heythatsanam

Honorary Members

View Profile See their activity

Posts
29
Joined
August 18, 2013
Last visited
September 12, 2015

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by heythatsanam

VIRUS/ SLOW COMPUTER! PLZ HELP!

heythatsanam posted a topic in Resolved Malware Removal Logs

Hi there!!! Can someone please help me with my computer. I am having problems with how slow and long it takes to open the internet browser. I also feel like I may possibly have a virus since it redirects me to unknown websites such as Wow.com . I have programs that I haven't even heard of! I would greatly appreciate if yu could help me speed my internet and miminize any unnecessary programs. Thanks
- September 12, 2015
- 1 reply
Extremely lagged and slow computer.! Virus/Malware/ etc. Please help!

heythatsanam posted a topic in Resolved Malware Removal Logs

Hi there, Can someone help me with my computer. Whenever I turn my computer on, it takes forever for the icons to load and when I have to use Firefox! On my Control panel, it shows Search protect programs which are viruses. ! Please help me with my computer !!!!
- June 5, 2015
- 2 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Hi MrCharlie, Thank you once again for all your help. Here are the following logs you've requested: Fixlist LOG Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by Owner at 2014-04-03 16:06:00 Run:1 Running from C:\Documents and Settings\Owner\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - URL http://search.condui...7A2F0AFFEB29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://search.zoneal...hDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=&&r=281 CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\Owner\Application Data\CamLayout.ini C:\Documents and Settings\Owner\Application Data\CamShapes.ini AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} => Key not found. HKCR\Wow6432Node\CLSID\{F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} => Key not found. HKCU\SOFTWARE\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb => Key deleted successfully. "CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx" => File/Directory not found. HKLM\SOFTWARE\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb => Key deleted successfully. "CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx" => File/Directory not found. "C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll" => File/Directory not found. "C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe" => File/Directory not found. C:\Documents and Settings\Owner\Application Data\CamLayout.ini => Moved successfully. C:\Documents and Settings\Owner\Application Data\CamShapes.ini => Moved successfully. C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully. ==== End of Fixlog ==== AdwCleaner LOG # AdwCleaner v3.023 - Report created 03/04/2014 at 16:11:13 # Updated 01/04/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - ANAM-RNFR3WMDD7 # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042\prefs.js ] [ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ] [ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ] ************************* AdwCleaner[R5].txt - [1274 octets] - [03/04/2014 16:07:58] AdwCleaner[s4].txt - [1199 octets] - [03/04/2014 16:11:13] ########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1259 octets] ########## Malwarebytes LOG Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.01.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANAM-RNFR3WMDD7 [administrator] 4/3/2014 4:17:53 PM mbam-log-2014-04-03 (16-17-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 264231 Time elapsed: 16 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- April 3, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 31-03-2014 23:12:42 Running from C:\Documents and Settings\Owner\My Documents\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\capp.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] - ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( ) FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [94016 2014-02-03] (Dell) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] () S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 22:18 - 2014-03-31 22:19 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt 2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 20:41 - 2014-03-31 20:43 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt 2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html 2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk 2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+ 2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe 2014-03-31 18:06 - 2014-03-31 18:07 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt 2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-03-31 14:38 - 2014-03-31 16:06 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver 2014-03-30 23:12 - 2014-03-31 23:12 - 00000000 ____D () C:\FRST 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:49 - 2014-03-31 14:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-19 00:37 - 2014-03-31 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 17:43 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk ==================== One Month Modified Files and Folders ======= 2014-03-31 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST 2014-03-31 23:00 - 2011-10-06 21:12 - 01807447 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-31 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-31 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job 2014-03-31 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-31 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-31 22:46 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-31 22:45 - 2011-10-06 17:29 - 00032320 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-31 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini 2014-03-31 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job 2014-03-31 22:21 - 2011-10-06 17:29 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-03-31 22:19 - 2014-03-31 22:18 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt 2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 22:13 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-31 20:43 - 2014-03-31 20:41 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt 2014-03-31 18:52 - 2014-02-22 20:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb 2014-03-31 18:52 - 2014-02-22 20:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb 2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html 2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk 2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+ 2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe 2014-03-31 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job 2014-03-31 18:16 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini 2014-03-31 18:16 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini 2014-03-31 18:16 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-31 18:10 - 2013-10-29 11:17 - 00000000 ____D () C:\Program Files\Dell 2014-03-31 18:07 - 2014-03-31 18:06 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt 2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 17:20 - 2011-10-08 03:50 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google 2014-03-31 17:20 - 2011-10-08 03:49 - 00000000 ____D () C:\Program Files\Google 2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-03-31 16:58 - 2014-02-22 21:14 - 00000000 ____D () C:\Program Files\Windows Desktop Search 2014-03-31 16:06 - 2014-03-31 14:38 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-31 14:33 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-03-31 14:20 - 2011-10-06 17:29 - 00000000 ____D () C:\Documents and Settings\Owner 2014-03-31 14:11 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-31 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job 2014-03-31 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job 2014-03-31 01:14 - 2012-07-08 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\white 2014-03-31 00:48 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia 2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt 2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini 2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat 2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml 2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT 2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT 2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt 2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters 2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt 2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc 2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt 2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt 2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk 2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt 2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs 2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype Files to move or delete: ==================== C:\Documents and Settings\Owner\Application Data\CamLayout.ini C:\Documents and Settings\Owner\Application Data\CamShapes.ini ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Owner at 2014-03-31 23:13:45 Running from C:\Documents and Settings\Owner\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) B57Inst (Version: 3.40 - Broadcom) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom) Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Course Saver Desktop (HKLM\...\com.coursesaver.desktop) (Version: 2.1.18 - UNKNOWN) Course Saver Desktop (Version: 2.1.18 - UNKNOWN) Hidden Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software) Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT) Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2546.03 - Dell) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google) Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Restore Points ========================= 14-01-2014 17:49:57 System Checkpoint 15-01-2014 05:54:45 Software Distribution Service 3.0 16-01-2014 07:09:59 Software Distribution Service 3.0 17-01-2014 21:17:33 System Checkpoint 18-01-2014 22:58:06 System Checkpoint 20-01-2014 01:13:57 System Checkpoint 21-01-2014 06:25:08 System Checkpoint 22-01-2014 06:26:14 System Checkpoint 24-01-2014 20:28:07 System Checkpoint 26-01-2014 01:13:14 System Checkpoint 27-01-2014 01:44:57 System Checkpoint 28-01-2014 15:21:36 System Checkpoint 29-01-2014 22:51:49 System Checkpoint 31-01-2014 01:33:13 System Checkpoint 01-02-2014 01:42:05 System Checkpoint 02-02-2014 01:38:00 Removed Bing Bar 02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software 02-02-2014 01:47:27 Removed HP Officejet 4620 series Help 03-02-2014 02:40:44 System Checkpoint 04-02-2014 21:11:53 System Checkpoint 06-02-2014 03:04:23 System Checkpoint 06-02-2014 07:03:59 Removed I.R.I.S. OCR 06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study 06-02-2014 07:11:03 Removed HP Update. 06-02-2014 07:11:45 Removed Skype™ 6.13 07-02-2014 08:00:36 Software Distribution Service 3.0 09-02-2014 05:42:28 System Checkpoint 10-02-2014 08:50:26 System Checkpoint 11-02-2014 23:23:49 System Checkpoint 13-02-2014 02:54:19 System Checkpoint 13-02-2014 08:01:12 Software Distribution Service 3.0 15-02-2014 05:33:36 System Checkpoint 18-02-2014 02:55:11 System Checkpoint 18-02-2014 05:35:50 Installed Achiever 19-02-2014 04:37:11 Removed Achiever 20-02-2014 04:53:35 System Checkpoint 21-02-2014 20:45:06 System Checkpoint 22-02-2014 22:21:19 System Checkpoint 23-02-2014 00:24:32 Installed Java 7 Update 51 23-02-2014 00:37:04 Pre Install Click 2 Fix restore point 23-02-2014 01:10:57 Software Distribution Service 3.0 23-02-2014 06:01:44 Software Distribution Service 3.0 24-02-2014 03:41:32 Software Distribution Service 3.0 25-02-2014 04:19:06 System Checkpoint 26-02-2014 04:54:36 System Checkpoint 28-02-2014 19:49:33 System Checkpoint 01-03-2014 23:21:00 System Checkpoint 03-03-2014 00:02:04 System Checkpoint 04-03-2014 02:44:31 System Checkpoint 05-03-2014 03:22:54 System Checkpoint 05-03-2014 18:48:36 Removed Skype™ 6.14 06-03-2014 21:14:35 System Checkpoint 07-03-2014 21:57:53 System Checkpoint 09-03-2014 01:47:24 System Checkpoint 10-03-2014 07:02:03 System Checkpoint 10-03-2014 21:15:08 Software Distribution Service 3.0 12-03-2014 01:43:49 Software Distribution Service 3.0 14-03-2014 18:44:02 System Checkpoint 16-03-2014 21:39:54 System Checkpoint 17-03-2014 23:51:10 System Checkpoint 19-03-2014 00:49:57 Software Distribution Service 3.0 20-03-2014 18:59:19 System Checkpoint 21-03-2014 19:24:05 System Checkpoint 22-03-2014 22:07:14 System Checkpoint 29-03-2014 03:46:25 Installed Camtasia Studio 8 29-03-2014 06:13:12 Removed Camtasia Studio 8 29-03-2014 06:38:58 Restore Operation 29-03-2014 06:51:15 Installed Camtasia Studio 6 29-03-2014 07:01:10 Software Distribution Service 3.0 30-03-2014 02:02:19 Software Distribution Service 3.0 31-03-2014 02:21:48 System Checkpoint 31-03-2014 20:19:53 Pre Install Click 2 Fix restore point 31-03-2014 22:11:12 Pre Install Click 2 Fix+ restore point 31-03-2014 22:44:06 Pre Install Click 2 Fix+ restore point 01-04-2014 02:34:09 Dell Click 2 Fix+ restore point ==================== Hosts content: ========================== 2002-09-03 12:34 - 2011-01-12 18:45 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-31 18:44 - 2014-02-03 23:33 - 00166216 _____ () C:\Program Files\Dell\Click 2 Fix+\SSLEAY32.DLL 2014-03-31 18:44 - 2014-02-03 23:29 - 00833856 _____ () C:\Program Files\Dell\Click 2 Fix+\LIBEAY32.dll 2014-03-31 18:44 - 2014-02-03 23:32 - 00579576 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll 2014-03-31 18:44 - 2014-02-03 23:30 - 00018240 _____ () C:\Program Files\Dell\Click 2 Fix+\node.dll 2014-03-31 22:13 - 2014-03-15 04:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-08-19 23:01 - 2013-08-19 23:01 - 16166280 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service wsearchidxpi (wsearchidxpi) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service UGTHRSVC (UGTHRSVC) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service UGatherer (UGatherer) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update. Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 02:36:03 PM) (Source: Application Hang) (User: ) Description: Fault bucket 1432846009. System errors: ============= Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Microsoft Office Sessions: ========================= Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: wsearchidxpiwsearchidxpi Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: UGTHRSVCUGTHRSVC Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: UGathererUGatherer Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update.(NULL)(NULL)(NULL) Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 02:36:03 PM) (Source: Application Hang)(User: ) Description: 1432846009 ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 2046 MB Available physical RAM: 1473.93 MB Total Pagefile: 4968.77 MB Available Pagefile: 4585.54 MB Total Virtual: 2047.88 MB Available Virtual: 1958.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:34.04 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3) Partition: GPT Partition Type. ==================== End Of Log ============================
- April 1, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Thank god you are Life Saver. I have check boxed Addition.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 31-03-2014 23:01:42 Running from C:\Documents and Settings\Owner\My Documents\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\capp.exe (Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] - ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( ) FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [94016 2014-02-03] (Dell) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] () S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 22:18 - 2014-03-31 22:19 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt 2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 20:41 - 2014-03-31 20:43 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt 2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html 2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk 2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+ 2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe 2014-03-31 18:06 - 2014-03-31 18:07 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt 2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-03-31 14:38 - 2014-03-31 16:06 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver 2014-03-30 23:12 - 2014-03-31 23:01 - 00000000 ____D () C:\FRST 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:49 - 2014-03-31 14:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-19 00:37 - 2014-03-31 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 17:43 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk ==================== One Month Modified Files and Folders ======= 2014-03-31 23:01 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST 2014-03-31 23:00 - 2011-10-06 21:12 - 01807447 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-31 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-31 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job 2014-03-31 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-31 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-31 22:46 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-31 22:45 - 2011-10-06 17:29 - 00032320 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-31 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini 2014-03-31 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job 2014-03-31 22:21 - 2011-10-06 17:29 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-03-31 22:19 - 2014-03-31 22:18 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt 2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 22:13 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-31 20:43 - 2014-03-31 20:41 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt 2014-03-31 18:52 - 2014-02-22 20:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb 2014-03-31 18:52 - 2014-02-22 20:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb 2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html 2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk 2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+ 2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe 2014-03-31 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job 2014-03-31 18:16 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini 2014-03-31 18:16 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini 2014-03-31 18:16 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-31 18:10 - 2013-10-29 11:17 - 00000000 ____D () C:\Program Files\Dell 2014-03-31 18:07 - 2014-03-31 18:06 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt 2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk 2014-03-31 17:20 - 2011-10-08 03:50 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google 2014-03-31 17:20 - 2011-10-08 03:49 - 00000000 ____D () C:\Program Files\Google 2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log 2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log 2014-03-31 16:58 - 2014-02-22 21:14 - 00000000 ____D () C:\Program Files\Windows Desktop Search 2014-03-31 16:06 - 2014-03-31 14:38 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-31 14:33 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-03-31 14:20 - 2011-10-06 17:29 - 00000000 ____D () C:\Documents and Settings\Owner 2014-03-31 14:11 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-31 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job 2014-03-31 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job 2014-03-31 01:14 - 2012-07-08 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\white 2014-03-31 00:48 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk 2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia 2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt 2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini 2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat 2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml 2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT 2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT 2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt 2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters 2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt 2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc 2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt 2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt 2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk 2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt 2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs 2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype Files to move or delete: ==================== C:\Documents and Settings\Owner\Application Data\CamLayout.ini C:\Documents and Settings\Owner\Application Data\CamShapes.ini ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition LOG Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Owner at 2014-03-31 23:03:07 Running from C:\Documents and Settings\Owner\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) B57Inst (Version: 3.40 - Broadcom) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom) Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Course Saver Desktop (HKLM\...\com.coursesaver.desktop) (Version: 2.1.18 - UNKNOWN) Course Saver Desktop (Version: 2.1.18 - UNKNOWN) Hidden Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software) Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT) Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2546.03 - Dell) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google) Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Restore Points ========================= 14-01-2014 17:49:57 System Checkpoint 15-01-2014 05:54:45 Software Distribution Service 3.0 16-01-2014 07:09:59 Software Distribution Service 3.0 17-01-2014 21:17:33 System Checkpoint 18-01-2014 22:58:06 System Checkpoint 20-01-2014 01:13:57 System Checkpoint 21-01-2014 06:25:08 System Checkpoint 22-01-2014 06:26:14 System Checkpoint 24-01-2014 20:28:07 System Checkpoint 26-01-2014 01:13:14 System Checkpoint 27-01-2014 01:44:57 System Checkpoint 28-01-2014 15:21:36 System Checkpoint 29-01-2014 22:51:49 System Checkpoint 31-01-2014 01:33:13 System Checkpoint 01-02-2014 01:42:05 System Checkpoint 02-02-2014 01:38:00 Removed Bing Bar 02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software 02-02-2014 01:47:27 Removed HP Officejet 4620 series Help 03-02-2014 02:40:44 System Checkpoint 04-02-2014 21:11:53 System Checkpoint 06-02-2014 03:04:23 System Checkpoint 06-02-2014 07:03:59 Removed I.R.I.S. OCR 06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study 06-02-2014 07:11:03 Removed HP Update. 06-02-2014 07:11:45 Removed Skype™ 6.13 07-02-2014 08:00:36 Software Distribution Service 3.0 09-02-2014 05:42:28 System Checkpoint 10-02-2014 08:50:26 System Checkpoint 11-02-2014 23:23:49 System Checkpoint 13-02-2014 02:54:19 System Checkpoint 13-02-2014 08:01:12 Software Distribution Service 3.0 15-02-2014 05:33:36 System Checkpoint 18-02-2014 02:55:11 System Checkpoint 18-02-2014 05:35:50 Installed Achiever 19-02-2014 04:37:11 Removed Achiever 20-02-2014 04:53:35 System Checkpoint 21-02-2014 20:45:06 System Checkpoint 22-02-2014 22:21:19 System Checkpoint 23-02-2014 00:24:32 Installed Java 7 Update 51 23-02-2014 00:37:04 Pre Install Click 2 Fix restore point 23-02-2014 01:10:57 Software Distribution Service 3.0 23-02-2014 06:01:44 Software Distribution Service 3.0 24-02-2014 03:41:32 Software Distribution Service 3.0 25-02-2014 04:19:06 System Checkpoint 26-02-2014 04:54:36 System Checkpoint 28-02-2014 19:49:33 System Checkpoint 01-03-2014 23:21:00 System Checkpoint 03-03-2014 00:02:04 System Checkpoint 04-03-2014 02:44:31 System Checkpoint 05-03-2014 03:22:54 System Checkpoint 05-03-2014 18:48:36 Removed Skype™ 6.14 06-03-2014 21:14:35 System Checkpoint 07-03-2014 21:57:53 System Checkpoint 09-03-2014 01:47:24 System Checkpoint 10-03-2014 07:02:03 System Checkpoint 10-03-2014 21:15:08 Software Distribution Service 3.0 12-03-2014 01:43:49 Software Distribution Service 3.0 14-03-2014 18:44:02 System Checkpoint 16-03-2014 21:39:54 System Checkpoint 17-03-2014 23:51:10 System Checkpoint 19-03-2014 00:49:57 Software Distribution Service 3.0 20-03-2014 18:59:19 System Checkpoint 21-03-2014 19:24:05 System Checkpoint 22-03-2014 22:07:14 System Checkpoint 29-03-2014 03:46:25 Installed Camtasia Studio 8 29-03-2014 06:13:12 Removed Camtasia Studio 8 29-03-2014 06:38:58 Restore Operation 29-03-2014 06:51:15 Installed Camtasia Studio 6 29-03-2014 07:01:10 Software Distribution Service 3.0 30-03-2014 02:02:19 Software Distribution Service 3.0 31-03-2014 02:21:48 System Checkpoint 31-03-2014 20:19:53 Pre Install Click 2 Fix restore point 31-03-2014 22:11:12 Pre Install Click 2 Fix+ restore point 31-03-2014 22:44:06 Pre Install Click 2 Fix+ restore point 01-04-2014 02:34:09 Dell Click 2 Fix+ restore point ==================== Hosts content: ========================== 2002-09-03 12:34 - 2011-01-12 18:45 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-31 18:44 - 2014-02-03 23:33 - 00166216 _____ () C:\Program Files\Dell\Click 2 Fix+\SSLEAY32.DLL 2014-03-31 18:44 - 2014-02-03 23:29 - 00833856 _____ () C:\Program Files\Dell\Click 2 Fix+\LIBEAY32.dll 2014-03-31 18:44 - 2014-02-03 23:32 - 00579576 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll 2014-03-31 18:44 - 2014-02-03 23:30 - 00018240 _____ () C:\Program Files\Dell\Click 2 Fix+\node.dll 2014-03-31 22:13 - 2014-03-15 04:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-08-19 23:01 - 2013-08-19 23:01 - 16166280 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service wsearchidxpi (wsearchidxpi) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service UGTHRSVC (UGTHRSVC) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: Unloading the performance counter strings for service UGatherer (UGatherer) failed. The Error code is the first DWORD in Data section. Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: ) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section. Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update. Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 02:36:03 PM) (Source: Application Hang) (User: ) Description: Fault bucket 1432846009. System errors: ============= Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: ) Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll. Reference error message: The operation completed successfully. . Microsoft Office Sessions: ========================= Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: wsearchidxpiwsearchidxpi Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: UGTHRSVCUGTHRSVC Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: UGathererUGatherer Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: ) Description: Performance Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update.(NULL)(NULL)(NULL) Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK Error: (03/31/2014 02:36:03 PM) (Source: Application Hang)(User: ) Description: 1432846009 ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 2046 MB Available physical RAM: 1481.77 MB Total Pagefile: 4968.77 MB Available Pagefile: 4592.5 MB Total Virtual: 2047.88 MB Available Virtual: 1950.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:34.04 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3) Partition: GPT Partition Type. ==================== End Of Log ============================
- April 1, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Dear MrCharlie, My brother accidnetally downloaded SUPERAntiSpyware Program on my computer, and now My computer is lagging again, super slow and the mouse is lagging. I am so upset right now. I can't believe it. I think it gave me malware when he downloaded it from the internet!!!!
- March 31, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Hi MrCharlie, I noticed on my registry , I had OUTFoxTv registry.. Isnt that suppose to be malware ..I also noticed when I am watching educational videos on my computer, they are lagging. Especially on Youtube. It wasnt like that before.. When I am surfing the internet, its super fast though...Any clues? Thanks!!
- March 31, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Owner at 2014-03-30 23:17:04 Running from C:\Documents and Settings\Owner\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) B57Inst (Version: 3.40 - Broadcom) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom) Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software) Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google) Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Restore Points ========================= 14-01-2014 17:49:57 System Checkpoint 15-01-2014 05:54:45 Software Distribution Service 3.0 16-01-2014 07:09:59 Software Distribution Service 3.0 17-01-2014 21:17:33 System Checkpoint 18-01-2014 22:58:06 System Checkpoint 20-01-2014 01:13:57 System Checkpoint 21-01-2014 06:25:08 System Checkpoint 22-01-2014 06:26:14 System Checkpoint 24-01-2014 20:28:07 System Checkpoint 26-01-2014 01:13:14 System Checkpoint 27-01-2014 01:44:57 System Checkpoint 28-01-2014 15:21:36 System Checkpoint 29-01-2014 22:51:49 System Checkpoint 31-01-2014 01:33:13 System Checkpoint 01-02-2014 01:42:05 System Checkpoint 02-02-2014 01:38:00 Removed Bing Bar 02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software 02-02-2014 01:47:27 Removed HP Officejet 4620 series Help 03-02-2014 02:40:44 System Checkpoint 04-02-2014 21:11:53 System Checkpoint 06-02-2014 03:04:23 System Checkpoint 06-02-2014 07:03:59 Removed I.R.I.S. OCR 06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study 06-02-2014 07:11:03 Removed HP Update. 06-02-2014 07:11:45 Removed Skype™ 6.13 07-02-2014 08:00:36 Software Distribution Service 3.0 09-02-2014 05:42:28 System Checkpoint 10-02-2014 08:50:26 System Checkpoint 11-02-2014 23:23:49 System Checkpoint 13-02-2014 02:54:19 System Checkpoint 13-02-2014 08:01:12 Software Distribution Service 3.0 15-02-2014 05:33:36 System Checkpoint 18-02-2014 02:55:11 System Checkpoint 18-02-2014 05:35:50 Installed Achiever 19-02-2014 04:37:11 Removed Achiever 20-02-2014 04:53:35 System Checkpoint 21-02-2014 20:45:06 System Checkpoint 22-02-2014 22:21:19 System Checkpoint 23-02-2014 00:24:32 Installed Java 7 Update 51 23-02-2014 00:37:04 Pre Install Click 2 Fix restore point 23-02-2014 01:10:57 Software Distribution Service 3.0 23-02-2014 06:01:44 Software Distribution Service 3.0 24-02-2014 03:41:32 Software Distribution Service 3.0 25-02-2014 04:19:06 System Checkpoint 26-02-2014 04:54:36 System Checkpoint 28-02-2014 19:49:33 System Checkpoint 01-03-2014 23:21:00 System Checkpoint 03-03-2014 00:02:04 System Checkpoint 04-03-2014 02:44:31 System Checkpoint 05-03-2014 03:22:54 System Checkpoint 05-03-2014 18:48:36 Removed Skype™ 6.14 06-03-2014 21:14:35 System Checkpoint 07-03-2014 21:57:53 System Checkpoint 09-03-2014 01:47:24 System Checkpoint 10-03-2014 07:02:03 System Checkpoint 10-03-2014 21:15:08 Software Distribution Service 3.0 12-03-2014 01:43:49 Software Distribution Service 3.0 14-03-2014 18:44:02 System Checkpoint 16-03-2014 21:39:54 System Checkpoint 17-03-2014 23:51:10 System Checkpoint 19-03-2014 00:49:57 Software Distribution Service 3.0 20-03-2014 18:59:19 System Checkpoint 21-03-2014 19:24:05 System Checkpoint 22-03-2014 22:07:14 System Checkpoint 29-03-2014 03:46:25 Installed Camtasia Studio 8 29-03-2014 06:13:12 Removed Camtasia Studio 8 29-03-2014 06:38:58 Restore Operation 29-03-2014 06:51:15 Installed Camtasia Studio 6 29-03-2014 07:01:10 Software Distribution Service 3.0 30-03-2014 02:02:19 Software Distribution Service 3.0 31-03-2014 02:21:48 System Checkpoint ==================== Hosts content: ========================== 2002-09-03 12:34 - 2011-01-12 19:45 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-25 22:21 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll 2002-09-03 12:53 - 2014-02-05 04:55 - 00562688 _____ () C:\WINDOWS\System32\qedit.dll 2002-09-03 12:44 - 2008-04-14 08:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2002-09-03 12:53 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll 2002-09-03 12:30 - 2008-04-14 08:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll 2014-03-18 17:43 - 2014-03-18 17:44 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:25:48 PM) (Source: Application Hang) (User: ) Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/30/2014 10:25:35 PM) (Source: Application Hang) (User: ) Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (03/30/2014 10:47:50 PM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 02:36:36 PM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 00:29:54 AM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 00:28:01 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (03/30/2014 00:23:05 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:18:25 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (03/30/2014 00:18:04 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:58 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:24 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:22 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI Error: (03/30/2014 10:25:48 PM) (Source: Application Hang)(User: ) Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000 Error: (03/30/2014 10:25:35 PM) (Source: Application Hang)(User: ) Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 2046 MB Available physical RAM: 1470.68 MB Total Pagefile: 4968.77 MB Available Pagefile: 4573.69 MB Total Virtual: 2047.88 MB Available Virtual: 1958.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:33.68 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3) Partition: GPT Partition Type. ==================== End Of Log ============================
- March 31, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Hi MrCharlie! Here are the logs! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 30-03-2014 23:12:25 Running from C:\Documents and Settings\Owner\My Documents\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] - ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {EEBA3501-49F3-4219-96B6-F8603AF1AD5C} URL = http://www.bing.com/search?q={searchTerms}&r=250 SearchScopes: HKCU - {F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} URL = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=&&r=281 BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( ) FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "sync_promo" : { "show_on_first_run_allowed" CHR DefaultSearchProvider: Search By ZoneAlarm CHR DefaultSearchURL: http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=& CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [] CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [] ========================== Services (Whitelisted) ================= S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X] ==================== Drivers (Whitelisted) ==================== R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] () S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-30 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST 2014-03-30 22:33 - 2014-03-30 22:33 - 00002253 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_03302014_223328.txt 2014-03-30 22:29 - 2014-03-30 22:33 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine 2014-03-30 16:36 - 2014-03-30 16:35 - 142051374 _____ () C:\Documents and Settings\Owner\Desktop\Biology Quizzes Workshop.avi 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:49 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-19 00:37 - 2014-03-30 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-18 20:56 - 2014-03-18 20:56 - 00004870 _____ () C:\WINDOWS\KB2934207.log 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 17:43 - 2014-03-18 17:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-11 21:44 - 2014-03-11 21:46 - 00011599 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-11 21:14 - 2014-03-11 21:44 - 00009105 _____ () C:\WINDOWS\KB2929961.log 2014-03-11 21:12 - 2014-03-11 21:44 - 00010423 _____ () C:\WINDOWS\KB2930275.log 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk ==================== One Month Modified Files and Folders ======= 2014-03-30 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST 2014-03-30 22:48 - 2011-10-06 21:12 - 01736801 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-30 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-30 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job 2014-03-30 22:47 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-30 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-30 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-30 22:45 - 2014-02-20 23:01 - 00000000 ____D () C:\AdwCleaner 2014-03-30 22:45 - 2011-10-06 17:29 - 00032112 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-30 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini 2014-03-30 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job 2014-03-30 22:33 - 2014-03-30 22:33 - 00002253 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_03302014_223328.txt 2014-03-30 22:33 - 2014-03-30 22:29 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine 2014-03-30 22:23 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-03-30 20:50 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-30 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job 2014-03-30 16:35 - 2014-03-30 16:36 - 142051374 _____ () C:\Documents and Settings\Owner\Desktop\Biology Quizzes Workshop.avi 2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2 2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2 2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex 2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex 2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2 2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home 2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1 2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1 2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex 2014-03-30 14:57 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1 2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1 2014-03-30 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job 2014-03-30 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job 2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes 2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia 2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt 2014-03-29 14:25 - 2013-08-18 04:24 - 00235912 _____ () C:\WINDOWS\setupapi.log 2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio 2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime 2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith 2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared 2014-03-29 02:51 - 2013-08-18 17:29 - 00011910 _____ () C:\WINDOWS\wmsetup.log 2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith 2014-03-29 02:21 - 2013-08-28 03:25 - 00254093 _____ () C:\WINDOWS\FaxSetup.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00128021 _____ () C:\WINDOWS\ocgen.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00098284 _____ () C:\WINDOWS\tsoc.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00084046 _____ () C:\WINDOWS\comsetup.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00051278 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00040105 _____ () C:\WINDOWS\iis6.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00014149 _____ () C:\WINDOWS\ocmsn.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00012839 _____ () C:\WINDOWS\msgsocm.log 2014-03-29 02:21 - 2013-08-28 03:25 - 00001917 _____ () C:\WINDOWS\imsins.log 2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini 2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini 2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml 2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint 2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat 2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash 2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith 2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml 2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT 2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT 2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini 2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search 2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt 2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-19 00:36 - 2012-08-19 22:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-18 20:56 - 2014-03-18 20:56 - 00004870 _____ () C:\WINDOWS\KB2934207.log 2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-18 20:56 - 2013-08-28 03:25 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-18 17:44 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters 2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt 2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc 2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt 2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt 2014-03-15 19:01 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini 2014-03-15 19:01 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini 2014-03-15 19:01 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-11 21:46 - 2014-03-11 21:44 - 00011599 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-11 21:45 - 2013-09-13 01:32 - 00019755 _____ () C:\WINDOWS\updspapi.log 2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-11 21:44 - 2014-03-11 21:14 - 00009105 _____ () C:\WINDOWS\KB2929961.log 2014-03-11 21:44 - 2014-03-11 21:12 - 00010423 _____ () C:\WINDOWS\KB2930275.log 2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-10 17:16 - 2014-02-13 04:24 - 00019822 _____ () C:\WINDOWS\KB2909921-IE8.log 2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia 2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk 2014-03-09 19:13 - 2013-08-17 18:26 - 00000420 _____ () C:\WINDOWS\setupact.log 2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt 2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs 2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype 2014-03-04 21:14 - 2014-02-22 21:59 - 00024782 _____ () C:\WINDOWS\KB940157Uninst.log Files to move or delete: ==================== C:\Documents and Settings\Owner\Application Data\CamLayout.ini C:\Documents and Settings\Owner\Application Data\CamShapes.ini Some content of TEMP: ==================== C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Owner at 2014-03-30 23:13:51 Running from C:\Documents and Settings\Owner\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) B57Inst (Version: 3.40 - Broadcom) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom) Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software) Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT) Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - ) Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google) Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Restore Points ========================= 14-01-2014 17:49:57 System Checkpoint 15-01-2014 05:54:45 Software Distribution Service 3.0 16-01-2014 07:09:59 Software Distribution Service 3.0 17-01-2014 21:17:33 System Checkpoint 18-01-2014 22:58:06 System Checkpoint 20-01-2014 01:13:57 System Checkpoint 21-01-2014 06:25:08 System Checkpoint 22-01-2014 06:26:14 System Checkpoint 24-01-2014 20:28:07 System Checkpoint 26-01-2014 01:13:14 System Checkpoint 27-01-2014 01:44:57 System Checkpoint 28-01-2014 15:21:36 System Checkpoint 29-01-2014 22:51:49 System Checkpoint 31-01-2014 01:33:13 System Checkpoint 01-02-2014 01:42:05 System Checkpoint 02-02-2014 01:38:00 Removed Bing Bar 02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software 02-02-2014 01:47:27 Removed HP Officejet 4620 series Help 03-02-2014 02:40:44 System Checkpoint 04-02-2014 21:11:53 System Checkpoint 06-02-2014 03:04:23 System Checkpoint 06-02-2014 07:03:59 Removed I.R.I.S. OCR 06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study 06-02-2014 07:11:03 Removed HP Update. 06-02-2014 07:11:45 Removed Skype™ 6.13 07-02-2014 08:00:36 Software Distribution Service 3.0 09-02-2014 05:42:28 System Checkpoint 10-02-2014 08:50:26 System Checkpoint 11-02-2014 23:23:49 System Checkpoint 13-02-2014 02:54:19 System Checkpoint 13-02-2014 08:01:12 Software Distribution Service 3.0 15-02-2014 05:33:36 System Checkpoint 18-02-2014 02:55:11 System Checkpoint 18-02-2014 05:35:50 Installed Achiever 19-02-2014 04:37:11 Removed Achiever 20-02-2014 04:53:35 System Checkpoint 21-02-2014 20:45:06 System Checkpoint 22-02-2014 22:21:19 System Checkpoint 23-02-2014 00:24:32 Installed Java 7 Update 51 23-02-2014 00:37:04 Pre Install Click 2 Fix restore point 23-02-2014 01:10:57 Software Distribution Service 3.0 23-02-2014 06:01:44 Software Distribution Service 3.0 24-02-2014 03:41:32 Software Distribution Service 3.0 25-02-2014 04:19:06 System Checkpoint 26-02-2014 04:54:36 System Checkpoint 28-02-2014 19:49:33 System Checkpoint 01-03-2014 23:21:00 System Checkpoint 03-03-2014 00:02:04 System Checkpoint 04-03-2014 02:44:31 System Checkpoint 05-03-2014 03:22:54 System Checkpoint 05-03-2014 18:48:36 Removed Skype™ 6.14 06-03-2014 21:14:35 System Checkpoint 07-03-2014 21:57:53 System Checkpoint 09-03-2014 01:47:24 System Checkpoint 10-03-2014 07:02:03 System Checkpoint 10-03-2014 21:15:08 Software Distribution Service 3.0 12-03-2014 01:43:49 Software Distribution Service 3.0 14-03-2014 18:44:02 System Checkpoint 16-03-2014 21:39:54 System Checkpoint 17-03-2014 23:51:10 System Checkpoint 19-03-2014 00:49:57 Software Distribution Service 3.0 20-03-2014 18:59:19 System Checkpoint 21-03-2014 19:24:05 System Checkpoint 22-03-2014 22:07:14 System Checkpoint 29-03-2014 03:46:25 Installed Camtasia Studio 8 29-03-2014 06:13:12 Removed Camtasia Studio 8 29-03-2014 06:38:58 Restore Operation 29-03-2014 06:51:15 Installed Camtasia Studio 6 29-03-2014 07:01:10 Software Distribution Service 3.0 30-03-2014 02:02:19 Software Distribution Service 3.0 31-03-2014 02:21:48 System Checkpoint ==================== Hosts content: ========================== 2002-09-03 12:34 - 2011-01-12 19:45 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-25 22:21 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll 2014-03-18 17:43 - 2014-03-18 17:44 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/30/2014 10:25:48 PM) (Source: Application Hang) (User: ) Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/30/2014 10:25:35 PM) (Source: Application Hang) (User: ) Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (03/30/2014 10:47:50 PM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 02:36:36 PM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 00:29:54 AM) (Source: Service Control Manager) (User: ) Description: The OutfoxTvService service failed to start due to the following error: %%2 Error: (03/30/2014 00:28:01 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (03/30/2014 00:23:05 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:18:25 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (03/30/2014 00:18:04 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:58 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:24 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (03/30/2014 00:17:22 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7) Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI Error: (03/30/2014 10:25:48 PM) (Source: Application Hang)(User: ) Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000 Error: (03/30/2014 10:25:35 PM) (Source: Application Hang)(User: ) Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 2046 MB Available physical RAM: 1481.41 MB Total Pagefile: 4968.77 MB Available Pagefile: 4578.3 MB Total Virtual: 2047.88 MB Available Virtual: 1950.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:33.68 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3) Partition: GPT Partition Type. ==================== End Of Log ============================
- March 31, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Thank you so much Mr Charlie for helping me! My PC is fast again! All because of your magic. God bless you!! # AdwCleaner v3.022 - Report created 29/03/2014 at 20:47:17 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - ANAM-RNFR3WMDD7 # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2 Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\prefs.js ] [ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ] [ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1958 octets] - [20/02/2014 23:02:39] AdwCleaner[R1].txt - [2886 octets] - [29/03/2014 20:43:28] AdwCleaner[s0].txt - [2047 octets] - [20/02/2014 23:33:43] AdwCleaner[s1].txt - [2843 octets] - [29/03/2014 20:47:17] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2903 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.29.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANAM-RNFR3WMDD7 [administrator] 3/29/2014 9:10:20 PM mbam-log-2014-03-29 (21-10-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 263065 Time elapsed: 24 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- March 30, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

ROUGEKILLER LOG! RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 03/29/2014 14:16:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] EAT @firefox.exe (FREEBL_GetVector) : nssckbi.dll -> HOOKED (C:\Program Files\Mozilla Firefox\freebl3.dll @ 0x0C001000) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380215A +++++ --- User --- [MBR] 73f987c631ba42764dce97e57309caf0 [bSP] 33e325a7d9768a4c0f3363561fe8019d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_03292014_141658.txt >>
- March 29, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Hi Mr Charlie, Thank you so much for your reply. I have scanned again using Malwarebytes second time, No Threats found. Also, Do I run Roguekiller now, or wait for your instructions? Thanks! Here is my DDS LOG DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2 Run by Owner at 13:03:20 on 2014-03-29 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1387 [GMT -4:00] . . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com uWinlogon: Shell = - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-System: EnableUIPI = dword:1 mPolicies-System: DisableCAD = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{B169077C-B8BA-4261-A7F8-0829245ABA8A} : DHCPNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xkw3v1z4.default-1376784065718\ FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm FF - prefs.js: browser.startup.homepage - about:home FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll . ============= SERVICES / DRIVERS =============== . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-3-29 40776] S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-11-7 30976] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2014-03-29 16:36:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2014-03-29 06:53:04 -------- d-----w- c:\windows\system32\QuickTime 2014-03-29 06:51:53 -------- d-----w- c:\program files\common files\TechSmith Shared 2014-03-29 05:43:42 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint 2014-03-29 04:01:11 -------- d-----w- c:\documents and settings\owner\application data\TechSmith 2014-03-21 06:12:04 -------- d-----w- c:\documents and settings\owner\application data\Windows Search 2014-03-18 19:31:10 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe 2014-03-18 19:31:10 13312 ------w- c:\windows\system32\xp_eos.exe . ==================== Find3M ==================== . 2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec 2014-02-23 00:30:29 103832 ----a-w- c:\documents and settings\owner\GoToAssistDownloadHelper.exe 2014-02-18 01:18:08 867608 ----a-w- c:\windows\DellClick2Fix_DownloadManager.exe 2014-02-18 01:17:52 379315 ----a-w- c:\windows\DellClick2Fix_DownloadManager-1.bin 2014-02-18 01:17:52 12700 ----a-w- c:\windows\DellClick2Fix_DownloadManager-0.bin 2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll . ============= FINISH: 13:04:26.10 =============== ATTACH LOG . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/6/2011 5:29:00 PM System Uptime: 3/29/2014 12:30:08 PM (1 hours ago) . Motherboard: Dell Computer Corp. | | 0G1548 Processor: Intel® Pentium® 4 CPU 2.20GHz | Microprocessor | 2192/400mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 4.74 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP112: 1/14/2014 12:49:57 PM - System Checkpoint RP113: 1/15/2014 12:54:45 AM - Software Distribution Service 3.0 RP114: 1/16/2014 2:09:59 AM - Software Distribution Service 3.0 RP115: 1/17/2014 4:17:33 PM - System Checkpoint RP116: 1/18/2014 5:58:06 PM - System Checkpoint RP117: 1/19/2014 8:13:57 PM - System Checkpoint RP118: 1/21/2014 1:25:08 AM - System Checkpoint RP119: 1/22/2014 1:26:14 AM - System Checkpoint RP120: 1/24/2014 3:28:07 PM - System Checkpoint RP121: 1/25/2014 8:13:14 PM - System Checkpoint RP122: 1/26/2014 8:44:57 PM - System Checkpoint RP123: 1/28/2014 10:21:36 AM - System Checkpoint RP124: 1/29/2014 5:51:49 PM - System Checkpoint RP125: 1/30/2014 8:33:13 PM - System Checkpoint RP126: 1/31/2014 8:42:05 PM - System Checkpoint RP127: 2/1/2014 8:38:00 PM - Removed Bing Bar RP128: 2/1/2014 8:41:29 PM - Removed HP Officejet 4620 series Basic Device Software RP129: 2/1/2014 8:47:27 PM - Removed HP Officejet 4620 series Help RP130: 2/2/2014 9:40:44 PM - System Checkpoint RP131: 2/4/2014 4:11:53 PM - System Checkpoint RP132: 2/5/2014 10:04:23 PM - System Checkpoint RP133: 2/6/2014 2:03:59 AM - Removed I.R.I.S. OCR RP134: 2/6/2014 2:08:26 AM - Removed HP Officejet 4620 series Product Improvement Study RP135: 2/6/2014 2:11:03 AM - Removed HP Update. RP136: 2/6/2014 2:11:45 AM - Removed Skype™ 6.13 RP137: 2/7/2014 3:00:36 AM - Software Distribution Service 3.0 RP138: 2/9/2014 12:42:28 AM - System Checkpoint RP139: 2/10/2014 3:50:26 AM - System Checkpoint RP140: 2/11/2014 6:23:49 PM - System Checkpoint RP141: 2/12/2014 9:54:19 PM - System Checkpoint RP142: 2/13/2014 3:01:12 AM - Software Distribution Service 3.0 RP143: 2/15/2014 12:33:36 AM - System Checkpoint RP144: 2/17/2014 9:55:11 PM - System Checkpoint RP145: 2/18/2014 12:35:50 AM - Installed Achiever RP146: 2/18/2014 11:37:11 PM - Removed Achiever RP147: 2/19/2014 11:53:35 PM - System Checkpoint RP148: 2/21/2014 3:45:06 PM - System Checkpoint RP149: 2/22/2014 5:21:19 PM - System Checkpoint RP150: 2/22/2014 7:24:32 PM - Installed Java 7 Update 51 RP151: 2/22/2014 7:37:04 PM - Pre Install Click 2 Fix restore point RP152: 2/22/2014 8:10:57 PM - Software Distribution Service 3.0 RP153: 2/23/2014 1:01:44 AM - Software Distribution Service 3.0 RP154: 2/23/2014 10:41:32 PM - Software Distribution Service 3.0 RP155: 2/24/2014 11:19:06 PM - System Checkpoint RP156: 2/25/2014 11:54:36 PM - System Checkpoint RP157: 2/28/2014 2:49:33 PM - System Checkpoint RP158: 3/1/2014 6:21:00 PM - System Checkpoint RP159: 3/2/2014 7:02:04 PM - System Checkpoint RP160: 3/3/2014 9:44:31 PM - System Checkpoint RP161: 3/4/2014 10:22:54 PM - System Checkpoint RP162: 3/5/2014 1:48:36 PM - Removed Skype™ 6.14 RP163: 3/6/2014 4:14:35 PM - System Checkpoint RP164: 3/7/2014 4:57:53 PM - System Checkpoint RP165: 3/8/2014 8:47:24 PM - System Checkpoint RP166: 3/10/2014 3:02:03 AM - System Checkpoint RP167: 3/10/2014 5:15:08 PM - Software Distribution Service 3.0 RP168: 3/11/2014 9:43:49 PM - Software Distribution Service 3.0 RP169: 3/14/2014 2:44:02 PM - System Checkpoint RP170: 3/16/2014 5:39:54 PM - System Checkpoint RP171: 3/17/2014 7:51:10 PM - System Checkpoint RP172: 3/18/2014 8:49:57 PM - Software Distribution Service 3.0 RP173: 3/20/2014 2:59:19 PM - System Checkpoint RP174: 3/21/2014 3:24:05 PM - System Checkpoint RP175: 3/22/2014 6:07:14 PM - System Checkpoint RP176: 3/28/2014 11:46:25 PM - Installed Camtasia Studio 8 RP177: 3/29/2014 2:13:12 AM - Removed Camtasia Studio 8 RP178: 3/29/2014 2:38:58 AM - Restore Operation RP179: 3/29/2014 2:51:15 AM - Installed Camtasia Studio 6 RP180: 3/29/2014 3:01:10 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5 Adobe Reader X (10.1.9) B57Inst BCM V.92 56K Modem Broadcom Driver Installer Camtasia Studio 6 Crack the DAT 2013-2014 Crack the DAT 5.0.26 Dell ResourceCD Google Talk Plugin Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Intel® Extreme Graphics Driver Java 7 Update 51 Java Auto Updater Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2000 Professional Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service PDF Settings CS5 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB2888505) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB2909210) Security Update for Windows Internet Explorer 8 (KB2909921) Security Update for Windows Internet Explorer 8 (KB2925418) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2647516) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB2914368) Security Update for Windows XP (KB2916036) Security Update for Windows XP (KB2929961) Security Update for Windows XP (KB2930275) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB975713) SoundMAX Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Windows XP (KB2492386) Update for Windows XP (KB2904266) Update for Windows XP (KB2934207) Update for Windows XP (KB951978) USB2.0 PC Camera (SN9C201&202) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Service Pack 3 WinRAR 4.11 (32-bit) . ==== End Of File ===========================
- March 29, 2014
- 19 replies
Please help me remove, PUP.Optional.InstallCore.A

heythatsanam posted a topic in Resolved Malware Removal Logs

Hi there, I installed Cam Studio and suddenly noticed my computer lagging and Not responding when I am surfing the internet.., so when I uninstalled and ran Malwarebytes, it detected 4 registry files of PUP.Optional.InstallCore.A & PUP.Optional.OptimzerPro.A and I clicked removed. Can you help me to see if everything is removed and I dont have any malware/viruses, etc!! Thanks!!!!
- March 29, 2014
- 19 replies
Please help fix my pup malware and slow computer :(

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Hi MrC, Thank you so so so so soooo much for your help. Seriously meant ALOT!! Its a lot faster, but when I open up a page on Firebox, it takes a while for it to load! Otherwise, everything else is great and better than before God bless you!!!! ))))))))))))
- February 22, 2014
- 13 replies
Please help fix my pup malware and slow computer :(

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Adware Log # AdwCleaner v3.019 - Report created 20/02/2014 at 22:33:43 # Updated 17/02/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - ANAM-RNFR3WMDD7 # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\TechSmith Folder Deleted : C:\Program Files\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\TechSmith Folder Deleted : C:\Documents and Settings\Owner\Application Data\TechSmith Folder Deleted : C:\Documents and Settings\SHAK\Application Data\AVG SafeGuard toolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\prefs.js ] [ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ] [ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1958 octets] - [20/02/2014 22:02:39] AdwCleaner[s0].txt - [1907 octets] - [20/02/2014 22:33:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1967 octets] ########## JRT LOG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Microsoft Windows XP x86 Ran by Owner on Thu 02/20/2014 at 22:51:06.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 02/20/2014 at 22:57:14.62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- February 21, 2014
- 13 replies
Please help fix my pup malware and slow computer :(

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Oops sorry! I just copy pasted the wrong log date (old one) ..Here is the recent one that u instructed me on to do!! sorry!! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.19.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANAM-RNFR3WMDD7 [administrator] 2/20/2014 7:50:23 PM mbam-log-2014-02-20 (19-50-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251747 Time elapsed: 20 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- February 21, 2014
- 13 replies
Please help fix my pup malware and slow computer :(

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.29.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: ANAM-RNFR3WMDD7 [administrator] 10/29/2013 1:42:58 AM mbam-log-2013-10-29 (01-42-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236955 Time elapsed: 26 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- February 21, 2014
- 13 replies
Please help fix my pup malware and slow computer :(

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Yes i did! There wasnt anything found on there when ran using the Quick scan!
- February 21, 2014
- 13 replies
Please help fix my pup malware and slow computer :(

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Thank you so much for helping me ! DDS Log DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Owner at 20:27:34 on 2014-02-20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1406 [GMT -5:00] . . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com uWinlogon: Shell = - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mPolicies-System: EnableUIPI = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xkw3v1z4.default-1376784065718\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-11-7 30976] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2014-02-18 05:36:17 -------- d-----w- c:\documents and settings\owner\3TQuest 2014-02-14 08:56:49 0 ----a-w- C:\LOG3C4.tmp 2014-02-06 06:43:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Skype . ==================== Find3M ==================== . 2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-05 23:26:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec 2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll 2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys . ============= FINISH: 20:28:48.98 =============== Attach Log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/6/2011 5:29:00 PM System Uptime: 2/20/2014 7:45:36 PM (1 hours ago) . Motherboard: Dell Computer Corp. | | 0G1548 Processor: Intel® Pentium® 4 CPU 2.20GHz | Microprocessor | 2192/400mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 6.521 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 440x 10/100 Integrated Controller Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0 Manufacturer: Broadcom Name: Broadcom 440x 10/100 Integrated Controller PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0 Service: bcm4sbxp . ==== System Restore Points =================== . RP82: 11/22/2013 8:39:35 PM - System Checkpoint RP83: 11/25/2013 6:18:27 PM - System Checkpoint RP84: 11/26/2013 10:52:18 PM - System Checkpoint RP85: 11/29/2013 1:14:35 AM - System Checkpoint RP86: 12/2/2013 12:19:23 AM - System Checkpoint RP87: 12/3/2013 8:33:34 PM - System Checkpoint RP88: 12/5/2013 12:06:44 AM - System Checkpoint RP89: 12/6/2013 12:58:17 AM - System Checkpoint RP90: 12/8/2013 11:37:43 PM - System Checkpoint RP91: 12/10/2013 7:30:21 PM - System Checkpoint RP92: 12/11/2013 1:30:23 AM - Software Distribution Service 3.0 RP93: 12/12/2013 2:17:39 AM - System Checkpoint RP94: 12/14/2013 2:15:42 AM - Software Distribution Service 3.0 RP95: 12/16/2013 9:34:15 PM - System Checkpoint RP96: 12/18/2013 2:26:13 AM - System Checkpoint RP97: 12/19/2013 8:37:04 PM - System Checkpoint RP98: 12/21/2013 11:16:45 PM - System Checkpoint RP99: 12/22/2013 11:20:57 PM - System Checkpoint RP100: 12/24/2013 7:31:32 PM - System Checkpoint RP101: 12/27/2013 1:07:43 AM - System Checkpoint RP102: 1/2/2014 12:46:39 AM - System Checkpoint RP103: 1/5/2014 11:40:37 PM - System Checkpoint RP104: 1/6/2014 12:47:17 AM - Removed Skype™ 6.11 RP105: 1/7/2014 4:06:06 AM - System Checkpoint RP106: 1/8/2014 6:52:21 PM - System Checkpoint RP107: 1/8/2014 8:27:19 PM - Removed Skype™ 6.11 RP108: 1/9/2014 8:44:30 PM - System Checkpoint RP109: 1/10/2014 9:26:06 PM - System Checkpoint RP110: 1/11/2014 9:40:41 PM - System Checkpoint RP111: 1/12/2014 9:50:30 PM - System Checkpoint RP112: 1/14/2014 12:49:57 PM - System Checkpoint RP113: 1/15/2014 12:54:45 AM - Software Distribution Service 3.0 RP114: 1/16/2014 2:09:59 AM - Software Distribution Service 3.0 RP115: 1/17/2014 4:17:33 PM - System Checkpoint RP116: 1/18/2014 5:58:06 PM - System Checkpoint RP117: 1/19/2014 8:13:57 PM - System Checkpoint RP118: 1/21/2014 1:25:08 AM - System Checkpoint RP119: 1/22/2014 1:26:14 AM - System Checkpoint RP120: 1/24/2014 3:28:07 PM - System Checkpoint RP121: 1/25/2014 8:13:14 PM - System Checkpoint RP122: 1/26/2014 8:44:57 PM - System Checkpoint RP123: 1/28/2014 10:21:36 AM - System Checkpoint RP124: 1/29/2014 5:51:49 PM - System Checkpoint RP125: 1/30/2014 8:33:13 PM - System Checkpoint RP126: 1/31/2014 8:42:05 PM - System Checkpoint RP127: 2/1/2014 8:38:00 PM - Removed Bing Bar RP128: 2/1/2014 8:41:29 PM - Removed HP Officejet 4620 series Basic Device Software RP129: 2/1/2014 8:47:27 PM - Removed HP Officejet 4620 series Help RP130: 2/2/2014 9:40:44 PM - System Checkpoint RP131: 2/4/2014 4:11:53 PM - System Checkpoint RP132: 2/5/2014 10:04:23 PM - System Checkpoint RP133: 2/6/2014 2:03:59 AM - Removed I.R.I.S. OCR RP134: 2/6/2014 2:08:26 AM - Removed HP Officejet 4620 series Product Improvement Study RP135: 2/6/2014 2:11:03 AM - Removed HP Update. RP136: 2/6/2014 2:11:45 AM - Removed Skype™ 6.13 RP137: 2/7/2014 3:00:36 AM - Software Distribution Service 3.0 RP138: 2/9/2014 12:42:28 AM - System Checkpoint RP139: 2/10/2014 3:50:26 AM - System Checkpoint RP140: 2/11/2014 6:23:49 PM - System Checkpoint RP141: 2/12/2014 9:54:19 PM - System Checkpoint RP142: 2/13/2014 3:01:12 AM - Software Distribution Service 3.0 RP143: 2/15/2014 12:33:36 AM - System Checkpoint RP144: 2/17/2014 9:55:11 PM - System Checkpoint RP145: 2/18/2014 12:35:50 AM - Installed Achiever RP146: 2/18/2014 11:37:11 PM - Removed Achiever RP147: 2/19/2014 11:53:35 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5 Adobe Reader X (10.1.7) B57Inst BCM V.92 56K Modem Broadcom Driver Installer Crack the DAT 2013-2014 Crack the DAT 5.0.26 Dell ResourceCD Google Talk Plugin Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Intel® Extreme Graphics Driver Java 7 Update 25 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2000 Professional Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service PDF Settings CS5 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB2888505) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB2909210) Security Update for Windows Internet Explorer 8 (KB2909921) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2647516) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB2914368) Security Update for Windows XP (KB2916036) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB975713) SoundMAX Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2904266) Update for Windows XP (KB951978) USB2.0 PC Camera (SN9C201&202) WebFldrs XP Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR 4.11 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 2/14/2014 8:07:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 000BDBBF46A7 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message). 2/14/2014 4:27:51 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. . ==== End Of File =========================== RogueKiller Log. RogueKiller V8.8.8 [Feb 19 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 02/20/2014 20:36:55 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x10001FFD) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380215A +++++ --- User --- [MBR] 73f987c631ba42764dce97e57309caf0 [bSP] 33e325a7d9768a4c0f3363561fe8019d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02202014_203655.txt >>
- February 21, 2014
- 13 replies
Please help fix my pup malware and slow computer :(

heythatsanam posted a topic in Resolved Malware Removal Logs

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/6/2011 5:29:00 PM System Uptime: 2/20/2014 4:21:31 PM (0 hours ago) . Motherboard: Dell Computer Corp. | | 0G1548 Processor: Intel® Pentium® 4 CPU 2.20GHz | Microprocessor | 2192/400mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 6.644 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP82: 11/22/2013 8:39:35 PM - System Checkpoint RP83: 11/25/2013 6:18:27 PM - System Checkpoint RP84: 11/26/2013 10:52:18 PM - System Checkpoint RP85: 11/29/2013 1:14:35 AM - System Checkpoint RP86: 12/2/2013 12:19:23 AM - System Checkpoint RP87: 12/3/2013 8:33:34 PM - System Checkpoint RP88: 12/5/2013 12:06:44 AM - System Checkpoint RP89: 12/6/2013 12:58:17 AM - System Checkpoint RP90: 12/8/2013 11:37:43 PM - System Checkpoint RP91: 12/10/2013 7:30:21 PM - System Checkpoint RP92: 12/11/2013 1:30:23 AM - Software Distribution Service 3.0 RP93: 12/12/2013 2:17:39 AM - System Checkpoint RP94: 12/14/2013 2:15:42 AM - Software Distribution Service 3.0 RP95: 12/16/2013 9:34:15 PM - System Checkpoint RP96: 12/18/2013 2:26:13 AM - System Checkpoint RP97: 12/19/2013 8:37:04 PM - System Checkpoint RP98: 12/21/2013 11:16:45 PM - System Checkpoint RP99: 12/22/2013 11:20:57 PM - System Checkpoint RP100: 12/24/2013 7:31:32 PM - System Checkpoint RP101: 12/27/2013 1:07:43 AM - System Checkpoint RP102: 1/2/2014 12:46:39 AM - System Checkpoint RP103: 1/5/2014 11:40:37 PM - System Checkpoint RP104: 1/6/2014 12:47:17 AM - Removed Skype™ 6.11 RP105: 1/7/2014 4:06:06 AM - System Checkpoint RP106: 1/8/2014 6:52:21 PM - System Checkpoint RP107: 1/8/2014 8:27:19 PM - Removed Skype™ 6.11 RP108: 1/9/2014 8:44:30 PM - System Checkpoint RP109: 1/10/2014 9:26:06 PM - System Checkpoint RP110: 1/11/2014 9:40:41 PM - System Checkpoint RP111: 1/12/2014 9:50:30 PM - System Checkpoint RP112: 1/14/2014 12:49:57 PM - System Checkpoint RP113: 1/15/2014 12:54:45 AM - Software Distribution Service 3.0 RP114: 1/16/2014 2:09:59 AM - Software Distribution Service 3.0 RP115: 1/17/2014 4:17:33 PM - System Checkpoint RP116: 1/18/2014 5:58:06 PM - System Checkpoint RP117: 1/19/2014 8:13:57 PM - System Checkpoint RP118: 1/21/2014 1:25:08 AM - System Checkpoint RP119: 1/22/2014 1:26:14 AM - System Checkpoint RP120: 1/24/2014 3:28:07 PM - System Checkpoint RP121: 1/25/2014 8:13:14 PM - System Checkpoint RP122: 1/26/2014 8:44:57 PM - System Checkpoint RP123: 1/28/2014 10:21:36 AM - System Checkpoint RP124: 1/29/2014 5:51:49 PM - System Checkpoint RP125: 1/30/2014 8:33:13 PM - System Checkpoint RP126: 1/31/2014 8:42:05 PM - System Checkpoint RP127: 2/1/2014 8:38:00 PM - Removed Bing Bar RP128: 2/1/2014 8:41:29 PM - Removed HP Officejet 4620 series Basic Device Software RP129: 2/1/2014 8:47:27 PM - Removed HP Officejet 4620 series Help RP130: 2/2/2014 9:40:44 PM - System Checkpoint RP131: 2/4/2014 4:11:53 PM - System Checkpoint RP132: 2/5/2014 10:04:23 PM - System Checkpoint RP133: 2/6/2014 2:03:59 AM - Removed I.R.I.S. OCR RP134: 2/6/2014 2:08:26 AM - Removed HP Officejet 4620 series Product Improvement Study RP135: 2/6/2014 2:11:03 AM - Removed HP Update. RP136: 2/6/2014 2:11:45 AM - Removed Skype™ 6.13 RP137: 2/7/2014 3:00:36 AM - Software Distribution Service 3.0 RP138: 2/9/2014 12:42:28 AM - System Checkpoint RP139: 2/10/2014 3:50:26 AM - System Checkpoint RP140: 2/11/2014 6:23:49 PM - System Checkpoint RP141: 2/12/2014 9:54:19 PM - System Checkpoint RP142: 2/13/2014 3:01:12 AM - Software Distribution Service 3.0 RP143: 2/15/2014 12:33:36 AM - System Checkpoint RP144: 2/17/2014 9:55:11 PM - System Checkpoint RP145: 2/18/2014 12:35:50 AM - Installed Achiever RP146: 2/18/2014 11:37:11 PM - Removed Achiever RP147: 2/19/2014 11:53:35 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5 Adobe Reader X (10.1.7) B57Inst BCM V.92 56K Modem Broadcom Driver Installer Crack the DAT 2013-2014 Crack the DAT 5.0.26 Dell ResourceCD Google Talk Plugin Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Intel® Extreme Graphics Driver Java 7 Update 25 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2000 Professional Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service PDF Settings CS5 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB2888505) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB2909210) Security Update for Windows Internet Explorer 8 (KB2909921) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2647516) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB2914368) Security Update for Windows XP (KB2916036) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB975713) SoundMAX Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2904266) Update for Windows XP (KB951978) USB2.0 PC Camera (SN9C201&202) WebFldrs XP Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR 4.11 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 2/14/2014 8:07:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 000BDBBF46A7 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message). 2/13/2014 3:04:08 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Owner at 16:27:40 on 2014-02-20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1507 [GMT -5:00] . . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com uWinlogon: Shell = - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mPolicies-System: EnableUIPI = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{B169077C-B8BA-4261-A7F8-0829245ABA8A} : DHCPNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xkw3v1z4.default-1376784065718\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-11-7 30976] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-19 40776] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2014-02-20 02:39:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2014-02-18 05:36:17 -------- d-----w- c:\documents and settings\owner\3TQuest 2014-02-14 08:56:49 0 ----a-w- C:\LOG3C4.tmp 2014-02-06 06:43:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Skype . ==================== Find3M ==================== . 2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-05 23:26:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec 2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll 2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys . ============= FINISH: 16:29:48.26 ===============
- February 20, 2014
- 13 replies
Please help! Trojan.Refroso !

heythatsanam posted a topic in Resolved Malware Removal Logs

Hi! I ran a full scan on MalwareBytes for 4 hours last night, and this morning, found 1 threat which turned out to be Trojan.Refroso. Can someone please kindly help me remove it. My computer lags, and says no responding, etc. Please please help me remove this virus! Thank you and God blesss!
- November 7, 2013
- 3 replies
Trojan.Trascur.SGen/Pup/ Trojan downloader, etc

heythatsanam posted a topic in Resolved Malware Removal Logs

Hi Can you guys please help me, My computer is extremely slow and infected, and I was wondering if you guys can please help me remove these dreadful viruses Here is the log for Malwarebytes scanned. Approximately 250 threats found! =( Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.30.09 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Haidery :: HAIDERY-PC [administrator] Protection: Enabled 9/30/2013 9:08:20 PM mbam-log-2013-09-30 (21-08-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195723 Time elapsed: 13 minute(s), 16 second(s) Memory Processes Detected: 3 C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> 1500 -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 1564 -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 2624 -> Delete on reboot. Memory Modules Detected: 1 C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Delete on reboot. Registry Keys Detected: 39 HKLM\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc (Trojan.Sefnit) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYERUPDATESERVICE.EXE (Trojan.Sefnit) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully. HKCR\CLSID\{01F2D720-ECFC-47BF-8302-14D4AE13419b} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully. HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. HKCR\FunWebProductsInstaller.Start.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. HKCR\FunWebProductsInstaller.Start (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully. HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully. HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Delete on reboot. HKLM\SOFTWARE\FunWebProducts\Installer (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator32 (Trojan.Tracur) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV32 (Trojan.Tracur) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {6A1806CD-94D4-4689-BA73-E35EA1EA9990} -> Delete on reboot. HKLM\SYSTEM\CurrentControlSet\Services\BitGuard|ImagePath (PUP.Optional.BitGuard.A) -> Data: C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.PerformerSoft.A) -> Bad: (c:\progra~2\bitguard\261673~1.238\{eab34~1\bitguard.dll) Good: () -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN38106534801900495&UM=2&ctid=CT3300237) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 15 C:\Program Files\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\ProgramData\1078565601 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7} (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\Users\Haidery\AppData\Local\Temp\ct3287307 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\CT3300237 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\CT3300237\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. Files Detected: 189 C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Delete on reboot. C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> Delete on reboot. C:\Windows\System32\api-ms-win-core-heap-l1-1-032.dll (Trojan.Tracur.XGen) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. C:\ProgramData\api-ms-win-core-heap-l1-1-032.dll (Trojan.Tracur.XGen) -> Quarantined and deleted successfully. C:\ProgramData\AF71E23D9BC987D2A5B7293E05E2D9C5\b\binm1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\@u673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\@u673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\@u673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\@u673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\@u673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\wu673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\wu673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\wu673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\wu673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\wu673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\wu673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\_u673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\_u673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\_u673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\_u673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\_u673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\_u673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\ProgramData\SysWoW32\@u673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\7213.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\7473.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\751F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Roaming\8381.tmp (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\System32\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\E86C.tmp (PUP.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.Sefnit) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\nsf942C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\nsiFC24.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\nsnA480.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\nsx181.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\8E35.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\A12F.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\nsc4EC3.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\ct3287307\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\ct3287307\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\ct3287307\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\ct3287307\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\ct3287307\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\CT3300237\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\FlashPlayer_V.115078011c.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\gimp_31.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\PluginInstall (1).exe (MSIL.Solimba) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\PluginInstall (2).exe (MSIL.Solimba) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\PluginInstall.exe (MSIL.Solimba) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\iLividSetup (2).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\iLividSetup (3).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\Setup (4).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\Setup (5).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\Setup (7).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\SetupRG (1).exe (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\SetupRG (2).exe (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\SetupRG.exe (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\TVSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\VeohWebPlayerSetup_us.exe (Adware.InstallBrain) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\video-media-download_setup.exe (PUP.Downware) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\WhiteSmokeInstaller_9147.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\JewelQuest3SDM.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\MahjonggMysteriesSDM.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\movie_player_1280 (1).exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\movie_player_1280 (2).exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_1193.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_Setup (2).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_Setup (3).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_Setup (4).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_Setup (5).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_Setup (6).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_Setup (7).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\Haidery\Downloads\Babylon8_setup.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (Trojan.Downloader.WI) -> Quarantined and deleted successfully. C:\Windows\apisetschemawow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\chkwudrvwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\inetcommwow.exe (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\KBDARMWwow.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\KBDHU1wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\QSVRMGMTwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\slwgawow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\termsrvwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\WsmReswow.exe (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\WWanHCwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\wwansvcwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\msvidc32wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\odfox32wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\dxppswow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully. C:\Windows\System32\02000000f05f51ec1259C.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\System32\02000000f05f51ec1259O.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\System32\02000000f05f51ec1259P.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\System32\02000000f05f51ec1259S.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\Program Files\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Program Files\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i0.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i1.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i10.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i11.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i12.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i13.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i14.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i15.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i2.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i3.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i4.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i5.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i6.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i7.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i8.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1078565601\new.i9.kwd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt0.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt0.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt1.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt1.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt10.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt10.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt11.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt11.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt12.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt12.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt13.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt13.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt14.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt14.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt15.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt15.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt2.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt2.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt3.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt3.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt4.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt4.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt5.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt5.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt6.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt6.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt7.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt7.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt8.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt8.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt9.rar (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\1843161113\frt9.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bl (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\dm (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\uninstall.exe (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\00 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\01 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\02 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\03 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\10 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\11 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\12 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\13 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\20 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\21 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\22 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\23 (PUP.Optional.BitGuard.A) -> Delete on reboot. C:\Users\Haidery\AppData\Local\Temp\ct3287307\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\ct3287307\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\CT3300237\CT3300237.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\CT3300237\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\CT3300237\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Haidery\AppData\Local\Temp\CT3300237\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully. (end)
- October 1, 2013
- 2 replies
PUP malware & BLANK Light Blue Screen upon Startup in Normal mode :(

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Thank you so much for your quick reply. Here are the Zoek Results Zoek.exe Version 4.0.0.4 Updated 27-September-2013 Tool run by Anam on Fri 09/27/2013 at 16:29:13.19. Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Anam\Desktop\zoek\zoek.exe [Quick Scan] [Auto Clean] ==== System Restore Info ====================== ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-587149693-440183245-2185910456-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D6F20C2-AB73-4D9A-9D6C-F87E769B5A69} deleted successfully HKEY_USERS\S-1-5-21-587149693-440183245-2185910456-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default user.js not found ---- Lines CT3298566 removed from prefs.js ---- ---- Lines CT3298566 modified from prefs.js ---- ---- Lines C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566 removed from prefs.js ---- ---- Lines C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566 modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20130927_0434_.backup ProfilePath: C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\djofqw49.default prefs.js not found user.js not found ---- Lines CT3298566 removed from prefs.js ---- ---- Lines CT3298566 modified from prefs.js ---- ---- Lines C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566 removed from prefs.js ---- ---- Lines C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566 modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- ==== Deleting Files \ Folders ====================== "C:\Users\Anam\AppData\Local\{000F5AEB-7E31-4277-9312-1F3881F16513}" deleted "C:\Users\Anam\Downloads\avg_free_stb_all_2012_1808_cnet.exe" deleted "C:\found.000" deleted "C:\found.001" deleted "C:\found.003" deleted "C:\found.005" deleted "C:\found.006" deleted "C:\Users\Nadia\AppData\LocalLow\AskToolbar" deleted "C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566" deleted "C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Anam\AppData\Local\Temp ==== 2013-09-24 22:31:06 14D8444746CF6F5EB038E49874D538F6 5165344 ----a-w- C:\Users\Anam\AppData\Local\Temp\tbMixi.dll 2013-09-24 04:10:09 E0347CFB68DA6E23F52FE39A198D7B12 492164 ----a-w- C:\Users\Anam\AppData\Local\Temp\{397914D6-8227-4063-8A4C-BE85C53886C1}\ISSetup.dll 2013-09-24 04:10:09 A205551E7BA8580D2C0FF896A4D79FA9 460248 ----a-w- C:\Users\Anam\AppData\Local\Temp\_is73C8.exe 2013-09-24 04:10:09 30EBD4E80B1DDA05EAC709A1DC5965B4 164784 ----a-w- C:\Users\Anam\AppData\Local\Temp\{397914D6-8227-4063-8A4C-BE85C53886C1}\_Setup.dll 2013-09-24 04:08:49 F798F61B3B5642D7086B96A891B129D2 37664 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys 2013-09-24 04:08:49 EE0631F44A03290D8508A12ED3B73D87 145072 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll 2013-09-24 04:08:49 A56B06DEAEC7750B453BAA32D959CC16 43184 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\helper.dll 2013-09-24 04:08:49 A4A33D48E286619CDC78DD7EBC18C740 569520 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll 2013-09-24 04:08:49 9846C6120CBCDA5E069F29600612B39A 1095344 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll 2013-09-24 04:08:49 60EF0935011E420C1E90E3EB4FE480C4 257712 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ConfigFiles\avguidx.dll 2013-09-24 04:08:49 2B32843667FCE26ED229AF9D8FD989DE 581808 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll 2013-09-24 04:08:49 1720A8128CD866BBEE8C7D8206391403 3086512 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll 2013-09-24 04:08:49 0B66D02FD0C8DF346E459AFC38FE5433 596144 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll 2013-09-24 04:08:49 0B2520AA90C20971BDB45AE6F3047E0F 45856 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys 2013-09-24 04:08:48 E24B539E8B4F7FBAE1EC785809690C40 2285232 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\vprot.exe 2013-09-24 04:08:48 DEB90E51DD0F6B9F087C1972CC796489 920240 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\lip.exe 2013-09-24 04:08:48 D617A2BFA86001819D20ADCF0BC20719 1822896 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe 2013-09-24 04:08:48 BEA34C09A21490C8BBE89167967FAC26 641200 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe 2013-09-24 04:08:48 4F3A274E95A94E196AC224E1646E8013 147120 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe 2013-09-24 04:08:48 308598FF177676648E043CE28E09FCCD 2267824 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe 2013-09-24 04:08:48 2F208AD0E44992E5FF1CB7C6B699C263 1616048 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe 2013-09-24 04:08:48 2F1CE0072D1FFC72048D9544452C939F 572592 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ConfigFiles\MachineIdCreator.exe 2013-09-24 04:08:47 9A413B46E4035E5793FDF81EBA71EB55 2196656 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\avg-secure-search-installer.exe 2013-09-24 04:08:47 7BA1BAD7FD40CEAA0F0902BC0D92DFB0 640176 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe 2013-09-24 04:08:44 C4CB0D49D9146DBE7D2AC76B5BE015BA 4540440 ----a-w- C:\Users\Anam\AppData\Local\Temp\oi_{F0BA9F46-E491-420E-ACE6-67B18BCBAC6A}.exe 2013-09-24 04:08:37 D09CE61BD82E96A4F76E4C1049761BD1 494920 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll 2013-09-24 04:08:37 AAA7D53D228E76B4291AC61E987BB058 247808 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ConfigFiles\avguidx.dll 2013-09-24 04:08:37 83B017935870D4ADA363EC59D3488D6B 157000 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll 2013-09-24 04:08:37 5235D84702262FC9BCF1A35B261CC1CE 37720 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys 2013-09-24 04:08:37 2F55CAAC94D302C5373FF317DB644D28 568648 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll 2013-09-24 04:08:37 2F1CB7371568776FC578FEB8510148B0 562504 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll 2013-09-24 04:08:37 139723C3A6EB619CBD62ABB437E930DF 31576 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys 2013-09-24 04:08:37 0DE164BCD7ACAF98D12985CAA606B099 565576 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll 2013-09-24 04:08:36 FFA46363EC9CE2572B39F96CC8BBB7D4 146248 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe 2013-09-24 04:08:36 F38DBF287B64358BD10FD002DC91C512 1175368 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\avg-secure-search-installer.exe 2013-09-24 04:08:36 ED1A74F529D0829CF28DB53E33A58F38 1014600 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe 2013-09-24 04:08:36 BC39FCA7E32300ECBAEE98E75C4FBD0F 1883976 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll 2013-09-24 04:08:36 B6C65F3EDBD95E9B61694B86269F7D2E 652616 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\lip.exe 2013-09-24 04:08:36 78F4402803F507A8EB978649CC3984E1 464200 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe 2013-09-24 04:08:36 5E299254DE2A70D7DBCEDE30D6462052 1100616 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\vprot.exe 2013-09-24 04:08:36 486D0F932FF8A272C778A1E748A61A57 1180488 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe 2013-09-24 04:08:36 301CFD154D004E5BC5EC092D86ADC5DB 945480 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe 2013-09-24 04:08:36 07DA2495C8911208579FFBBF0568E232 509256 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe 2013-09-24 04:08:36 05AF2D045031BD83A5D988910F2AACF0 157000 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ConfigFiles\MachineIdCreator.exe 2013-09-24 04:01:12 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ====== Java Cache ===== ====== C:\Windows\system32 ===== 2013-09-24 04:06:58 67EC459E42D3081DD8FD34356F7CAFC1 770384 ----a-w- C:\Windows\System32\msvcr100.dll 2013-09-24 04:06:58 03E9314004F504A14A61C3D364B62F66 421200 ----a-w- C:\Windows\System32\msvcp100.dll ====== C:\Windows\system32\drivers ===== 2013-09-27 02:07:33 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-24 04:08:59 F798F61B3B5642D7086B96A891B129D2 37664 ----a-w- C:\Windows\System32\drivers\avgtpx86.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\Anam\AppData\Roaming ====== 2013-09-24 04:06:50 -------- d-----w- C:\Users\Anam\AppData\Locallow\Temp 2013-09-10 21:54:59 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft ====== C:\Users\Anam ====== 2013-09-27 20:23:34 17C8BF490CA207D06EF2A0EC84F47191 1042066 ----a-w- C:\Users\Anam\Downloads\adwcleaner.exe 2013-09-27 02:06:05 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anam\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-27 02:00:13 482CBA6D1C944A314AC9715F6754DF79 80456 ----a-w- C:\Users\Anam\Downloads\mbam-clean-1.60.2.0003(1).exe 2013-09-27 01:57:02 482CBA6D1C944A314AC9715F6754DF79 80456 ----a-w- C:\Users\Anam\Downloads\mbam-clean-1.60.2.0003.exe 2013-09-24 04:08:04 9CAEC4452CB20FD0BCF56868B94B96C9 592856 ----a-w- C:\Users\Anam\Downloads\cbsidlm-tr1_15-AdwCleaner-SEO-75851221.exe 2013-09-24 04:01:03 64C1A0E3E5B08FAFD6B4678B3A90BE1F 1030038 ----a-w- C:\Users\Anam\Downloads\JRT.exe ====== C: exe-files == 2013-09-27 20:23:34 17C8BF490CA207D06EF2A0EC84F47191 1042066 ----a-w- C:\Users\Anam\Downloads\adwcleaner.exe 2013-09-27 20:18:45 454B3B87A9B31FD96E37A76379FE7EE9 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-587149693-440183245-2185910456-1000\$I9H3U3B.exe 2013-09-27 02:06:05 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anam\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-27 02:00:13 482CBA6D1C944A314AC9715F6754DF79 80456 ----a-w- C:\Users\Anam\Downloads\mbam-clean-1.60.2.0003(1).exe 2013-09-27 01:57:02 482CBA6D1C944A314AC9715F6754DF79 80456 ----a-w- C:\Users\Anam\Downloads\mbam-clean-1.60.2.0003.exe 2013-09-24 04:24:47 17C8BF490CA207D06EF2A0EC84F47191 1042066 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-587149693-440183245-2185910456-1000\$R9H3U3B.exe 2013-09-24 04:10:09 A205551E7BA8580D2C0FF896A4D79FA9 460248 ----a-w- C:\Users\Anam\AppData\Local\Temp\_is73C8.exe 2013-09-24 04:08:48 E24B539E8B4F7FBAE1EC785809690C40 2285232 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\vprot.exe 2013-09-24 04:08:48 DEB90E51DD0F6B9F087C1972CC796489 920240 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\lip.exe 2013-09-24 04:08:48 D617A2BFA86001819D20ADCF0BC20719 1822896 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe 2013-09-24 04:08:48 BEA34C09A21490C8BBE89167967FAC26 641200 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe 2013-09-24 04:08:48 4F3A274E95A94E196AC224E1646E8013 147120 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe 2013-09-24 04:08:48 308598FF177676648E043CE28E09FCCD 2267824 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe 2013-09-24 04:08:48 2F208AD0E44992E5FF1CB7C6B699C263 1616048 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe 2013-09-24 04:08:48 2F1CE0072D1FFC72048D9544452C939F 572592 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ConfigFiles\MachineIdCreator.exe 2013-09-24 04:08:47 9A413B46E4035E5793FDF81EBA71EB55 2196656 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\avg-secure-search-installer.exe 2013-09-24 04:08:47 7BA1BAD7FD40CEAA0F0902BC0D92DFB0 640176 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe 2013-09-24 04:08:44 C4CB0D49D9146DBE7D2AC76B5BE015BA 4540440 ----a-w- C:\Users\Anam\AppData\Local\Temp\oi_{F0BA9F46-E491-420E-ACE6-67B18BCBAC6A}.exe 2013-09-24 04:08:36 FFA46363EC9CE2572B39F96CC8BBB7D4 146248 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe 2013-09-24 04:08:36 F38DBF287B64358BD10FD002DC91C512 1175368 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\avg-secure-search-installer.exe 2013-09-24 04:08:36 ED1A74F529D0829CF28DB53E33A58F38 1014600 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe 2013-09-24 04:08:36 B6C65F3EDBD95E9B61694B86269F7D2E 652616 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\lip.exe 2013-09-24 04:08:36 78F4402803F507A8EB978649CC3984E1 464200 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe 2013-09-24 04:08:36 5E299254DE2A70D7DBCEDE30D6462052 1100616 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\vprot.exe 2013-09-24 04:08:36 486D0F932FF8A272C778A1E748A61A57 1180488 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe 2013-09-24 04:08:36 301CFD154D004E5BC5EC092D86ADC5DB 945480 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe 2013-09-24 04:08:36 07DA2495C8911208579FFBBF0568E232 509256 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe 2013-09-24 04:08:36 05AF2D045031BD83A5D988910F2AACF0 157000 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ConfigFiles\MachineIdCreator.exe 2013-09-24 04:08:04 9CAEC4452CB20FD0BCF56868B94B96C9 592856 ----a-w- C:\Users\Anam\Downloads\cbsidlm-tr1_15-AdwCleaner-SEO-75851221.exe 2013-09-24 04:01:12 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2013-09-24 04:01:03 64C1A0E3E5B08FAFD6B4678B3A90BE1F 1030038 ----a-w- C:\Users\Anam\Downloads\JRT.exe === C: other files == 2013-09-27 02:07:33 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-24 04:08:59 F798F61B3B5642D7086B96A891B129D2 37664 ----a-w- C:\Windows\System32\drivers\avgtpx86.sys 2013-09-24 04:08:49 F798F61B3B5642D7086B96A891B129D2 37664 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys 2013-09-24 04:08:49 0B2520AA90C20971BDB45AE6F3047E0F 45856 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys 2013-09-24 04:08:46 A18651DEEC522D0C3362266A26A8CC97 257159 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgData\AVG SafeGuard toolbar\ChromeExt\15.4.0.5\avg.crx 2013-09-24 04:08:46 264F8E1A89771B80D9F2985A68BAA8C3 178115 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\data.zip 2013-09-24 04:08:37 5235D84702262FC9BCF1A35B261CC1CE 37720 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys 2013-09-24 04:08:37 139723C3A6EB619CBD62ABB437E930DF 31576 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys 2013-09-24 04:08:36 7DD13BC2983BC384F5883F97BA0149F9 180659 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgData\AVG SafeGuard toolbar\ChromeExt\14.0.0.12\avg.crx 2013-09-24 04:01:12 FDB9CF820305FE44231763042642F7A6 12733 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\searchlnk.bat 2013-09-24 04:01:12 E0589EF14B8B620FE8754D61C1538F9D 152206 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\firefox.bat 2013-09-24 04:01:12 D1D3FD0499CAD7C6CC982D84420C1B7C 16063 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\get.bat 2013-09-24 04:01:12 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\modules.bat 2013-09-24 04:01:12 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\FWPolicy.bat 2013-09-24 04:01:12 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\ask.bat 2013-09-24 04:01:12 8A5F66FA7FEC2E9BE70081BEA85CF380 10261 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\JRT.bat 2013-09-24 04:01:12 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\ev_clear.bat 2013-09-24 04:01:12 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\delorphans.bat 2013-09-24 04:01:12 603595734D290C73FA40EDA1ACADF265 14973 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\chrome.bat 2013-09-24 04:01:12 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\prelim.bat 2013-09-24 04:01:12 4A6E641AAC6D55A22B86A0753C6B8667 146539 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\misc.bat 2013-09-24 04:01:12 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\TDL4.bat 2013-09-24 04:01:12 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\medfos.bat 2013-09-24 04:01:12 1277E771E8BF193B4C64BA5BAE6A424E 8398 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\runvalues.bat 2013-09-24 04:01:12 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\delfolders.bat 2013-09-24 04:01:12 05B282816F9DB49C325A5D88ECF0D9A1 29932 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\iexplore.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-587149693-440183245-2185910456-1000\Software\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="TOSCDSPD.EXE" "Akamai NetSession Interface"="C:\Users\Anam\AppData\Local\Akamai\netsession_win.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-21-587149693-440183245-2185910456-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "924_1930563102704"="C:\Users\Anam\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp_r.bat" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="RtHDVCpl.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "NDSTray.exe"="NDSTray.exe" "cfFncEnabler.exe"="cfFncEnabler.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "snp2std"="C:\Windows\vsnp2std.exe" "AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe " "SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe " "00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent" "Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript" "924_1930298102704"="C:\Users\Anam\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="TOSCDSPD.EXE" "Akamai NetSession Interface"="C:\Users\Anam\AppData\Local\Akamai\netsession_win.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "924_1930563102704"="C:\Users\Anam\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp_r.bat" ==== Startup Folders ====================== 2011-09-26 03:34:33 1882 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job --a------ C:\Windows\TEMP\52375223-1E16-4178-8570-64551329A3E6.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/19/2011 05:14 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/19/2011 05:14 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default - BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi ProfilePath: C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\djofqw49.default - Hide My Ass Proxy Extension - %ProfilePath%\extensions\extension@hidemyass.com.xpi - BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi AppDir: C:\Program Files\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} ==== Firefox Plugins ====================== Profilepath: C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default 101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update AE1971EEAD01BEEE155F0EBB4B09D2D7 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7 2F7E933613F278A713F45E51B9BFE954 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7 BD879D8AFBCCAB1F957904168D9CD6D8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7 21EF01CBD2E5D126D51EF8FFDBB98390 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7 01986158921B5064631F6C47A998FD99 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7 15A10AEA93A48B82E7AF02B6F32D3564 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7 534FB04D167CE2B8DE6E180A23646074 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7 5AD4E19D583FA285F4B5CCB7784A28C2 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash D8A3FDE47CBDC2D6DFAC14243050526B - C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll - WPI Detector 1.4 CE252B04FB9F4F773A7DB5338BFEEA5B - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 6DE7BF0DADC0881F7ED82D9FCC998B89 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.toshibadirect.com/dpdstart" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.yahoo.com/?ilc=8" "Default_Page_URL"="http://www.yahoo.com/?ilc=8" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {77695E20-8E65-4041-88A5-33787F75BAEA} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_enUS450" ==== Empty IE Cache ====================== C:\Users\Anam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Anam\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nadia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nadia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Anam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Anam\AppData\Local\Mozilla\Firefox\Profiles\me0sl4d0.default\Cache emptied successfully C:\Users\Nadia\AppData\Local\Mozilla\Firefox\Profiles\djofqw49.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Anam\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Anam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on Fri 09/27/2013 at 16:41:28.26 ======================
- September 27, 2013
- 5 replies
PUP malware & BLANK Light Blue Screen upon Startup in Normal mode :(

heythatsanam posted a topic in Resolved Malware Removal Logs

Please help you guys, I have a Laptop Toshiba Sattelite L305 and I downloaded AdwCleaner and when it restarted my computer, I noticed a Light Blue blank screen upon StartUp, but If I am using Safe Mode with Networking, I can surf the internet, it runs normal, but if I am on Normal mode restarting, it just goes to a Blank light blue screen. Please help me I ran a scan on Malwarebytes and this is what I found. A whole bunch of PUP malware. Do you think this caused my Blank light blue screen upon Startup, it wont take me to my Desktop !!!!!!! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.26.09 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Anam :: ANAM-PC [administrator] 9/26/2013 10:09:44 PM mbam-log-2013-09-26 (22-09-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213082 Time elapsed: 8 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Users\Anam\AppData\Local\Temp\ct3298566 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. Files Detected: 20 C:\Users\Anam\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\MixiCND_CID2_20130716.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\CT3298566.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\AppData\Local\Temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Anam\Downloads\Setup(1).exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully. C:\Users\Anam\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
- September 27, 2013
- 5 replies
PUP Virus, Trojan.BHO and Extremely Slow Computer

heythatsanam replied to heythatsanam's topic in Resolved Malware Removal Logs

Hey Borislav!! Its gotten faster when surfing the web!!! Thank you so so much... But I noticed afew things, When I boot my system XP- it takes soooooooooooooo LONG for it to load to the desktop screen..Is there a 3rd party or something happening inside my computer??? or maybe a program??? I am confused. Can u help me out on that???
- August 18, 2013
- 9 replies

Events

Profiles

Forums

Everything posted by heythatsanam

Important Information