Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus Keeps Reporting an Infection but Can't Delete It! [S


  • This topic is locked This topic is locked

#16
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

...ESET warning is still there :(


  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is something strange occurring here

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#18
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I just ran Combofix. Here is the log:

 

ComboFix 15-10-09.01 - XP POWER 10/12/2015  16:25:41.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1905 [GMT -7:00]
Running from: c:\documents and settings\XP POWER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-12 to 2015-10-12  )))))))))))))))))))))))))))))))
.
.
2015-10-12 01:03 . 2015-10-12 01:03 -------- d-----w- c:\windows\LastGood
2015-10-11 15:55 . 2015-10-11 18:58 -------- d-----w- C:\FRST
2015-10-11 15:52 . 2015-10-11 15:52 -------- d-----w- c:\windows\ERUNT
2015-10-10 07:28 . 2015-10-10 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2015-10-10 07:28 . 2015-10-10 07:28 -------- d-----w- c:\program files\Kaspersky Lab
2015-10-10 06:59 . 2015-10-10 06:59 -------- d-----w- c:\documents and settings\XP POWER\Application Data\Runscanner.net
2015-10-10 06:51 . 2015-10-10 17:56 -------- d-----w- c:\documents and settings\XP POWER\Application Data\QuickScan
2015-10-09 23:09 . 2015-10-09 23:09 32384 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-10-09 22:49 . 2015-10-09 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2015-10-09 22:29 . 2015-10-09 22:29 -------- d-----w- c:\program files\Simple Media Player
2015-10-09 22:28 . 2015-10-09 23:20 -------- d-----w- c:\documents and settings\XP POWER\Application Data\RunDir
2015-10-09 22:28 . 2015-10-10 00:16 -------- d-----w- c:\documents and settings\XP POWER\Application Data\NetService
2015-10-09 22:28 . 2015-10-09 23:30 -------- d-----w- c:\program files\jogotempo
2015-10-09 22:28 . 2015-10-10 00:16 -------- d-----w- c:\program files\Feed Notifier
2015-10-09 22:28 . 2015-10-09 23:30 -------- d-----w- c:\program files\OnePCOptimizer
2015-10-09 22:28 . 2015-10-09 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DataFile
2015-10-09 22:27 . 2015-10-09 22:27 -------- d-----w- c:\windows\system32\gyo
2015-10-09 22:25 . 2015-10-09 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 22:16 . 2015-10-11 19:04 -------- d-----w- c:\documents and settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 22:07 . 2008-04-14 11:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2015-10-09 22:07 . 2015-10-09 22:07 -------- d-----w- c:\program files\Windows Media Connect 2
2015-10-08 13:35 . 2015-10-08 13:35 186880 ----a-w- c:\windows\system32\rsrcs.dll
2015-10-07 14:13 . 2015-10-07 14:13 23552 ----a-w- c:\windows\system32\HardwareInformation.exe
2015-09-24 16:48 . 2015-09-24 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2015-09-20 00:40 . 2015-09-20 00:40 -------- d-----w- c:\program files\InterLok
2015-09-20 00:40 . 2015-09-20 00:40 -------- d-----w- c:\windows\Downloaded Installations
2015-09-20 00:39 . 2015-09-20 00:39 -------- d-----w- c:\documents and settings\XP POWER\Application Data\PACE Anti-Piracy
2015-09-20 00:39 . 2015-09-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2015-09-20 00:39 . 2015-09-20 00:39 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2015-09-20 00:39 . 2015-09-20 00:39 -------- d-----w- c:\documents and settings\XP POWER\Local Settings\Application Data\PACE Anti-Piracy
2015-09-20 00:38 . 2006-09-20 05:17 638976 ------w- c:\windows\system32\ilinet.dll
2015-09-20 00:38 . 2006-03-29 21:11 233472 ------w- c:\windows\system32\REX Shared Library.dll
2015-09-20 00:38 . 2001-06-27 16:13 217088 ------w- c:\windows\system32\qtmlClient.dll
2015-09-20 00:37 . 2015-09-20 00:37 -------- d-----w- c:\program files\Common Files\Digidesign
2015-09-19 21:23 . 2008-04-14 12:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2015-09-19 21:23 . 2008-04-14 12:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2015-09-19 21:23 . 2008-04-14 07:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2015-09-19 21:23 . 2008-04-14 07:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2015-09-13 20:17 . 2015-10-09 23:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-09-13 15:24 . 2015-09-13 15:24 -------- d-----w- c:\program files\Common Files\Skype
2015-09-13 15:24 . 2015-09-13 15:24 -------- d-----r- c:\program files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-09 23:37 . 2015-04-02 02:01 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-09 12:51 . 2015-09-09 12:51 14336 ----a-w- c:\windows\system32\MyTrayApp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-11-17 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pinger"="c:\program files\Pinger\Pinger.exe" [2013-08-23 10581504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-08-08 53735968]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" [2015-06-03 919296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"="atwtusb.exe beta" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-18 508800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
"DelaypluginInstall"="c:\documents and settings\All Users\Application Data\Wondershare\AllMyTube\DelayPluginI.exe" [2015-05-22 1960336]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Photobie\\Photobie.exe"=
"c:\\Program Files\\Wondershare\\FreeYouTubeDownloader\\FreeYouTubeDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [11/17/2013 4:15 AM 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [11/17/2013 4:15 AM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [11/17/2013 4:15 AM 14184]
R0 nvlegacy;nvlegacy;c:\windows\system32\drivers\nvlegacy.sys [11/17/2013 4:15 AM 100736]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/29/2009 1:02 PM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/29/2009 1:05 PM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/29/2009 1:03 PM 735960]
R2 kss;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [6/3/2015 1:44 PM 919296]
R3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [3/9/2015 9:36 AM 32408]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [6/11/2007 2:49 PM 968064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/1/2015 7:00 PM 23256]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [3/14/2015 3:39 PM 22272]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys --> c:\windows\system32\DRIVERS\diginet.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/1/2015 7:00 PM 1133880]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/9/2015 1:14 PM 327296]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [4/1/2015 7:59 PM 19984]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [10/9/2015 4:09 PM 32384]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [3/9/2015 9:36 AM 15896]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2/19/2015 5:10 PM 894696]
S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\drivers\zghsdiag.sys [3/9/2015 9:36 AM 113688]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WDF01000
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-10 01:06 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-20 03:54]
.
2015-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-20 03:54]
.
2015-10-11 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2015-02-20 01:59]
.
2015-10-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2015-02-20 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-12 16:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\WININET.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2015-10-12  16:30:42
ComboFix-quarantined-files.txt  2015-10-12 23:30
.
Pre-Run: 24,592,613,376 bytes free
Post-Run: 24,762,564,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A1204DEF506B15FAEAB752E5A8847668
8F558EB6672622401DA993E1E865C861

  • 0

#19
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I am not sure if that ESET warning will come up again. I hope not. One error message with Combofix, though. What is "curl: <52 Empty reply from server Could Not Find C:\Combofix\nvidia.zip?  But then it asks to click yes to agree in the End User License Agreement. So I was still able to run the program.

You think running Combofix only will fix the problem. It didn't seem to fix  ESET warning the first time :/

 

EDIT: Today I just went on EBay but then a Virus Warning Website came up (freeresolve.com). It's fake, I assume but how did it pop-up if I didn't go to any unsafe sites? I forced-closed it but after a few second I got a blue error screen and my computer restated. Some message from microsoft that my comuter recovered from serious error came up. This is the error info:

 

10-12-2015 6-51-48 PM.jpg

 

Did my computer go completely kaputt now? Please advise what do I do.

 

Thank you


Edited by 4leafclover, 12 October 2015 - 08:01 PM.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

EDIT: Today I just went on EBay but then a Virus Warning Website came up (freeresolve.com). It's fake, I assume but how did it pop-up if I didn't go to any unsafe sites? I forced-closed it but after a few second I got a blue error screen and my computer restated. Some message from microsoft that my comuter recovered from serious error came up. This is the error info:


That comes under the heading of malvertising ..  An explanation here https://blog.avast.c...ate/#more-37481  or https://zeltser.com/...s-ad-campaigns/

The infection is within your system restore so we need to turn that off .. Reboot and then turn it back on

Steps to turn off System Restore
1.Click Start, right-click My Computer, and then click Properties.
2.In the System Properties dialog box, click the System Restore tab.
3.Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4.Click OK.
5.When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.

Reboot the computer

Steps to turn on System Restore
1.Click Start, right-click My Computer, and then click Properties.
2.In the System Properties dialog box, click the System Restore tab.
3.Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4.Click OK.

After a few moments, the System Properties dialog box closes.
  • 0

#21
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thank you for your response. I turned of System Restore as you advised but after I restarted the computer, ESET blocked some Trojan. The message disappeared quickly and I wasn't able to read it promptly or take a screen-shot. ESET also has a new warning message now:

 

10-13-2015 11-01-42 AM.jpg


Edited by 4leafclover, 13 October 2015 - 12:06 PM.

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh FRST please while I try to figure what has ESET going bananas
  • 0

#23
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I don't need to click fix after I run FRST, do I? I tried running ESET again today and left it on while I was in school. It was running for 8 hours and it got stuck at 39%. It found 40 infiltrations but i couldn't remove them since I had to stop scanning. This is FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-10-2015
Ran by XP POWER (administrator) on XP-FC210920B0A5 (13-10-2015 20:25:43)
Running from C:\Documents and Settings\XP POWER\Desktop
Loaded Profiles: XP POWER (Available Profiles: XP POWER & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Aiptek) C:\WINDOWS\system32\atwtusb.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [atwtusb] => atwtusb.exe beta
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-05-22] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2054360 2009-09-29] (ESET)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Pinger] => C:\Program Files\Pinger\Pinger.exe [10581504 2013-08-23] ()
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{27B13FA3-5F0A-4F81-920D-F18E90055E9D}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-10-09]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (EasyCalendar) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [735960 2009-09-29] (ESET)
S2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22272 2004-07-07] (AIPTEK International Inc.)
S3 androidusb; C:\WINDOWS\System32\Drivers\androidusb.sys [32408 2011-07-07] (Google Inc)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [116008 2009-09-29] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [108792 2009-09-29] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [96408 2009-09-29] (ESET)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-01] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32384 2015-10-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-11-17] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R0 nvlegacy; C:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2013-11-17] (NVIDIA Corporation) [File not signed]
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [894696 2010-07-13] (Realtek Semiconductor Corporation                           )
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.) [File not signed]
S3 zghsdiag; C:\WINDOWS\System32\DRIVERS\zghsdiag.sys [113688 2011-08-22] (ZTE Incorporated)
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
S0 DigiFilter; system32\drivers\DigiFilt.sys [X]
S2 DigiNet; system32\DRIVERS\diginet.sys [X]
S4 IntelIde; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-13 20:24 - 2015-10-13 20:25 - 00008313 _____ C:\Documents and Settings\XP POWER\Desktop\FRST.txt
2015-10-13 12:13 - 2015-10-13 12:13 - 00000000 ____D C:\Documents and Settings\XP POWER\Desktop\FRST-OlderVersion
2015-10-12 18:46 - 2015-10-12 18:46 - 00090112 _____ C:\WINDOWS\Minidump\Mini101215-01.dmp
2015-10-12 16:30 - 2015-10-12 16:30 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-12 16:30 - 2015-10-12 16:30 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-10-12 16:30 - 2015-10-12 16:30 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-10-12 13:51 - 2011-06-25 23:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-10-12 13:51 - 2010-11-07 10:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-10-12 13:51 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-10-12 13:51 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-10-12 13:51 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-10-12 13:51 - 2000-08-30 17:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-10-12 13:51 - 2000-08-30 17:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-10-12 13:51 - 2000-08-30 17:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-10-12 13:50 - 2015-10-12 16:35 - 00000000 ____D C:\Qoobox
2015-10-12 13:50 - 2015-10-12 13:47 - 05636349 ____R (Swearware) C:\Documents and Settings\XP POWER\Desktop\ComboFix.exe
2015-10-11 18:04 - 2015-10-11 18:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01005$
2015-10-11 18:04 - 2015-10-11 18:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2015-10-11 18:04 - 2015-10-11 18:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_androidusb_01005.Wdf
2015-10-11 18:03 - 2015-10-11 18:04 - 00006913 _____ C:\WINDOWS\Wdf01005Inst.log
2015-10-11 11:57 - 2015-10-11 11:57 - 00003921 _____ C:\Documents and Settings\XP POWER\Desktop\fixlist (1).txt
2015-10-11 08:56 - 2015-10-11 08:56 - 00023479 _____ C:\Documents and Settings\XP POWER\Desktop\Addition.txt
2015-10-11 08:55 - 2015-10-13 20:25 - 00000000 ____D C:\FRST
2015-10-11 08:55 - 2015-10-13 12:13 - 01699840 _____ (Farbar) C:\Documents and Settings\XP POWER\Desktop\FRST.exe
2015-10-11 08:52 - 2015-10-11 08:53 - 00004824 _____ C:\DelFix.txt
2015-10-11 08:52 - 2015-10-11 08:52 - 00000000 ____D C:\WINDOWS\ERUNT
2015-10-11 03:00 - 2015-10-11 03:00 - 00017014 _____ C:\WINDOWS\KB939683.log
2015-10-11 03:00 - 2015-10-11 03:00 - 00014282 _____ C:\WINDOWS\KB954154.log
2015-10-11 03:00 - 2015-10-11 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954154_WM11$
2015-10-11 03:00 - 2015-10-11 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB939683$
2015-10-10 03:09 - 2015-10-10 03:09 - 00005657 _____ C:\WINDOWS\KB2378111.log
2015-10-10 00:29 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Security Scan
2015-10-10 00:29 - 2015-10-10 00:28 - 00000802 _____ C:\Documents and Settings\All Users\Desktop\Kaspersky Security Scan.lnk
2015-10-10 00:28 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-10-10 00:28 - 2015-10-10 00:28 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-10-10 00:01 - 2015-10-10 00:01 - 00173281 _____ C:\Documents and Settings\XP POWER\Desktop\runscanner.run
2015-10-09 23:59 - 2015-10-09 23:59 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Runscanner.net
2015-10-09 23:51 - 2015-10-10 10:56 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\QuickScan
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\ESET NOD 32 Anti-Virus 4.0.468.0
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2015-10-09 16:09 - 2015-10-09 16:09 - 00032384 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-09 16:08 - 2015-10-13 11:15 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-10-09 16:08 - 2015-10-13 11:15 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-287218729-682003330-1003-0.dat
2015-10-09 16:06 - 2015-10-09 16:06 - 00236394 _____ C:\WINDOWS\system32\.crusader
2015-10-09 15:49 - 2015-10-09 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-10-09 15:29 - 2015-10-09 16:47 - 00000824 _____ C:\Documents and Settings\XP POWER\Desktop\Simple Media Player.lnk
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Program Files\Simple Media Player
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Documents and Settings\XP POWER\Start Menu\Programs\Simple Media Player
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Program Files\Feed Notifier
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\NetService
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Tempfolder
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-11 12:04 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:15 - 2015-04-01 19:22 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-09 15:08 - 2015-10-11 18:04 - 00033085 _____ C:\WINDOWS\iis6.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00030917 _____ C:\WINDOWS\FaxSetup.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00017900 _____ C:\WINDOWS\ocgen.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00014105 _____ C:\WINDOWS\tsoc.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00010073 _____ C:\WINDOWS\comsetup.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00009300 _____ C:\WINDOWS\msmqinst.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00006114 _____ C:\WINDOWS\ntdtcsetup.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00005415 _____ C:\WINDOWS\netfxocm.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00001555 _____ C:\WINDOWS\tabletoc.log
2015-10-09 15:08 - 2015-10-11 18:04 - 00001393 _____ C:\WINDOWS\imsins.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00001393 _____ C:\WINDOWS\imsins.BAK
2015-10-09 15:08 - 2015-10-09 15:08 - 00008166 _____ C:\WINDOWS\MSCompPackV1.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-10-09 15:08 - 2007-07-27 10:41 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-10-09 15:07 - 2015-10-10 10:33 - 00014479 _____ C:\WINDOWS\spupdsvc.log
2015-10-09 15:07 - 2015-10-09 15:08 - 00033210 _____ C:\WINDOWS\wmp11.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00001313 _____ C:\WINDOWS\updspapi.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-10-09 15:07 - 2008-04-14 04:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-10-09 15:06 - 2015-10-09 15:07 - 00023667 _____ C:\WINDOWS\WMFDist11.log
2015-10-09 15:05 - 2015-10-12 21:05 - 00009153 _____ C:\WINDOWS\wmsetup.log
2015-10-08 06:35 - 2015-10-08 06:35 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll
2015-10-07 07:13 - 2015-10-07 07:13 - 00023552 _____ C:\WINDOWS\system32\HardwareInformation.exe
2015-10-02 15:48 - 2015-10-05 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Program Files\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-09-24 09:48 - 2015-09-24 10:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip
2015-09-22 10:38 - 2015-09-22 10:39 - 00000356 _____ C:\WINDOWS\WINNT32.LOG
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\Program Files\InterLok
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2015-09-19 17:38 - 2006-09-19 22:17 - 00638976 ____N (PACE Anti-Piracy) C:\WINDOWS\system32\ilinet.dll
2015-09-19 17:38 - 2006-03-29 14:11 - 00233472 ____N (Propellerhead Software AB) C:\WINDOWS\system32\REX Shared Library.dll
2015-09-19 17:38 - 2001-06-27 09:13 - 00217088 _____ C:\WINDOWS\system32\qtmlClient.dll
2015-09-19 17:37 - 2015-09-19 17:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-17 16:55 - 2015-09-17 16:55 - 00055376 _____ C:\Documents and Settings\XP POWER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-17 10:38 - 2015-09-17 12:17 - 00000000 ____D C:\Documents and Settings\XP POWER\Desktop\New Folder
2015-09-13 13:17 - 2015-10-09 16:47 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:47 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 12:54 - 2015-09-13 12:54 - 00242752 _____ C:\Documents and Settings\XP POWER\My Documents\Firefox Setup Stub 40.0.3.exe
2015-09-13 12:02 - 2015-10-11 19:02 - 00082142 _____ C:\WINDOWS\setupapi.log
2015-09-13 12:02 - 2015-10-11 19:02 - 00003773 _____ C:\WINDOWS\setupact.log
2015-09-13 12:02 - 2015-09-13 12:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-13 10:33 - 2015-10-13 20:23 - 00857017 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 10:33 - 2015-10-13 20:22 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 10:33 - 2015-10-13 20:22 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-09-13 10:33 - 2015-10-13 20:21 - 00032598 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-13 10:33 - 2015-09-13 10:33 - 00219248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 10:33 - 2015-09-13 10:33 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ___RD C:\Program Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-13 20:25 - 2015-04-01 19:23 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\temp
2015-10-13 20:24 - 2015-03-13 12:50 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Skype
2015-10-13 20:22 - 2015-02-19 20:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-13 20:22 - 2015-02-19 17:40 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-13 20:22 - 2015-02-19 16:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-13 20:21 - 2015-02-19 20:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-13 12:10 - 2015-02-19 16:52 - 00000178 __SHC C:\Documents and Settings\XP POWER\ntuser.ini
2015-10-13 11:22 - 2015-04-01 19:01 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-12 21:08 - 2015-02-19 18:43 - 00000000 ____D C:\Program Files\Microsoft Picture It! PhotoPub
2015-10-12 21:05 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-12 18:46 - 2015-02-19 18:32 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-12 16:30 - 2015-02-19 16:51 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-10-12 16:29 - 2008-04-14 04:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-12 16:24 - 2015-02-19 08:29 - 00000327 __RSH C:\boot.ini
2015-10-11 03:07 - 2015-02-19 20:43 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-11 03:05 - 2015-02-19 08:30 - 00568092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-10 10:59 - 2015-02-27 08:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-10 10:59 - 2015-02-19 16:46 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-09 18:06 - 2015-05-31 08:53 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-09 17:45 - 2015-04-01 14:25 - 00000000 ____D C:\Program Files\ESET
2015-10-09 17:34 - 2015-04-01 19:19 - 00000327 _____ C:\Boot.bak
2015-10-09 17:28 - 2015-04-01 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-10-09 16:49 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\java
2015-10-09 16:47 - 2015-08-04 08:48 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-10-09 16:47 - 2015-08-02 21:50 - 00001112 _____ C:\Documents and Settings\All Users\Desktop\Wondershare Free YouTube Downloader.lnk
2015-10-09 16:47 - 2015-07-22 19:47 - 00001863 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth.lnk
2015-10-09 16:47 - 2015-07-04 09:50 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\Photobie.lnk
2015-10-09 16:47 - 2015-06-22 21:38 - 00000835 _____ C:\Documents and Settings\XP POWER\Desktop\Portrait Professional Max.lnk
2015-10-09 16:47 - 2015-04-10 12:27 - 00002415 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-10-09 16:47 - 2015-04-03 11:05 - 00001397 _____ C:\Documents and Settings\All Users\Desktop\R-Wipe&Clean.lnk
2015-10-09 16:47 - 2015-04-01 19:00 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-09 16:47 - 2015-03-05 17:30 - 00001612 _____ C:\Documents and Settings\All Users\Desktop\Readiris Pro 8.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000861 _____ C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000791 _____ C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-10-09 16:47 - 2015-03-01 19:47 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2015-10-09 16:47 - 2015-02-24 15:13 - 00000704 _____ C:\Documents and Settings\XP POWER\Desktop\Pinger.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000911 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11 Editor.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000867 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11.lnk
2015-10-09 16:47 - 2015-02-19 20:05 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Homestead SiteBuilder.lnk
2015-10-09 16:47 - 2015-02-19 18:46 - 00001553 _____ C:\Documents and Settings\XP POWER\Desktop\Microsoft Picture It! Photo 2001.lnk
2015-10-09 16:47 - 2015-02-19 18:03 - 00000927 _____ C:\Documents and Settings\XP POWER\Desktop\Revo Uninstaller.lnk
2015-10-09 16:47 - 2015-02-19 16:47 - 00000796 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2015-10-09 16:09 - 2015-04-01 08:38 - 00000000 ____D C:\Program Files\7-Zip
2015-10-09 16:09 - 2015-02-19 16:48 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-10-09 16:09 - 2015-02-19 16:48 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-10-09 15:31 - 2015-02-19 08:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-09 15:27 - 2015-02-19 16:51 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-10-09 15:07 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\Help
2015-10-09 15:07 - 2008-04-14 04:00 - 00000603 _____ C:\WINDOWS\win.ini
2015-10-09 15:06 - 2015-02-27 08:33 - 00017200 ____C C:\WINDOWS\Wudf01000Inst.log
2015-10-09 00:38 - 2015-08-04 08:49 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\vlc
2015-10-08 15:23 - 2015-02-19 17:40 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-19 17:39 - 2015-07-01 21:32 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\ZRwS98uqM
2015-09-19 17:39 - 2013-12-11 16:03 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\jQtHVdKPJs
2015-09-13 12:28 - 2015-02-19 17:00 - 00000000 __SHD C:\Documents and Settings\XP POWER\PrivacIE
2015-09-13 10:43 - 2015-07-08 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\R-Wipe&Clean
2015-09-13 10:43 - 2015-04-03 11:05 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\R-Wipe&Clean
2015-09-13 08:24 - 2015-03-13 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
 
==================== Files in the root of some directories =======
 
2015-02-19 20:42 - 2015-08-26 07:00 - 0014848 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

Edited by 4leafclover, 13 October 2015 - 09:30 PM.

  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

You do not appear to be running the FRST fix that I am providing hence nothing is being removed

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-11 12:04 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that


  • 0

#25
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Sorry but I'm new at this and I thought to run a program means just running it so you can see the log file and figure out what's going on with my computer. That's why I asked if I need to click on FIX. What's more confusing is that the program generates a .txt file right after the scanning and I thought I need to post that file. Sorry, again.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:14-10-2015 01
Ran by XP POWER (2015-10-14 17:22:34) Run:1
Running from C:\Documents and Settings\XP POWER\Desktop
Loaded Profiles: XP POWER (Available Profiles: XP POWER & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Quote
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-11 12:04 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************
 
Quote => Error: No automatic fix found for this entry.
Error: (0) Failed to create a restore point.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] => path removed successfully.
C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] => path removed successfully.
catchme => service removed successfully.
C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e => moved successfully
C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B => moved successfully
C:\Program Files\OnePCOptimizer => moved successfully
C:\Program Files\jogotempo => moved successfully
C:\Documents and Settings\All Users\Application Data\DataFile => moved successfully
C:\Documents and Settings\XP POWER\Application Data\RunDir => moved successfully
C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer => moved successfully
C:\WINDOWS\system32\Diixexeqw.ini => moved successfully
C:\WINDOWS\system32\DiixexeqwOff.ini => moved successfully
C:\WINDOWS\system32\gyo => moved successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
 
The operation completed successfully
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
 
The operation completed successfully
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
The following command was not found: advfirewall reset.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
The following command was not found: advfirewall set allprofiles state ON.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
 
Windows IP Configuration
 
 
 
 
 
Ethernet adapter Local Area Connection 5:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        IP Address. . . . . . . . . . . . : 0.0.0.0
 
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
 
        Default Gateway . . . . . . . . . : 
 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
 
Windows IP Configuration
 
 
 
 
 
Ethernet adapter Local Area Connection 5:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        IP Address. . . . . . . . . . . . : 192.168.1.247
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.254
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
The following command was not found: int ipv4 reset.
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
IPv6 is not installed.
 
 
========= End of CMD: =========
 
EmptyTemp: => 542.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:22:59 ====

Edited by 4leafclover, 14 October 2015 - 07:19 PM.

  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, if it is not something you have done before then there is always room for misunderstanding :)

Is ESET behaving itself now or is it still warning
  • 0

#27
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi :)

ESET didn't give me anymore warnings but I am trying to run a scan and it's been running since 8:19 and shows two infiltrations so far but it still seems to be frozen or just very, very slow. Is that not normal? 

 

EDIT: I saw a movement in the ESET scan so it seems to be running but really slow. Scan progress is at 32%


Edited by 4leafclover, 15 October 2015 - 04:05 PM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Never used ESET before so I am not sure how fast it is ...  Does it appear slower than normal ?


  • 0

#29
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Much slower then before. It never took 9 hours to complete the scan. This is a log file created after the scan completition, I don't know if its of any use:

 

 

Scan Log

Version of virus signature database: 12412 (20151015)

Date: 10/15/2015  Time: 7:27:11 AM

Scanned disks, folders and files: C:\Boot sector;C:\

C:\pagefile.sys - error opening [4]

C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache\baseimagefam8 » ZIP » lib/rt.pack » PACK200 - archive damaged

C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]

C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]

C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]

C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]

C:\Documents and Settings\XP POWER\NTUSER.DAT - error opening [4]

C:\Documents and Settings\XP POWER\ntuser.dat.LOG - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\DataRv\offline-storage-ecs.data - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\DataRv\offline-storage.data - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\bistats.lock - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\eascache.lock - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\keyval.lock - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\main.lock - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\msn.lock - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\eurostarmoving\statistics.lock - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\shared_dynco\dc.lock - error opening [4]

C:\Documents and Settings\XP POWER\Application Data\Skype\shared_httpfe\queue.lock - error opening [4]

C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session - error opening [4]

C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs - error opening [4]

C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000320 » GZIP » f_000320 - unpack error

C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000344 » GZIP » f_000344 - unpack error

C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000462 » GZIP » f_000462 - unpack error

C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000832 » GZIP » f_000832 - unpack error

C:\Documents and Settings\XP POWER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Documents and Settings\XP POWER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]

C:\Documents and Settings\XP POWER\Local Settings\Temporary Internet Files\Content.Word\~WRS{492F1DAF-4876-4B60-8F78-92D582D5C6FA}.tmp - error opening [4]

C:\Documents and Settings\XP POWER\My Documents\Downloads\ChromeSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Documents and Settings\XP POWER\My Documents\Downloads\GoogleEarthSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2008-06-09 153814\Backup files 16.zip » ZIP » D\hp\apps\APP30934\src\Data1.cab » CAB » _2226726CE5BD4D54835C634BF1E8712A - archive damaged - the file could not be extracted.

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2008-06-09 153814\Backup files 16.zip » ZIP » D\hp\apps\APP30934\src\Data1.cab » CAB » _E7904ED111C0400BBF4527ED11A25B87 - error reading archive

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2008-06-09 153814\Backup files 4.zip » ZIP » C\hp\bin\Python\Lib\test\testtar.tar » TAR »  - archive damaged

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-03-07 190001\Backup files 1.zip » ZIP » C\Users\Matt\AppData\Local\Mozilla\Firefox\Profiles\t0z99n4j.default\Cache\ABEAB094d01 » CWS » file.swf - unpack error

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-05-16 190002\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7cdbdc4d-4d40b4ae » ZIP » GoogleCodeSearch.class - Java/Exploit.Agent.NAA trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-06-06 190001\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7cdbdc4d-4d40b4ae » ZIP » GoogleCodeSearch.class - Java/Exploit.Agent.NAA trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\20d825dc-445a23ad » ZIP » vload.class - a variant of Java/Agent.AF trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-3078e2c2 » ZIP » vload.class - a variant of Java/Agent.AF trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\42f2dad8-746c3035 » ZIP » vmain.class - Java/Exploit.CVE-2009-3867.AL trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\64414e83-79dac52c » ZIP » vmain.class - a variant of Java/Agent.BR trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5fc5a262-108450b9 » ZIP » vmain.class - a variant of Java/Agent.BR trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1ffc5a4-72705888 » ZIP » vmain.class - a variant of Java/Agent.BR trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-29f04fe5 » ZIP » vmain.class - Java/Exploit.CVE-2009-3867.AL trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-08-22 190000\Backup files 1.zip » ZIP » C\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\665ffb1-36b0b52a » ZIP » vmain.class - a variant of Java/Agent.BR trojan - action selection postponed until scan completion

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-09-12 190001\Backup files 1.zip » ZIP » C\Users\Matt\AppData\Local\Mozilla\Firefox\Profiles\t0z99n4j.default\Cache\7B890459d01 » CWS » file.swf - unpack error

C:\MATTS-BRAIN\Backup Set 2008-06-09 153814\Backup Files 2010-09-12 190001\Backup files 1.zip » ZIP » C\Users\Matt\AppData\Local\Mozilla\Firefox\Profiles\t0z99n4j.default\Cache\B0DC4508d01 » CWS » file.swf - unpack error

C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-02-26 062541\Backup files 2.zip » ZIP » C\hp\bin\Python\Lib\test\testtar.tar » TAR »  - archive damaged

C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-04-02 144536\Backup files 46.zip » ZIP » D\hp\apps\APP30934\src\Data1.cab » CAB » _2226726CE5BD4D54835C634BF1E8712A - archive damaged - the file could not be extracted.

C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-04-02 144536\Backup files 46.zip » ZIP » D\hp\apps\APP30934\src\Data1.cab » CAB » _E7904ED111C0400BBF4527ED11A25B87 - error reading archive

C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-07-03 125741\Backup files 2.zip » ZIP » C\Users\Matt\Downloads\~$croeconomics_Essay_Test_Bank.zip » ZIP »  - archive damaged

C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-07-03 125741\Backup files 5.zip » ZIP » D\hp\apps\APP30934\src\Data1 (2).cab » CAB » _2226726CE5BD4D54835C634BF1E8712A - archive damaged - the file could not be extracted.

C:\MATTS-BRAIN\Backup Set 2011-02-26 062541\Backup Files 2011-07-03 125741\Backup files 5.zip » ZIP » D\hp\apps\APP30934\src\Data1 (2).cab » CAB » _E7904ED111C0400BBF4527ED11A25B87 - error reading archive

C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Program Files\Google\Update\1.3.28.15\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.15\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Program Files\Google\Update\Install\{04B621F7-6D5D-4D66-A30D-F63BAD597D32}\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Program Files\Google\Update\Install\{3DC7F6B0-656E-4969-A3FF-74A36793F3ED}\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Program Files\Google\Update\Install\{55661FEC-33A2-4B7D-A2E9-9E205494867C}\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Program Files\Google\Update\Install\{7DA6346E-3EDD-4E3B-9D60-DDEC672F5959}\GoogleUpdateSetup.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive

C:\Program Files\Microsoft Picture It! PhotoPub\PIP\PIP2001\8T.its » CHM » ::DataSpace/Storage/MSCompressed/Content - error reading archive

C:\Program Files\WinRAR\Default.SFX » WINRARSFX - archive damaged

C:\Program Files\WinRAR\Zip.SFX » WINRARSFX - archive damaged

C:\WINDOWS\system32\CatRoot2\edb.log - error opening [4]

C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening [4]

C:\WINDOWS\system32\config\default - error opening [4]

C:\WINDOWS\system32\config\default.LOG - error opening [4]

C:\WINDOWS\system32\config\SAM - error opening [4]

C:\WINDOWS\system32\config\SAM.LOG - error opening [4]

C:\WINDOWS\system32\config\SECURITY - error opening [4]

C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]

C:\WINDOWS\system32\config\software - error opening [4]

C:\WINDOWS\system32\config\software.LOG - error opening [4]

C:\WINDOWS\system32\config\system - error opening [4]

C:\WINDOWS\system32\config\system.LOG - error opening [4]

Number of scanned objects: 1231929

Number of threats found: 10

Number of cleaned objects: 0

Time of completion: 4:58:13 PM  Total scanning time: 34262 sec (09:31:02)


  • 0

#30
4leafclover

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Oh, wow. Now I see it says 0 threats found and 0 cleaned BUT during the scan it showed 2 infiltration(in red) at first, I checked back a while later and it said 4 infiltrations. I had to leave the housef. After I came back the scan was finished but now I see the report doesn't make sense :/


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP