> AEC4DA69CC19CA345FFBD7E8DE93FCC85F6DC2B8A58A785220124DBF50186553
CHR CustomProfile: C:\Documents and Settings\enkhmart\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\enkhmart\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2006-07-07]
CHR Extension: (Google Drive) - C:\Documents and Settings\enkhmart\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2006-07-07]
CHR Extension: (YouTube) - C:\Documents and Settings\enkhmart\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2006-07-07]
CHR Extension: (Google Search) - C:\Documents and Settings\enkhmart\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2006-07-07]
CHR Extension: (Gmail) - C:\Documents and Settings\enkhmart\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2006-07-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [389120 2005-01-31] ()
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-05-13] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-05-13] (Symantec Corporation)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [86016 2004-09-07] (Intel Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-09-07] (Symantec Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-06-09] (Dell Inc.) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-09-07] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-09-07] (Intel Corporation ) [File not signed]
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1893728 2011-05-13] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [357744 2011-05-13] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839776 2011-05-13] (Symantec Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [225353 2004-09-07] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17056 2005-11-25] (Meetinghouse Data Communications) [File not signed]
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-03] (Dell Inc) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2005-11-25] (Windows ® 2000 DDK provider) [File not signed]
S3 COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed]
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2006-01-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2006-01-02] (Symantec Corporation)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [197120 2003-11-14] (Conexant Systems, Inc.)
R3 IWCA; C:\WINDOWS\System32\DRIVERS\iwca.sys [234496 2004-08-12] (Intel Corporation)
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140304.018\NAVENG.SYS [93272 2006-01-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140304.018\NAVEX15.SYS [1612376 2006-01-02] (Symantec Corporation)
R3 O2SCBUS; C:\WINDOWS\System32\DRIVERS\ozscr.sys [91823 2005-01-29] (O2Micro)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-08-31] (Intel Corporation) [File not signed]
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2011-05-13] (Symantec Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [284720 2011-05-13] (Symantec Corporation)
S3 SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [320944 2011-05-13] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [43696 2011-05-13] (Symantec Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2005-01-31] (SigmaTel, Inc.)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [125488 2011-05-13] (Symantec Corporation)
R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [26416 2011-05-13] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [188080 2011-05-13] (Symantec Corporation)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3210496 2004-10-21] (Intel® Corporation)
S3 bvrp_pci; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2099-12-31 63384:162 - 2009-04-01 13:13 - 00006456 ____H () C:\WINDOWS\system32\verizizo
2014-09-08 04:47 - 2014-09-08 04:48 - 00023415 _____ () C:\Documents and Settings\enkhmart\Desktop\FRST.txt
2014-09-08 04:45 - 2014-09-08 04:47 - 00000000 ____D () C:\FRST
2014-09-08 04:44 - 2014-09-08 04:44 - 01096704 _____ (Farbar) C:\Documents and Settings\enkhmart\Desktop\FRST.exe
2014-09-08 00:38 - 2014-09-08 00:44 - 00009452 _____ () C:\WINDOWS\KB2922229.log
2014-09-08 00:38 - 2014-09-08 00:44 - 00009450 _____ () C:\WINDOWS\KB2868626.log
2014-09-08 00:38 - 2014-09-08 00:44 - 00009369 _____ () C:\WINDOWS\KB2712808.log
2014-09-08 00:38 - 2014-09-08 00:44 - 00009287 _____ () C:\WINDOWS\KB2916036.log
2014-09-08 00:38 - 2014-09-08 00:44 - 00009285 _____ () C:\WINDOWS\KB2479943.log
2014-09-08 00:37 - 2014-09-08 00:44 - 00009245 _____ () C:\WINDOWS\KB2544893-v2.log
2014-09-08 00:37 - 2014-09-08 00:44 - 00009198 _____ () C:\WINDOWS\KB2478971.log
2014-09-08 00:37 - 2014-09-08 00:43 - 00009030 _____ () C:\WINDOWS\KB2491683.log
2014-09-08 00:37 - 2014-09-08 00:43 - 00008951 _____ () C:\WINDOWS\KB2345886.log
2014-09-08 00:37 - 2014-09-08 00:43 - 00008864 _____ () C:\WINDOWS\KB2585542.log
2014-09-08 00:37 - 2014-09-08 00:43 - 00008784 _____ () C:\WINDOWS\KB2631813.log
2014-09-08 00:36 - 2014-09-08 00:43 - 00008704 _____ () C:\WINDOWS\KB2691442.log
2014-09-08 00:36 - 2014-09-08 00:43 - 00008611 _____ () C:\WINDOWS\KB2847311.log
2014-09-08 00:36 - 2014-09-08 00:43 - 00008604 _____ () C:\WINDOWS\KB2115168.log
2014-09-08 00:36 - 2014-09-08 00:43 - 00008497 _____ () C:\WINDOWS\KB951978.log
2014-09-08 00:35 - 2014-09-08 00:43 - 00009053 _____ () C:\WINDOWS\KB2481109.log
2014-09-08 00:35 - 2014-09-08 00:43 - 00008439 _____ () C:\WINDOWS\KB2443105.log
2014-09-08 00:35 - 2014-09-08 00:43 - 00008359 _____ () C:\WINDOWS\KB2655992.log
2014-09-08 00:35 - 2014-09-08 00:42 - 00008276 _____ () C:\WINDOWS\KB2802968.log
2014-09-08 00:35 - 2014-09-08 00:42 - 00008192 _____ () C:\WINDOWS\KB2898715.log
2014-09-08 00:35 - 2014-09-08 00:42 - 00008107 _____ () C:\WINDOWS\KB2929961.log
2014-09-08 00:35 - 2014-09-08 00:42 - 00008104 _____ () C:\WINDOWS\KB2598479.log
2014-09-08 00:34 - 2014-09-08 00:42 - 00008998 _____ () C:\WINDOWS\KB2510581.log
2014-09-08 00:34 - 2014-09-08 00:42 - 00008634 _____ () C:\WINDOWS\KB2909212.log
2014-09-08 00:34 - 2014-09-08 00:42 - 00007989 _____ () C:\WINDOWS\KB982132.log
2014-09-08 00:34 - 2014-09-08 00:42 - 00007940 _____ () C:\WINDOWS\KB2507938.log
2014-09-08 00:34 - 2014-09-08 00:42 - 00007861 _____ () C:\WINDOWS\KB2780091.log
2014-09-08 00:33 - 2014-09-08 00:42 - 00007686 _____ () C:\WINDOWS\KB2876217.log
2014-09-08 00:33 - 2014-09-08 00:42 - 00007612 _____ () C:\WINDOWS\KB2483185.log
2014-09-08 00:33 - 2014-09-08 00:41 - 00008037 _____ () C:\WINDOWS\KB2930275.log
2014-09-08 00:33 - 2014-09-08 00:41 - 00007519 _____ () C:\WINDOWS\KB2864063.log
2014-09-08 00:33 - 2014-09-08 00:41 - 00007504 _____ () C:\WINDOWS\KB979687.log
2014-09-08 00:32 - 2014-09-08 00:41 - 00007821 _____ () C:\WINDOWS\KB2936068.log
2014-09-08 00:32 - 2014-09-08 00:41 - 00007440 _____ () C:\WINDOWS\KB2719985.log
2014-09-08 00:32 - 2014-09-08 00:41 - 00007439 _____ () C:\WINDOWS\KB2862152.log
2014-09-08 00:31 - 2014-09-08 00:41 - 00007680 _____ () C:\WINDOWS\KB2859537.log
2014-09-08 00:31 - 2014-09-08 00:41 - 00007348 _____ () C:\WINDOWS\KB2876331.log
2014-09-08 00:31 - 2014-09-08 00:41 - 00007348 _____ () C:\WINDOWS\KB2850869.log
2014-09-08 00:31 - 2014-09-08 00:40 - 00007268 _____ () C:\WINDOWS\KB2820917.log
2014-09-08 00:30 - 2014-09-08 00:40 - 00007263 _____ () C:\WINDOWS\KB2893294.log
2014-09-08 00:30 - 2014-09-08 00:40 - 00007188 _____ () C:\WINDOWS\KB2757638.log
2014-09-08 00:30 - 2014-09-08 00:40 - 00007110 _____ () C:\WINDOWS\KB2419632.log
2014-09-08 00:30 - 2014-09-08 00:40 - 00007016 _____ () C:\WINDOWS\KB2508429.log
2014-09-08 00:30 - 2014-09-08 00:40 - 00006931 _____ () C:\WINDOWS\KB2653956.log
2014-09-08 00:29 - 2014-09-08 00:40 - 00006846 _____ () C:\WINDOWS\KB2749655.log
2014-09-08 00:29 - 2014-09-08 00:40 - 00006758 _____ () C:\WINDOWS\KB971029.log
2014-09-08 00:29 - 2014-09-08 00:40 - 00006684 _____ () C:\WINDOWS\KB2506212.log
2014-09-08 00:29 - 2014-09-08 00:40 - 00006678 _____ () C:\WINDOWS\KB2892075.log
2014-09-08 00:29 - 2014-09-08 00:39 - 00006642 _____ () C:\WINDOWS\KB2705219-v2.log
2014-09-08 00:28 - 2014-09-08 00:39 - 00006510 _____ () C:\WINDOWS\KB2619339.log
2014-09-08 00:28 - 2014-09-08 00:39 - 00006427 _____ () C:\WINDOWS\KB2727528.log
2014-09-08 00:27 - 2014-09-08 00:39 - 00007205 _____ () C:\WINDOWS\KB2813345.log
2014-09-08 00:26 - 2014-09-08 00:39 - 00007827 _____ () C:\WINDOWS\KB2676562.log
2014-09-08 00:26 - 2014-09-08 00:39 - 00006186 _____ () C:\WINDOWS\KB2509553.log
2014-09-08 00:26 - 2014-09-08 00:39 - 00006080 _____ () C:\WINDOWS\KB982665.log
2014-09-08 00:25 - 2014-09-08 00:39 - 00005921 _____ () C:\WINDOWS\KB2620712.log
2014-09-08 00:16 - 2014-09-08 00:24 - 00005912 _____ () C:\WINDOWS\KB2584146.log
2014-09-07 23:58 - 2014-09-08 00:16 - 00000000 ____D () C:\WINDOWS\LastGood

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 04:48 - 2014-09-08 04:47 - 00023415 _____ () C:\Documents and Settings\enkhmart\Desktop\FRST.txt
2014-09-08 04:48 - 2009-01-30 13:31 - 00000000 ____D () C:\Documents and Settings\enkhmart\Local Settings\Temp
2014-09-08 04:47 - 2014-09-08 04:45 - 00000000 ____D () C:\FRST
2014-09-08 04:44 - 2014-09-08 04:44 - 01096704 _____ (Farbar) C:\Documents and Settings\enkhmart\Desktop\FRST.exe
2014-09-08 01:58 - 2006-07-07 13:53 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 00:57 - 2004-08-11 18:13 - 01466110 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-08 00:44 - 2014-09-08 00:38 - 00009452 _____ () C:\WINDOWS\KB2922229.log
2014-09-08 00:44 - 2014-09-08 00:38 - 00009450 _____ () C:\WINDOWS\KB2868626.log
2014-09-08 00:44 - 2014-09-08 00:38 - 00009369 _____ () C:\WINDOWS\KB2712808.log
2014-09-08 00:44 - 2014-09-08 00:38 - 00009287 _____ () C:\WINDOWS\KB2916036.log
2014-09-08 00:44 - 2014-09-08 00:38 - 00009285 _____ () C:\WINDOWS\KB2479943.log
2014-09-08 00:44 - 2014-09-08 00:37 - 00009245 _____ () C:\WINDOWS\KB2544893-v2.log
2014-09-08 00:44 - 2014-09-08 00:37 - 00009198 _____ () C:\WINDOWS\KB2478971.log
2014-09-08 00:43 - 2014-09-08 00:37 - 00009030 _____ () C:\WINDOWS\KB2491683.log
2014-09-08 00:43 - 2014-09-08 00:37 - 00008951 _____ () C:\WINDOWS\KB2345886.log
2014-09-08 00:43 - 2014-09-08 00:37 - 00008864 _____ () C:\WINDOWS\KB2585542.log
2014-09-08 00:43 - 2014-09-08 00:37 - 00008784 _____ () C:\WINDOWS\KB2631813.log
2014-09-08 00:43 - 2014-09-08 00:36 - 00008704 _____ () C:\WINDOWS\KB2691442.log
2014-09-08 00:43 - 2014-09-08 00:36 - 00008611 _____ () C:\WINDOWS\KB2847311.log
2014-09-08 00:43 - 2014-09-08 00:36 - 00008604 _____ () C:\WINDOWS\KB2115168.log
2014-09-08 00:43 - 2014-09-08 00:36 - 00008497 _____ () C:\WINDOWS\KB951978.log
2014-09-08 00:43 - 2014-09-08 00:35 - 00009053 _____ () C:\WINDOWS\KB2481109.log
2014-09-08 00:43 - 2014-09-08 00:35 - 00008439 _____ () C:\WINDOWS\KB2443105.log
2014-09-08 00:43 - 2014-09-08 00:35 - 00008359 _____ () C:\WINDOWS\KB2655992.log
2014-09-08 00:42 - 2014-09-08 00:35 - 00008276 _____ () C:\WINDOWS\KB2802968.log
2014-09-08 00:42 - 2014-09-08 00:35 - 00008192 _____ () C:\WINDOWS\KB2898715.log
2014-09-08 00:42 - 2014-09-08 00:35 - 00008107 _____ () C:\WINDOWS\KB2929961.log
2014-09-08 00:42 - 2014-09-08 00:35 - 00008104 _____ () C:\WINDOWS\KB2598479.log
2014-09-08 00:42 - 2014-09-08 00:34 - 00008998 _____ () C:\WINDOWS\KB2510581.log
2014-09-08 00:42 - 2014-09-08 00:34 - 00008634 _____ () C:\WINDOWS\KB2909212.log
2014-09-08 00:42 - 2014-09-08 00:34 - 00007989 _____ () C:\WINDOWS\KB982132.log
2014-09-08 00:42 - 2014-09-08 00:34 - 00007940 _____ () C:\WINDOWS\KB2507938.log
2014-09-08 00:42 - 2014-09-08 00:34 - 00007861 _____ () C:\WINDOWS\KB2780091.log
2014-09-08 00:42 - 2014-09-08 00:33 - 00007686 _____ () C:\WINDOWS\KB2876217.log
2014-09-08 00:42 - 2014-09-08 00:33 - 00007612 _____ () C:\WINDOWS\KB2483185.log
2014-09-08 00:41 - 2014-09-08 00:33 - 00008037 _____ () C:\WINDOWS\KB2930275.log
2014-09-08 00:41 - 2014-09-08 00:33 - 00007519 _____ () C:\WINDOWS\KB2864063.log
2014-09-08 00:41 - 2014-09-08 00:33 - 00007504 _____ () C:\WINDOWS\KB979687.log
2014-09-08 00:41 - 2014-09-08 00:32 - 00007821 _____ () C:\WINDOWS\KB2936068.log
2014-09-08 00:41 - 2014-09-08 00:32 - 00007440 _____ () C:\WINDOWS\KB2719985.log
2014-09-08 00:41 - 2014-09-08 00:32 - 00007439 _____ () C:\WINDOWS\KB2862152.log
2014-09-08 00:41 - 2014-09-08 00:31 - 00007680 _____ () C:\WINDOWS\KB2859537.log
2014-09-08 00:41 - 2014-09-08 00:31 - 00007348 _____ () C:\WINDOWS\KB2876331.log
2014-09-08 00:41 - 2014-09-08 00:31 - 00007348 _____ () C:\WINDOWS\KB2850869.log
2014-09-08 00:40 - 2014-09-08 00:31 - 00007268 _____ () C:\WINDOWS\KB2820917.log
2014-09-08 00:40 - 2014-09-08 00:30 - 00007263 _____ () C:\WINDOWS\KB2893294.log
2014-09-08 00:40 - 2014-09-08 00:30 - 00007188 _____ () C:\WINDOWS\KB2757638.log
2014-09-08 00:40 - 2014-09-08 00:30 - 00007110 _____ () C:\WINDOWS\KB2419632.log
2014-09-08 00:40 - 2014-09-08 00:30 - 00007016 _____ () C:\WINDOWS\KB2508429.log
2014-09-08 00:40 - 2014-09-08 00:30 - 00006931 _____ () C:\WINDOWS\KB2653956.log
2014-09-08 00:40 - 2014-09-08 00:29 - 00006846 _____ () C:\WINDOWS\KB2749655.log
2014-09-08 00:40 - 2014-09-08 00:29 - 00006758 _____ () C:\WINDOWS\KB971029.log
2014-09-08 00:40 - 2014-09-08 00:29 - 00006684 _____ () C:\WINDOWS\KB2506212.log
2014-09-08 00:40 - 2014-09-08 00:29 - 00006678 _____ () C:\WINDOWS\KB2892075.log
2014-09-08 00:39 - 2014-09-08 00:29 - 00006642 _____ () C:\WINDOWS\KB2705219-v2.log
2014-09-08 00:39 - 2014-09-08 00:28 - 00006510 _____ () C:\WINDOWS\KB2619339.log
2014-09-08 00:39 - 2014-09-08 00:28 - 00006427 _____ () C:\WINDOWS\KB2727528.log
2014-09-08 00:39 - 2014-09-08 00:27 - 00007205 _____ () C:\WINDOWS\KB2813345.log
2014-09-08 00:39 - 2014-09-08 00:26 - 00007827 _____ () C:\WINDOWS\KB2676562.log
2014-09-08 00:39 - 2014-09-08 00:26 - 00006186 _____ () C:\WINDOWS\KB2509553.log
2014-09-08 00:39 - 2014-09-08 00:26 - 00006080 _____ () C:\WINDOWS\KB982665.log
2014-09-08 00:39 - 2014-09-08 00:25 - 00005921 _____ () C:\WINDOWS\KB2620712.log
2014-09-08 00:38 - 2005-11-25 21:29 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-09-08 00:24 - 2014-09-08 00:16 - 00005912 _____ () C:\WINDOWS\KB2584146.log
2014-09-08 00:16 - 2014-09-07 23:58 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-08 00:06 - 2009-03-04 16:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-07 23:59 - 2004-08-11 18:02 - 00000000 ____D () C:\WINDOWS\Help
2014-09-07 23:58 - 2005-11-25 21:16 - 00958230 _____ () C:\WINDOWS\setupapi.log

Some content of TEMP:
====================
C:\Documents and Settings\enkhmart\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\enkhmart\Local Settings\Temp\hpfinst.dll
C:\Documents and Settings\enkhmart\Local Settings\Temp\hpfpaste.exe
C:\Documents and Settings\enkhmart\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\enkhmart\Local Settings\Temp\uninst.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-09-2014
Ran by enkhmart at 2014-09-08 04:48:28
Running from C:\Documents and Settings\enkhmart\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
AOLIcon (Version: 1.00.0000 - Dell) Hidden
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5120 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.052-040831a-019378C-Dell - )
Banctec Service Agreement (HKLM\...\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}) (Version: 1.10.0000 - Dell)
Broadcom Management Programs 2 (HKLM\...\InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}) (Version: 7.82.01 - Broadcom)
Broadcom Management Programs 2 (Version: 7.82.01 - Broadcom) Hidden
Conexant D480 MDC V.9x Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Consumer Complete Care Services Agreement (HKLM\...\{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}) (Version: 1.10.0000 - Dell)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
Dasher (HKLM\...\DASHER) (Version:  - )
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Game Console (HKLM\...\Dell Game Console) (Version:  - WildTangent)
Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.00 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
EducateU (HKLM\...\{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
hp deskjet 5800 (HKLM\...\{783CC691-222D-4DA8-880C-EFC3D2A510AF}) (Version: 2.00.0000 - Hewlett-Packard)
HP Photo and Imaging 2.0 - Deskjet Series (HKLM\...\{E0828692-FD9D-459F-9312-C645C3CA6650}) (Version: 2.00.0001 - {&Tahoma8}Hewlett-Packard)
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 9.00.0000 - Intel Corporation)
Internal Network Card Power Management (HKLM\...\{1F528948-0E80-4C96-B455-DE4167CB1DF7}) (Version: 1.7.1 - )
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.99 - Symantec Corporation)
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
mCore (Version: 1.19.0000 - Intel Corporation) Hidden
MCU (Version: 1.00.0000 - Dell) Hidden
mDrWiFi (Version: 1.19.0000 - Intel Corporation) Hidden
mHlpDell (Version: 1.19.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Encarta Encyclopedia Standard 2005 (HKLM\...\{05410044-64A6-4248-A026-9745C1E9E159}) (Version: 2005 - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Picture It! Library 10 (Version: 10.0.0612 - Microsoft Corporation) Hidden
Microsoft Picture It! Premium 10 (HKLM\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (Version: 10.0.0612 - Microsoft Corporation) Hidden
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Streets and Trips 2005 (HKLM\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft Works 2005 Setup Launcher (HKLM\...\Works2005Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)
mIWA (Version: 1.19.0000 - Intel Corporation) Hidden
mIWCA (Version: 1.19.0000 - Intel Corporation) Hidden
mLogView (Version: 1.19.0000 - Intel Corporation) Hidden
mMHouse (Version: 1.19.0000 - Intel Corporation) Hidden
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.31 - BVRP Software)
Mozilla Firefox (3.0.19) (HKLM\...\Mozilla Firefox (3.0.19)) (Version: 3.0.19 (en-US) - Mozilla)
mPfMgr (Version: 1.19.0000 - Intel Corporation) Hidden
mPfWiz (Version: 1.19.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSSO (Version: 1.19.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mToolkit (Version: 1.19.0000 - Intel Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 1.19.0000 - Intel Corporation) Hidden
MyWay Search Assistant (HKLM\...\{E7559288-223B-453C-9F06-340E3BE21E39}) (Version: 1.0.1 - MyWay)
mZConfig (Version: 1.19.0000 - Intel Corporation) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.15 - BVRP Software, Inc)
NetZeroInstallers (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Photo Click (HKLM\...\{6E179C77-7335-458D-9537-4F4EAC0181ED}) (Version: 1.0.0 - Photo Click)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PrintScreen (HKLM\...\{CFD1B282-555D-494d-8231-4175C2AF08C2}) (Version: 5.30.0.131 - Hewlett-Packard)
QuickBooks Simple Start Special Edition (HKLM\...\{14374619-0900-4056-BA06-C87C900AF9E6}) (Version:  - )
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 5.8.0 - )
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Symantec Endpoint Protection (HKLM\...\{84B70C16-7032-41EE-965C-3C8D9D566CBB}) (Version: 11.0.6200.754 - Symantec Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2509470) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1365864D-4C58-489D-9982-844D75691CCC}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (KB2536413) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{95DF5260-331D-4FFD-A2D5-C64164751945}) (Version:  - Microsoft)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (HKLM\...\KB976749) (Version: 1 - Microsoft Corporation)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 10 (Version: 9.00.3636 - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2987564195-3664300104-303828230-1005_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Documents and Settings\enkhmart\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-2987564195-3664300104-303828230-1005_Classes\CLSID\{AC7B8464-A896-4A6E-993D-1A816A56C541}\InprocServer32 -> C:\Program Files\Hewlett-Packard\webreg\bin\hpqconn.dll ()
CustomCLSID: HKU\S-1-5-21-2987564195-3664300104-303828230-1005_Classes\CLSID\{DAEF8078-EA44-4338-B4A0-67E957601676}\InprocServer32 -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWUIOCli.dll (Hewlett-Packard)

==================== Restore Points  =========================

08-09-2014 06:01:57 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 18:00 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2005-11-25 21:09 - 2005-01-31 17:43 - 00086016 _____ () C:\WINDOWS\system32\Ati2evxx.dll
2005-11-25 21:09 - 2005-01-31 17:43 - 00389120 _____ () C:\WINDOWS\system32\Ati2evxx.exe
2004-09-07 17:03 - 2004-09-07 17:03 - 00073728 _____ () C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
2004-08-12 09:44 - 2004-08-12 09:44 - 00016384 _____ () C:\WINDOWS\system32\iwca.dll
2005-11-25 21:34 - 2005-07-26 19:46 - 00069632 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2003-11-19 18:48 - 2003-11-19 18:48 - 00032881 _____ () C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
2005-11-25 21:34 - 2005-09-01 18:24 - 00684032 _____ () C:\Program Files\Dell\QuickSet\quickset.exe
2005-11-25 21:34 - 2005-06-29 13:44 - 00090223 _____ () C:\Program Files\Dell\QuickSet\preflibcl.dll
2005-01-27 02:02 - 2005-01-27 02:02 - 00086016 _____ () C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2010-12-04 09:49 - 2010-06-01 11:17 - 00929792 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2012 06:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mshta.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/02/2011 03:02:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mshta.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/20/2011 05:55:40 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: The data is invalid.

Error: (05/20/2011 05:49:37 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: The data is invalid.

Error: (05/20/2011 05:49:35 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: The data is invalid.

Error: (05/20/2011 05:49:06 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: The data is invalid.

Error: (05/13/2011 01:17:30 PM) (Source: SescLU) (EventID: 13) (User: )
Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.

Error: (04/09/2011 00:12:25 PM) (Source: Userenv) (EventID: 1068) (User: NT AUTHORITY)
Description: Windows ended GPO processing because the computer shut down or the user logged off.

Error: (04/09/2011 11:10:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application CLVIEW.EXE, version 12.0.6413.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/22/2011 05:52:24 PM) (Source: Microsoft Office 12) (EventID: 5000) (User: )
Description: EventType officelifeboathang, P1 winword.exe, P2 12.0.6545.5000, P3 wwlib.dll, P4 12.0.6545.5000, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.


System errors:
=============
Error: (09/07/2014 11:59:17 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (07/15/2011 06:42:28 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (07/12/2011 08:36:49 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/27/2011 05:40:21 PM) (Source: ipnathlp) (EventID: 32003) (User: )
Description: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Error: (05/20/2011 05:49:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%1053

Error: (05/20/2011 05:49:39 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (05/20/2011 05:49:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

Error: (05/17/2011 08:55:18 AM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.138 on the
Network Card with network address 0013CE554EE3.

Error: (05/13/2011 10:04:33 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/06/2011 09:09:59 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.


Microsoft Office Sessions:
=========================
Error: (12/06/2009 09:21:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/28/2009 06:38:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/19/2009 04:44:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1290 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (08/11/2009 05:11:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1673 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (07/05/2009 08:44:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2037 seconds with 1740 seconds of active time.  This session ended with a crash.

Error: (06/14/2009 03:31:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1786 seconds with 1260 seconds of active time.  This session ended with a crash.

Error: (03/04/2009 04:35:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.70GHz
Percentage of memory in use: 85%
Total physical RAM: 511.23 MB
Available physical RAM: 71.98 MB
Total Pagefile: 1249.29 MB
Available Pagefile: 784.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:70.28 GB) (Free:49.43 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=70.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.2 GB) - (Type=DB)

==================== End Of Log ============================

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-08 04:52:22
-----------------------------
04:52:22.314    OS Version: Windows 5.1.2600 Service Pack 3
04:52:22.314    Number of processors: 1 586 0xD06
04:52:22.314    ComputerName: EKHMART  UserName:
04:52:23.225    Initialize success
04:52:23.415    VM: initialized successfully
04:52:23.435    VM: Intel CPU virtualization not supported
05:01:29.781    The log file has been saved successfully to "C:\Documents and Settings\enkhmart\Desktop\aswMBR.txt"

 


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, let's get to work . :)

Please note that Windows XP is not longer supported by Microsoft. There will be no further security fixes or updates to address any newfound vulnerabilities. We can clean your machine, but it will remain vulnerable to new infections. I highly recommend you don't keep or store any passwords or private information on this machine due to these reasons.

Also, you may consider upgrading the machine to Windows 7. You can test the machine and see if it will support Windows 7 by clicking the link below.

http://www.microsoft...ails.aspx?id=20

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls


Please uninstall the following programs from your machine as they are adware/malware related programs.
  • MyWay Search Assistant
  • Yahoo! Search Protection
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
HKLM\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
C:\WINDOWS\system32\zibipudo.dll
HKLM\...\Run: [ac442c10] => rundll32.exe "C:\WINDOWS\system32\govezamu.dll",b
C:\WINDOWS\system32\govezamu.dll
HKLM\...\Run: [CPMaf771f8c] => Rundll32.exe "c:\windows\system32\tijawani.dll",a
c:\windows\system32\tijawani.dll
HKU\S-1-5-19\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
HKU\S-1-5-20\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
AppInit_DLLs: C:\WINDOWS\system32\bopedisu.dll => C:\WINDOWS\system32\bopedisu.dll File Not Found
AppInit_DLLs: c:\windows\system32\tijawani.dll => c:\windows\system32\tijawani.dll File Not Found
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tijawani.dll No File
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
BHO: No Name -> {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -> C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
BHO: No Name -> {c5c137a7-73ff-45d2-a152-4299eef3a486} -> C:\WINDOWS\system32\puwisuro.dll No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

  • 0

#6
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Just about finished. But I did jrt after adware instead of frst?
Then two times frst stopped during to say it encountered a problem and needs to close and asked if I wanted to send bug report to Microsoft.

I am getting some sort of browser redirect still which makes it very hard to post from the infected laptop. I have to hit back and then stopit just right or it goes blank and searching???
  • 0

#7
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I had to copy this info to a flash drive and send from another computer. 
The browser or internet connection just wont let me do it?  
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-09-2014
Ran by enkhmart at 2014-09-08 08:55:54 Run:1
Running from C:\Documents and Settings\enkhmart\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
HKLM\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
C:\WINDOWS\system32\zibipudo.dll
HKLM\...\Run: [ac442c10] => rundll32.exe "C:\WINDOWS\system32\govezamu.dll",b
C:\WINDOWS\system32\govezamu.dll
HKLM\...\Run: [CPMaf771f8c] => Rundll32.exe "c:\windows\system32\tijawani.dll",a
c:\windows\system32\tijawani.dll
HKU\S-1-5-19\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
HKU\S-1-5-20\...\Run: [getimehaze] => Rundll32.exe "C:\WINDOWS\system32\zibipudo.dll",s
AppInit_DLLs: C:\WINDOWS\system32\bopedisu.dll => C:\WINDOWS\system32\bopedisu.dll File Not Found
AppInit_DLLs: c:\windows\system32\tijawani.dll => c:\windows\system32\tijawani.dll File Not Found
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tijawani.dll No File
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
BHO: No Name -> {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -> C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
BHO: No Name -> {c5c137a7-73ff-45d2-a152-4299eef3a486} -> C:\WINDOWS\system32\puwisuro.dll No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\getimehaze => value deleted successfully.
"C:\WINDOWS\system32\zibipudo.dll" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ac442c10 => value deleted successfully.
"C:\WINDOWS\system32\govezamu.dll" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMaf771f8c => value deleted successfully.
"c:\windows\system32\tijawani.dll" => File/Directory not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\getimehaze => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\getimehaze => value deleted successfully.
"C:\WINDOWS\system32\bopedisu.dll" => Value Data removed successfully.
"c:\windows\system32\tijawani.dll" => Value Data removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL => value deleted successfully.
"HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}" => Key not found.
"HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5c137a7-73ff-45d2-a152-4299eef3a486}" => Key deleted successfully.
"HKCR\CLSID\{c5c137a7-73ff-45d2-a152-4299eef3a486}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} => value deleted successfully.
"HKCR\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}" => Key not found.
 
=========  netsh advfirewall reset =========
 
The following command was not found: advfirewall reset.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
The following command was not found: advfirewall set allprofiles state on.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1 GB temporary data.
 
 
The system needed a reboot.
 
==== End of Fixlog ====
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by enkhmart on Mon 09/08/2014 at 19:46:26.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/08/2014 at 19:58:26.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
# AdwCleaner v3.309 - Report created 08/09/2014 at 19:37:00
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : enkhmart - EKHMART
# Running from : C:\Documents and Settings\enkhmart\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
Folder Deleted : C:\Documents and Settings\enkhmart\Application Data\Mozilla\Firefox\Profiles\b0lwfx3t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\services.exe]
Key Deleted : HKCU\Software\MyWaySA
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v6.0.2900.5512
 
 
-\\ Mozilla Firefox v3.0.19 (en-US)
 
[ File : C:\Documents and Settings\enkhmart\Application Data\Mozilla\Firefox\Profiles\b0lwfx3t.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Documents and Settings\enkhmart\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2489 octets] - [08/09/2014 19:23:57]
AdwCleaner[S0].txt - [2442 octets] - [08/09/2014 19:37:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2502 octets] ##########
c
 
 
 
Cant get frst to run..

  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
What kind of error are you getting when attempting to run FRST for the fresh scan?
  • 0

#9
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I have left GF's. So i can only go by !memory. It is a pop up box saying this operation can't finish do you want to send error report to Microsoft.
  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Let's try a different tool to get a log. :thumbsup:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on attach_add.png to insert the attachment into your post

  • 0

Advertisements


#11
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
It will be Tues or wed till I get to gf house. But I will get on it.
  • 0

#12
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
OK so for some reason I can get browser on another website but it does a redirect away from geeks?
  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

OK so for some reason I can get browser on another website but it does a redirect away from geeks?


That's a good question :) Have you been able to run DDS scan?
  • 0

#14
elkski

elkski

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

having to hit  back button then stop and can barely use the browser on this site.

IT didn't ask me to do a a second scan but said two reports would be generated.

 

 

 

 

I dont think this laptop has flash player 9 so hope it is ok to send the text in the post. as I could attach it.

Randy

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by enkhmart at 9:11:42 on 2014-09-10
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.148 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com...rch/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
dURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\enkhmart\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://nac3.app.byu.edu/auth/taweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250442847704
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{031AE729-2FDB-4299-A334-AB50E82EFC3F} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages =  scecli c:\windows\system32\bopedisu.dll
  h “
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\enkhmart\application data\mozilla\firefox\profiles\b0lwfx3t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\documents and settings\enkhmart\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-5-13 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-5-13 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-5-13 1839776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2006-1-3 108120]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20140304.018\NAVENG.SYS [2006-1-3 93272]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20140304.018\NAVEX15.SYS [2006-1-3 1612376]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-12-11 23888]
.
=============== Created Last 30 ================
.
2014-09-09 14:10:24    --------    d-----w-    c:\windows\system32\MRT
2014-09-09 13:12:46    --------    d-----w-    c:\windows\SxsCaPendDel
2014-09-09 00:23:22    --------    d-----w-    C:\AdwCleaner
2014-09-08 15:01:36    --------    d-----w-    c:\windows\ERUNT
2014-09-08 09:45:57    --------    d-----w-    C:\FRST
2014-09-08 05:38:39    954368    ------w-    c:\windows\system32\dllcache\mfc40.dll
2014-09-08 05:38:38    953856    ------w-    c:\windows\system32\dllcache\mfc40u.dll
2014-09-08 05:38:05    13312    ------w-    c:\windows\system32\xp_eos.exe
2014-09-08 05:38:05    13312    ------w-    c:\windows\system32\dllcache\xp_eos.exe
2014-09-08 05:37:10    617472    ------w-    c:\windows\system32\dllcache\comctl32.dll
2014-09-08 05:34:50    25088    ------w-    c:\windows\system32\dllcache\hidparse.sys
2014-09-08 05:34:50    14976    ------w-    c:\windows\system32\dllcache\usbscan.sys
2014-09-08 05:32:05    105472    ------w-    c:\windows\system32\dllcache\mup.sys
2014-09-08 05:31:24    12928    ------w-    c:\windows\system32\dllcache\usb8023x.sys
2014-09-08 05:31:24    12928    ------w-    c:\windows\system32\dllcache\usb8023.sys
2014-09-08 05:31:07    60160    ------w-    c:\windows\system32\dllcache\usbaudio.sys
2014-09-08 05:31:07    46848    ------w-    c:\windows\system32\dllcache\irbus.sys
2014-09-08 05:31:07    123008    ------w-    c:\windows\system32\dllcache\usbvideo.sys
2014-09-08 05:29:09    536576    ------w-    c:\windows\system32\dllcache\msado15.dll
2014-09-08 05:28:12    139784    ------w-    c:\windows\system32\dllcache\rdpwd.sys
2014-09-08 05:28:04    30336    ------w-    c:\windows\system32\dllcache\usbehci.sys
2014-09-08 05:28:03    5376    ------w-    c:\windows\system32\dllcache\usbd.sys
2014-09-08 05:28:02    32384    ------w-    c:\windows\system32\dllcache\usbccgp.sys
2014-09-08 05:28:02    144128    ------w-    c:\windows\system32\dllcache\usbport.sys
2014-09-08 05:24:52    10496    ------w-    c:\windows\system32\dllcache\ndistapi.sys
2014-09-08 05:23:01    3072    ------w-    c:\windows\system32\iacenc.dll
2014-09-08 05:23:01    3072    ------w-    c:\windows\system32\dllcache\iacenc.dll
2014-09-08 05:22:57    40960    ------w-    c:\windows\system32\dllcache\ndproxy.sys
2014-09-08 05:15:32    45568    ------w-    c:\windows\system32\dllcache\wab.exe
.
==================== Find3M  ====================
.
.
============= FINISH:  9:13:24.35 ===============

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2009 12:30:11 PM
System Uptime: 9/10/2014 8:46:20 AM (1 hours ago)
.
Motherboard: Dell Computer Corporation |  |       
Processor:         Intel® Pentium® M processor 1.70GHz | Microprocessor | 1693/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 47.957 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP154: 9/8/2014 1:01:57 AM - System Checkpoint
RP155: 9/8/2014 8:42:00 AM - Removed MyWay Search Assistant
RP156: 9/9/2014 7:20:04 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
ALPS Touch Pad Driver
AOLIcon
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Broadcom Management Programs 2
Conexant D480 MDC V.9x Modem
Consumer Complete Care Services Agreement
Corel Photo Album 6
Dasher
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
EducateU
Google Chrome
Google Update Helper
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
hp deskjet 5800
HP Photo and Imaging 2.0 - Deskjet Series
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Flash Player
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders  (English) 12
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.19)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
NetZeroInstallers
Photo Click
PokerStars
PowerDVD 5.5
PrintScreen
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer Basic
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2909212)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB2936068)
Security Update for Windows XP (KB2964358)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shockwave
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Symantec Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Works Upgrade
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
 

 

 

 


  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

having to hit back button then stop and can barely use the browser on this site.

IT didn't ask me to do a a second scan but said two reports would be generated.

Ok, that's fine. :) It produced the logs, but not seeing anything in there that would cause the symptoms of redirects and slowness. What browser are you using that's giving the issues?

It could be just an old machine on it's last legs, but let's take a deeper look. :thumbsup:

Let's see if we can get a scan with TDSSKiller.



Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post

TDSSKiller Log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP