Jump to content

PUP.Optional.FrostwireTB.A, PUP.Optional.OpenCandy, Backdoor0.Access, Trojan.Medfos found on my PC recently


Recommended Posts

A couple of days ago, I started noticing my PC behaving strangely.  It seemed slower than usual and had a sort of "studder" - for example, it would delay and then open 2 new tabs when I was only trying to open 1, and delay and open 2 new browser windows when I was only trying to open one.  There were also delays when I was typing - I would type and nothing would display, then a second later my text would appear instead of the usual instantaneous typing.  I ran a scan with Avast! free antivirus, which turned up nothing.  Then I downloaded the latest update for Malwarebytes and ran a Custom Scan.  It turned up several instances of PUPs and other problems listed here:

 

PUP.Optional.FrostwireTB.A

 

PUP.Optional.OpenCandy

 

Backdoor0.Access

 

Trojan.Medfos

 

I proceeded to quarantine all items and later I deleted them.  Since then, I've run a couple of Malwarebytes Custom Scans over the days since, which turned up nothing.  Also, the "studders" appear to be gone and I haven't noticed any more strange behavior.  Not yet, anyway. 

 

I'm wondering what more I should do to make sure I am free from this malware, and what I have to do before I can go back to using my computer for things such as Amazon purchases or job applications which may require me to enter personal information. 

 

I've looked on the "I'm infected - What do I do now?" post and so far today I've run a Malwarebytes Threat Scan (which I am told is the new name for the old Quick Scan).  Like the past couple of scans I've done, it has turned up nothing. 

 

I've also downloaded the Farbar Recovery Scan Tool and run a scan.  Below are the contents of the FRST.txt and Addition.txt files.

 

PS - as far as I know, this computer isn't using any Peer 2 Peer software or uTorrent.  I apologize if I'm wrong about that.  I wouldn't say I am tech-savvy so I don't know for sure.

 

Link to post
Share on other sites

Contents of FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-07-2014
Ran by Dan Popp (administrator) on DANPOPP on 09-07-2014 14:54:07
Running from C:\Documents and Settings\Dan Popp\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe
(Linksys) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PCMService] => C:\Program Files\Dell\Media Experience\PCMService.exe [204800 2003-08-26] (CyberLink Corp.)
HKLM\...\Run: [diagent] => C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [135264 2002-04-03] (Creative Technology Ltd)
HKLM\...\Run: [updReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [storageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions)
HKLM\...\Run: [brStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother)
HKLM\...\Run: [MSN Toolbar] => C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe [240992 2010-02-12] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [userFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [534160 2013-02-10] (QFX Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-10-01] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4086432 2014-07-06] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [spotify Web Helper] => C:\Documents and Settings\Dan Popp\Application Data\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-19] (Spotify Ltd)
HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-06-16] (Google Inc.)
HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2000478354-651377827-839522115-1003\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shdocvw.dll ATTENTION! ====> ZeroAccess/Alureon?
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {B575BFA9-A94B-46C4-8540-FD4D451C965B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=B8509BA9-9EDD-4F88-B282-BD9537C7863D&apn_sauid=BC7EFA07-1917-4062-8FC1-3AEB559CD04E
SearchScopes: HKCU - {D9840BA4-2A50-471F-8150-135CE1D0C4F4} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GZAZ_enUS317
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -  No File
BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: Microsoft Default Manager - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\DefaultManager@Microsoft [2013-08-01]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\donottrackplus@abine.com [2014-06-10]
FF Extension: MaskMe - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\idme@abine.com [2014-03-05]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-03-12]
FF Extension: Webmail Ad Blocker - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\gmailnoads@mywebber.com.xpi [2013-03-12]
FF Extension: Social Fixer - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\socialfixer@mattkruse.com.xpi [2014-01-31]
FF Extension: Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-10]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-26]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-01]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-03-18]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2010-03-04] ()
S2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [215128 2010-09-18] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.)
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
U4 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X]
R2 WMP54GX4SVC; "C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe" "WMP54GX.exe" [X]

==================== Drivers (Whitelisted) ====================

R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( ) [File not signed]
R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( ) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2009-02-26] (Meetinghouse Data Communications) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-06] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-06] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-06] ()
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] () [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [208920 2013-02-06] (QFX Software Corporation)
R3 Linksys3P; C:\WINDOWS\System32\DRIVERS\TMIMO31P.sys [780800 2005-11-29] (Airgo Networks, Inc.)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [138384 2010-09-18] ()
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 14:54 - 2014-07-09 14:54 - 00022381 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt
2014-07-09 14:53 - 2014-07-09 14:54 - 00000000 ____D () C:\FRST
2014-07-09 14:53 - 2014-07-09 14:53 - 01074688 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe
2014-07-09 10:46 - 2014-07-09 10:46 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-07-07 15:07 - 2014-07-09 13:54 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 15:07 - 2014-07-07 13:27 - 00000789 _____ () C:\Documents and Settings\Dan Popp\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 13:27 - 2014-07-07 19:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 13:27 - 2014-07-07 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 13:27 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-06 13:19 - 2014-07-06 13:19 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-06 13:11 - 2014-07-06 13:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-30 13:51 - 2014-06-30 13:51 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\200 Situps
2014-06-30 13:48 - 2014-06-30 13:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\100 Pushups
2014-06-18 21:37 - 2014-06-18 21:37 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Adobe
2014-06-11 10:43 - 2014-06-11 10:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-09 14:55 - 2009-02-26 01:09 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Temp
2014-07-09 14:54 - 2014-07-09 14:54 - 00022381 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt
2014-07-09 14:54 - 2014-07-09 14:53 - 00000000 ____D () C:\FRST
2014-07-09 14:53 - 2014-07-09 14:53 - 01074688 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe
2014-07-09 14:49 - 2012-07-10 15:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-09 14:43 - 2013-10-07 01:35 - 00000380 _____ () C:\Documents and Settings\Dan Popp\Desktop\Notes.txt
2014-07-09 14:43 - 2009-02-28 14:51 - 01077159 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-09 14:18 - 2013-06-16 23:24 - 00000990 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003UA.job
2014-07-09 14:14 - 2010-01-31 18:09 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 13:54 - 2014-07-07 15:07 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 13:12 - 2012-07-08 22:24 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-09 12:57 - 2013-07-11 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 12:49 - 2009-03-02 21:52 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 12:14 - 2010-01-31 18:09 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-09 10:48 - 2013-10-01 14:30 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-651377827-839522115-1003.job
2014-07-09 10:47 - 2012-05-20 22:32 - 00000434 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-07-09 10:47 - 2009-02-25 18:55 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-07-09 10:47 - 2003-07-16 11:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-09 10:46 - 2014-07-09 10:46 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-07-09 10:46 - 2009-02-26 01:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-09 10:46 - 2009-02-25 18:55 - 00000048 ____C () C:\WINDOWS\wiaservc.log
2014-07-09 00:03 - 2009-02-26 01:09 - 00000178 ___SH () C:\Documents and Settings\Dan Popp\ntuser.ini
2014-07-09 00:03 - 2009-02-26 01:08 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-08 20:18 - 2013-06-16 23:24 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003Core.job
2014-07-08 15:00 - 2014-03-16 13:27 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-08 14:50 - 2012-07-10 15:43 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 14:50 - 2011-06-01 18:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 11:32 - 2009-03-01 22:09 - 00047512 _____ () C:\Documents and Settings\Dan Popp\Application Data\wklnhst.dat
2014-07-07 22:26 - 2013-03-13 19:02 - 00044032 _____ () C:\Documents and Settings\Dan Popp\My Documents\Workout Calendar.xls
2014-07-07 19:19 - 2009-02-26 01:09 - 00000000 ____D () C:\Documents and Settings\Dan Popp
2014-07-07 19:18 - 2009-03-02 22:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB938464$
2014-07-07 19:15 - 2014-07-07 13:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 19:14 - 2003-07-16 11:33 - 00000000 __SHD () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\{6a328933-032b-cf97-a9e8-5174d95ea84f}
2014-07-07 16:50 - 2014-05-11 23:54 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\MP3Gain Test Songs
2014-07-07 15:48 - 2011-09-23 22:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-07-07 13:27 - 2014-07-07 15:07 - 00000789 _____ () C:\Documents and Settings\Dan Popp\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 13:27 - 2014-07-07 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 13:27 - 2012-05-18 16:42 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\Malwarebytes
2014-07-07 13:27 - 2012-05-18 16:40 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-07 13:27 - 2012-05-18 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-07-07 13:27 - 2012-05-18 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-06 13:19 - 2014-07-06 13:19 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-06 13:12 - 2009-02-27 21:19 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-06 13:11 - 2014-07-06 13:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-06 13:11 - 2014-04-30 22:13 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-06 13:11 - 2013-03-13 15:49 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-06 13:11 - 2013-03-13 15:49 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-07-06 13:11 - 2013-03-13 15:49 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-06 13:11 - 2011-02-26 20:53 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-06 13:11 - 2009-02-27 21:19 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-06 13:11 - 2009-02-27 21:19 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-06 13:11 - 2009-02-27 21:19 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-07-06 12:17 - 2013-10-01 14:30 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-651377827-839522115-1003.job
2014-07-04 17:01 - 2009-02-27 21:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\My Documents\Resumes
2014-07-04 15:25 - 2009-02-27 22:37 - 00375141 _____ () C:\WINDOWS\wmsetup.log
2014-07-01 11:51 - 2014-04-10 16:08 - 00000263 _____ () C:\Documents and Settings\Dan Popp\Desktop\Jobs to Investigate.txt
2014-06-30 13:51 - 2014-06-30 13:51 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\200 Situps
2014-06-30 13:50 - 2014-06-30 13:48 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\100 Pushups
2014-06-26 10:36 - 2009-03-02 21:53 - 00690001 _____ () C:\WINDOWS\setupapi.log
2014-06-19 22:56 - 2009-02-27 19:36 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-06-18 21:37 - 2014-06-18 21:37 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Adobe
2014-06-12 10:29 - 2013-02-14 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-11 10:43 - 2014-06-11 10:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-09 10:14 - 2012-04-15 22:45 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\Mozilla

ZeroAccess:
C:\Documents and Settings\Dan Popp\Local Settings\Application Data\{6a328933-032b-cf97-a9e8-5174d95ea84f}

Some content of TEMP:
====================
C:\Documents and Settings\Dan Popp\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u11-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\npp.6.3.2.Installer.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\SCC.dll
C:\Documents and Settings\Dan Popp\Local Settings\Temp\shutdown1379708003.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Dan Popp\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Dan Popp\Local Settings\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Very sorry for the delay. The site has been very busy and there has been more demand for support than we were able handle for a while there.
I'm just now getting back to see if you still need help or not. If you do please reply back and let me know and I'll go ahead and assist you.

Thank you
 

Link to post
Share on other sites

Very sorry for the delay. The site has been very busy and there has been more demand for support than we were able handle for a while there.

I'm just now getting back to see if you still need help or not. If you do please reply back and let me know and I'll go ahead and assist you.

Thank you

 

 

Well, I think I am okay now.  But if you don't mind, I do have a request.  I'd just like a second opinion here - is there any way we could double-check my logs just to make sure they are clean?  It's a shared pc and I'm not sure if everyone who uses it has been browsing safely.

Link to post
Share on other sites

  • Root Admin

No problem, better safe than sorry. We can review it for an infection

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Hello again, sorry for the delay.  Anyway, I got to running the tools you sent me here and completing the logs.  First, here is the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/1/2014
Scan Time: 11:48:03 AM
Logfile: MalwareBytes Scan 9-1-14.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.01.05
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Dan Popp

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 415164
Time Elapsed: 3 hr, 32 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

and the Roguekiller log:

 

 

RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dan Popp [Admin rights]
Mode : Scan -- Date : 09/01/2014  16:47:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pohci13F -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pohci13F -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.94.156.1 68.94.157.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.94.156.1 151.164.8.201  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8539FD6D-DDDF-4732-86DD-861691E8FEC7} | DhcpNameServer : 68.94.156.1 68.94.157.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8539FD6D-DDDF-4732-86DD-861691E8FEC7} | DhcpNameServer : 68.94.156.1 151.164.8.201  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-2000478354-651377827-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2000478354-651377827-839522115-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 3 (Driver: LOADED) ¤¤¤
[sSDT:Addr(Hook.SSDT)] NtCreatePagingFile[45] : a347bus.sys @ 0xf75afb00
[sSDT:Addr(Hook.SSDT)] NtOpenFile[116] : a347bus.sys @ 0xf75afb40
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\redbook @ Unknown (\SystemRoot\System32\DRIVERS\redbook.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080L0 +++++
--- User ---
[MBR] 214a0ea60655085b3446fb0b3bae47a1
[bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 80325 | Size: 76245 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 

Link to post
Share on other sites

  • Root Admin

Thanks, Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Just made it through steps 4-8.

 

Step 04 - Junkware Removal Tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Dan Popp on Wed 09/03/2014 at 14:42:44.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 





~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Dan Popp\Application Data\mozilla\firefox\profiles\plobqh6y.default\prefs.js

user_pref("socialfixer.196603871/typeahead_new", "for (; ;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":196603871,\"photo\":\"hxxps:\\/\\/fbcdn-profile-a.akamaihd.net\\/hpro
Emptied folder: C:\Documents and Settings\Dan Popp\Application Data\mozilla\firefox\profiles\plobqh6y.default\minidumps [4 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/03/2014 at 14:53:03.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Step 05 - AdwCleaner Log:

 

# AdwCleaner v3.309 - Report created 03/09/2014 at 15:35:26
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dan Popp - DANPOPP
# Running from : C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\prefs.js ]

Line Deleted : user_pref("extensions.gmailnoads@mywebber.com.install-event-fired", true);

[ File : C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qzdtvs36.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1153 octets] - [03/09/2014 15:25:58]
AdwCleaner[s0].txt - [1078 octets] - [03/09/2014 15:35:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1138 octets] ##########
 

Step 06 - Malwarebytes Threat Scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/3/2014
Scan Time: 3:48:37 PM
Logfile: MalwareBytes Scan 9-3-14.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.03.08
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Dan Popp

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322891
Time Elapsed: 44 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Step 07 - ESET Online Scan Log:

 

C:\Documents and Settings\Dan Popp\Desktop\Essentials\FreeYouTubeToMP3Converter.exe    Win32/OpenCandy potentially unsafe application
 

Step 08 - FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014
Ran by Dan Popp (administrator) on DANPOPP on 03-09-2014 21:13:47
Running from C:\Documents and Settings\Dan Popp\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Linksys) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [storageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [534160 2013-02-10] (QFX Software Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKCU - {D9840BA4-2A50-471F-8150-135CE1D0C4F4} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GZAZ_enUS317
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ->  No File
BHO: No Name -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} ->  No File
BHO: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
BHO: No Name -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} ->  No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: Microsoft Default Manager - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\DefaultManager@Microsoft [2013-08-01]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\donottrackplus@abine.com [2014-07-10]
FF Extension: MaskMe - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\idme@abine.com [2014-03-05]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-03-12]
FF Extension: Webmail Ad Blocker - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\gmailnoads@mywebber.com.xpi [2013-03-12]
FF Extension: Social Fixer - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\socialfixer@mattkruse.com.xpi [2014-01-31]
FF Extension: NoScript - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-10]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-03]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-26]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-01]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-03-18]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2010-03-04] ()
S4 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [215128 2010-09-18] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.)
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
U4 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X]
R2 WMP54GX4SVC; "C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe" "WMP54GX.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( ) [File not signed]
R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( ) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2009-02-26] (Meetinghouse Data Communications) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-06] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-06] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-06] ()
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] () [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [208920 2013-02-06] (QFX Software Corporation)
R3 Linksys3P; C:\WINDOWS\System32\DRIVERS\TMIMO31P.sys [780800 2005-11-29] (Airgo Networks, Inc.)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
S3 catchme; \??\C:\DOCUME~1\DANPOP~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 21:13 - 2014-09-03 21:14 - 00020292 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt
2014-09-03 21:13 - 2014-09-03 21:13 - 00000000 ____D () C:\FRST
2014-09-03 21:09 - 2014-09-03 21:09 - 01096704 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe
2014-09-03 21:05 - 2014-09-03 21:05 - 00000132 _____ () C:\Documents and Settings\Dan Popp\Desktop\ESET Scan List of found threats.txt
2014-09-03 18:13 - 2014-09-03 18:13 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 16:35 - 2014-09-03 16:35 - 00001107 _____ () C:\Documents and Settings\Dan Popp\Desktop\MalwareBytes Scan 9-3-14.txt
2014-09-03 15:38 - 2014-09-03 15:38 - 00001218 _____ () C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner[s0].txt
2014-09-03 15:37 - 2014-09-03 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2014-09-03 15:25 - 2014-09-03 15:35 - 00000000 ____D () C:\AdwCleaner
2014-09-03 15:23 - 2014-09-03 15:23 - 01370467 _____ () C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner.exe
2014-09-03 14:53 - 2014-09-03 14:53 - 00001067 _____ () C:\Documents and Settings\Dan Popp\Desktop\JRT.txt
2014-09-03 14:40 - 2014-09-03 14:40 - 01016261 _____ (Thisisu) C:\Documents and Settings\Dan Popp\Desktop\JRT.exe
2014-09-03 09:57 - 2014-09-03 15:37 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-09-03 00:13 - 2014-09-03 00:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-01 16:39 - 2014-09-01 16:41 - 04857944 _____ () C:\Documents and Settings\Dan Popp\Desktop\RogueKiller.exe
2014-09-01 16:33 - 2014-09-01 16:42 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-01 16:33 - 2014-09-01 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 16:30 - 2014-09-01 16:30 - 00001114 _____ () C:\Documents and Settings\Dan Popp\Desktop\MalwareBytes Scan 9-1-14.txt
2014-08-31 23:18 - 2014-08-31 23:19 - 00000000 ____D () C:\Program Files\ERUNT
2014-08-31 23:18 - 2014-08-31 23:18 - 00000611 _____ () C:\Documents and Settings\Dan Popp\Desktop\NTREGOPT.lnk
2014-08-31 23:18 - 2014-08-31 23:18 - 00000592 _____ () C:\Documents and Settings\Dan Popp\Desktop\ERUNT.lnk
2014-08-31 23:18 - 2014-08-31 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-08-31 23:17 - 2014-08-31 23:17 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Dan Popp\Desktop\erunt-setup.exe
2014-08-31 21:42 - 2014-08-31 21:42 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Dan Popp\Desktop\rkill.exe
2014-08-31 13:11 - 2014-09-01 11:41 - 00001892 _____ () C:\Documents and Settings\Dan Popp\Desktop\Rkill.txt
2014-08-26 11:57 - 2014-08-26 12:41 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\youtube songs
2014-08-23 13:27 - 2014-08-23 13:27 - 01204224 _____ () C:\Documents and Settings\Dan Popp\Desktop\bookmarksaug22.html
2014-08-15 10:12 - 2014-08-15 10:14 - 16631829 _____ () C:\Documents and Settings\Dan Popp\Desktop\facebook-danpopp92 as of August 14, 2014.zip
2014-08-10 21:15 - 2014-08-29 15:03 - 00010610 _____ () C:\WINDOWS\wmsetup.log
2014-08-08 19:36 - 2014-07-28 12:48 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140808-193658.backup
2014-08-08 10:44 - 2014-08-08 10:44 - 00015352 _____ () C:\Documents and Settings\Dan Popp\Desktop\IMG_18289871517457.jpeg
2014-08-08 10:28 - 2014-08-28 10:34 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\WinPatrol
2014-08-07 18:06 - 2014-08-07 18:06 - 00000000 ____D () C:\Program Files\Ruiware
2014-08-07 18:06 - 2014-08-07 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
2014-08-07 18:05 - 2014-08-07 18:05 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-04 17:55 - 2014-08-04 17:59 - 00000637 _____ () C:\Documents and Settings\Dan Popp\Desktop\OpenCandy Removal.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 21:14 - 2014-09-03 21:13 - 00020292 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt
2014-09-03 21:14 - 2014-07-28 12:55 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\temp
2014-09-03 21:14 - 2010-01-31 18:09 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 21:13 - 2014-09-03 21:13 - 00000000 ____D () C:\FRST
2014-09-03 21:09 - 2014-09-03 21:09 - 01096704 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe
2014-09-03 21:05 - 2014-09-03 21:05 - 00000132 _____ () C:\Documents and Settings\Dan Popp\Desktop\ESET Scan List of found threats.txt
2014-09-03 20:49 - 2012-07-10 15:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-03 20:18 - 2013-06-16 23:24 - 00000990 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003UA.job
2014-09-03 20:18 - 2013-06-16 23:24 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003Core.job
2014-09-03 18:49 - 2009-02-26 01:08 - 00032584 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-03 18:13 - 2014-09-03 18:13 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 16:35 - 2014-09-03 16:35 - 00001107 _____ () C:\Documents and Settings\Dan Popp\Desktop\MalwareBytes Scan 9-3-14.txt
2014-09-03 15:47 - 2014-07-07 15:07 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 15:44 - 2012-07-08 22:24 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-03 15:41 - 2014-07-29 20:04 - 00004090 _____ () C:\WINDOWS\setupapi.log
2014-09-03 15:41 - 2009-02-28 14:51 - 02094206 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-03 15:39 - 2013-10-01 14:30 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-651377827-839522115-1003.job
2014-09-03 15:38 - 2014-09-03 15:38 - 00001218 _____ () C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner[s0].txt
2014-09-03 15:37 - 2014-09-03 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2014-09-03 15:37 - 2014-09-03 09:57 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-09-03 15:37 - 2014-07-29 10:42 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-09-03 15:37 - 2013-02-14 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-03 15:37 - 2010-01-31 18:09 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 15:37 - 2009-02-26 01:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-03 15:37 - 2009-02-25 18:55 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-09-03 15:37 - 2009-02-25 18:55 - 00000048 ____C () C:\WINDOWS\wiaservc.log
2014-09-03 15:37 - 2003-07-16 11:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-03 15:36 - 2009-02-26 01:09 - 00000178 ___SH () C:\Documents and Settings\Dan Popp\ntuser.ini
2014-09-03 15:35 - 2014-09-03 15:25 - 00000000 ____D () C:\AdwCleaner
2014-09-03 15:23 - 2014-09-03 15:23 - 01370467 _____ () C:\Documents and Settings\Dan Popp\Desktop\AdwCleaner.exe
2014-09-03 14:53 - 2014-09-03 14:53 - 00001067 _____ () C:\Documents and Settings\Dan Popp\Desktop\JRT.txt
2014-09-03 14:40 - 2014-09-03 14:40 - 01016261 _____ (Thisisu) C:\Documents and Settings\Dan Popp\Desktop\JRT.exe
2014-09-03 11:59 - 2009-02-27 21:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\My Documents\Resumes
2014-09-03 11:15 - 2009-03-01 22:09 - 00048602 _____ () C:\Documents and Settings\Dan Popp\Application Data\wklnhst.dat
2014-09-03 00:14 - 2014-09-03 00:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-02 18:40 - 2014-04-27 23:54 - 00000000 ____D () C:\Documents and Settings\Dan Popp\My Documents\Quotes
2014-09-02 15:54 - 2014-01-02 03:53 - 00068608 _____ () C:\Documents and Settings\Dan Popp\My Documents\Lists - To-Get, CDs, Songs to Download, Unsure, Equalize - Borrowed Things.xls
2014-09-01 16:42 - 2014-09-01 16:33 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-01 16:41 - 2014-09-01 16:39 - 04857944 _____ () C:\Documents and Settings\Dan Popp\Desktop\RogueKiller.exe
2014-09-01 16:33 - 2014-09-01 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 16:30 - 2014-09-01 16:30 - 00001114 _____ () C:\Documents and Settings\Dan Popp\Desktop\MalwareBytes Scan 9-1-14.txt
2014-09-01 15:48 - 2011-09-23 22:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-09-01 11:41 - 2014-08-31 13:11 - 00001892 _____ () C:\Documents and Settings\Dan Popp\Desktop\Rkill.txt
2014-08-31 23:19 - 2014-08-31 23:18 - 00000000 ____D () C:\Program Files\ERUNT
2014-08-31 23:19 - 2012-05-19 16:44 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-08-31 23:18 - 2014-08-31 23:18 - 00000611 _____ () C:\Documents and Settings\Dan Popp\Desktop\NTREGOPT.lnk
2014-08-31 23:18 - 2014-08-31 23:18 - 00000592 _____ () C:\Documents and Settings\Dan Popp\Desktop\ERUNT.lnk
2014-08-31 23:18 - 2014-08-31 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-08-31 23:17 - 2014-08-31 23:17 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Dan Popp\Desktop\erunt-setup.exe
2014-08-31 21:42 - 2014-08-31 21:42 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Dan Popp\Desktop\rkill.exe
2014-08-29 16:57 - 2013-02-04 02:22 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\Spotify
2014-08-29 15:24 - 2013-02-04 02:25 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Spotify
2014-08-29 15:03 - 2014-08-10 21:15 - 00010610 _____ () C:\WINDOWS\wmsetup.log
2014-08-29 10:36 - 2009-02-26 01:09 - 00000000 ____D () C:\Documents and Settings\Dan Popp
2014-08-28 10:34 - 2014-08-08 10:28 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\WinPatrol
2014-08-27 00:01 - 2009-02-27 19:36 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-08-26 12:41 - 2014-08-26 11:57 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\youtube songs
2014-08-25 19:43 - 2013-03-13 19:02 - 00045568 _____ () C:\Documents and Settings\Dan Popp\My Documents\Workout Calendar.xls
2014-08-24 15:41 - 2013-10-01 14:30 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-651377827-839522115-1003.job
2014-08-23 13:27 - 2014-08-23 13:27 - 01204224 _____ () C:\Documents and Settings\Dan Popp\Desktop\bookmarksaug22.html
2014-08-16 14:22 - 2013-07-11 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-16 14:18 - 2009-03-02 21:52 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-15 13:02 - 2013-10-07 01:35 - 00000977 _____ () C:\Documents and Settings\Dan Popp\Desktop\Notes.txt
2014-08-15 10:14 - 2014-08-15 10:12 - 16631829 _____ () C:\Documents and Settings\Dan Popp\Desktop\facebook-danpopp92 as of August 14, 2014.zip
2014-08-14 23:24 - 2014-05-11 23:54 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\MP3Gain Test Songs
2014-08-14 13:51 - 2014-07-12 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-08-14 13:51 - 2014-07-12 17:59 - 00000000 ____D () C:\Program Files\mbar
2014-08-14 13:18 - 2014-07-07 13:27 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-08 19:34 - 2009-03-02 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-08-08 15:00 - 2014-03-16 13:27 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 10:44 - 2014-08-08 10:44 - 00015352 _____ () C:\Documents and Settings\Dan Popp\Desktop\IMG_18289871517457.jpeg
2014-08-07 22:18 - 2009-03-03 00:13 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\Essentials
2014-08-07 18:06 - 2014-08-07 18:06 - 00000000 ____D () C:\Program Files\Ruiware
2014-08-07 18:06 - 2014-08-07 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
2014-08-07 18:06 - 2013-02-07 04:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InstallMate
2014-08-07 18:05 - 2014-08-07 18:05 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-04 23:30 - 2013-03-15 16:17 - 00000561 _____ () C:\Documents and Settings\Dan Popp\My Documents\Phone #s.txt
2014-08-04 17:59 - 2014-08-04 17:55 - 00000637 _____ () C:\Documents and Settings\Dan Popp\Desktop\OpenCandy Removal.txt

Some content of TEMP:
====================
C:\Documents and Settings\Dan Popp\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Addition.txt

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Here's the results of the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-09-2014
Ran by Dan Popp at 2014-09-04 11:36:10 Run:1
Running from C:\Documents and Settings\Dan Popp\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Documents and Settings\Dan Popp\Desktop\Essentials\FreeYouTubeToMP3Converter.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
SearchScopes: HKCU - {D9840BA4-2A50-471F-8150-135CE1D0C4F4} URL = http://www.google.co...1I7GZAZ_enUS317
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ->  No File
BHO: No Name -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} ->  No File
BHO: No Name -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} ->  No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
S3 catchme; \??\C:\DOCUME~1\DANPOP~1\LOCALS~1\Temp\catchme.sys [X]
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003Core.job => C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003UA.job => C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
EmptyTemp:
Reboot:

*****************

C:\Documents and Settings\Dan Popp\Desktop\Essentials\FreeYouTubeToMP3Converter.exe => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9840BA4-2A50-471F-8150-135CE1D0C4F4}" => Key deleted successfully.
"HKCR\CLSID\{D9840BA4-2A50-471F-8150-135CE1D0C4F4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key deleted successfully.
"HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => Key deleted successfully.
"HKCR\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" => Key deleted successfully.
"HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} => value deleted successfully.
"HKCR\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262E}" => Key deleted successfully.
"HKCR\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}" => Key deleted successfully.
"HKCR\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully.
"HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => Key deleted successfully.
"HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => Key Deleted successfully.
JavaQuickStarterService => Service stopped successfully.
JavaQuickStarterService => Service deleted successfully.
catchme => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-651377827-839522115-1003UA.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.
EmptyTemp: => Removed 240.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Great, thanks.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Combofix was not able to open a file to scan it which is a bit odd. Let me have you run the following please.
 
 
Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Next:

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

  • Root Admin

If at all possible I would highly recommend to never reinstall Java unless you simply just cannot be without it. Very few sites require it and many sketchy ones that do want you to use it so they can try to infect you or do other things to your computer hopefully without your permission.

 

Thanks

Link to post
Share on other sites

  • 3 weeks later...

Hello again,

 

First off, I apologize that I haven't gotten around to this now.  I have been away and unable to do anything about this until today.  To begin with, I have uninstalled all versions of Java (as far as I'm aware).  I then ran JavaRa and it produced the following log:

 

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Oct 01 16:56:41 2014

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_18

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_20

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_21

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_23

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_24

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_26

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.6.0_29

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_04

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_05

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_07

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_09

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_11

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_13

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_15

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_17

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_21

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_25

Found and removed: C:\Documents and Settings\Dan Popp\Application Data\Sun\Java\jre1.7.0_51

Found and removed: Software\Classes\JavaPlugin.160_29

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SYSTEM\ControlSet001\Services\Eventlog\Application\JavaQuickStarterService

Found and removed: SYSTEM\ControlSet001\Services\JavaQuickStarterService

Found and removed: SOFTWARE\Classes\JavaPlugin.10512

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Oct 01 16:57:01 2014

------------------------------------

Finished reporting.


 

 

I also ran TDSSKiller, but it turned up no results.  Should I post the log anyway, and what should I do next?

 

On a side note, the "twitch" in my pc has returned.  When I try to open a new tab in my browser, (Firefox), it sometimes open two tabs at a time again.  The last time it started doing this, I had some sort of malware problem.  I don't know if it's a coincidence or what.

Link to post
Share on other sites

  • Root Admin

Okay let me have you run the following.

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

 

Then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs on your next reply.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

 

 

 

Next,

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Link to post
Share on other sites

Hi.  Well, it seemed that the twitch in opening windows has gone away now.  When I click to open a New Tab, it only opens one tab again, like it should.

 

Anyway, here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01
Ran by Dan Popp (administrator) on DANPOPP on 04-10-2014 13:42:05
Running from C:\Documents and Settings\Dan Popp\Desktop
Loaded Profile: Dan Popp (Available profiles: Dan Popp & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe
(Linksys) C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [storageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [534160 2013-02-10] (QFX Software Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2000478354-651377827-839522115-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Documents and Settings\Dan Popp\My Documents\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Dan Popp\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dan Popp\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: Microsoft Default Manager - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\DefaultManager@Microsoft [2013-08-01]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\donottrackplus@abine.com [2014-07-10]
FF Extension: MaskMe - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\idme@abine.com [2014-03-05]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-03-12]
FF Extension: Webmail Ad Blocker - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\gmailnoads@mywebber.com.xpi [2013-03-12]
FF Extension: Social Fixer - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\socialfixer@mattkruse.com.xpi [2014-01-31]
FF Extension: NoScript - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Dan Popp\Application Data\Mozilla\Firefox\Profiles\plobqh6y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-10]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-26]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-01]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-09-08]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-03-18]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed]
S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2010-03-04] ()
S4 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [215128 2010-09-18] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.)
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
U4 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X]
R2 WMP54GX4SVC; "C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe" "WMP54GX.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2009-02-26] (Meetinghouse Data Communications) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-06] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-06] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-06] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [208920 2013-02-06] (QFX Software Corporation)
R3 Linksys3P; C:\WINDOWS\System32\DRIVERS\TMIMO31P.sys [780800 2005-11-29] (Airgo Networks, Inc.)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 pohci13F; C:\Documents and Settings\Dan Popp\Local Settings\temp\pohci13F.sys [29696 2003-09-02] () [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
S3 catchme; \??\C:\DOCUME~1\DANPOP~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 13:42 - 2014-10-04 13:42 - 00017369 _____ () C:\Documents and Settings\Dan Popp\Desktop\FRST.txt
2014-10-04 13:40 - 2014-10-04 13:40 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\FRST-OlderVersion
2014-10-04 13:39 - 2014-10-04 13:40 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\previous frst scans
2014-10-04 11:50 - 2014-10-04 11:50 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-10-01 23:15 - 2014-10-02 21:51 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Start Menu\Programs\LucasArts
2014-10-01 21:48 - 2014-10-01 21:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\non-antimalware desktop files
2014-10-01 19:02 - 2014-09-08 11:38 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141001-190251.backup
2014-10-01 18:22 - 2014-10-01 18:22 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-10-01 18:22 - 2014-10-01 18:22 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-01 18:21 - 2014-10-01 23:23 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-10-01 18:21 - 2014-10-01 18:31 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-01 18:21 - 2014-10-01 18:21 - 00001836 _____ () C:\Documents and Settings\Dan Popp\Desktop\Spybot-S&D Start Center.lnk
2014-10-01 18:21 - 2014-10-01 18:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-01 18:21 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-10-01 17:18 - 2014-10-01 17:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Dan Popp\Desktop\tdsskiller.exe
2014-10-01 16:56 - 2014-10-01 16:57 - 00004656 _____ () C:\Documents and Settings\Dan Popp\Desktop\JavaRa.log
2014-10-01 16:52 - 2014-10-01 16:53 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Desktop\RemoveJava
2014-10-01 16:51 - 2014-10-01 16:51 - 00165800 _____ () C:\Documents and Settings\Dan Popp\Desktop\JavaRa-1.16-20-1-14.zip
2014-10-01 16:48 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2014-10-01 16:45 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-09-24 22:17 - 2014-09-24 22:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-09 09:10 - 2014-10-04 11:51 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-09-08 11:52 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll
2014-09-08 11:52 - 2012-06-02 15:18 - 00214256 _____ (Microsoft Corporation) C:\WINDOWS\system32\muweb.dll
2014-09-08 11:52 - 2012-06-02 15:18 - 00017136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui
2014-09-08 11:45 - 2014-09-09 09:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-09-08 11:45 - 2014-09-08 11:45 - 00014678 _____ () C:\ComboFix.txt
2014-09-08 11:45 - 2014-09-08 11:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-08 11:45 - 2014-09-08 11:45 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2014-09-08 11:18 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-09-08 11:18 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-09-08 11:18 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-09-08 11:18 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-09-08 11:18 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-09-08 11:18 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-09-08 11:18 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-09-08 11:18 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-09-08 11:18 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-09-08 11:17 - 2014-09-08 11:45 - 00000000 ____D () C:\Qoobox
2014-09-08 11:16 - 2014-09-08 11:16 - 05576440 ____R (Swearware) C:\Documents and Settings\Dan Popp\Desktop\ComboFix.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 13:42 - 2014-09-03 21:13 - 00000000 ____D () C:\FRST
2014-10-04 13:42 - 2014-07-28 12:55 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\temp
2014-10-04 13:40 - 2014-09-03 21:09 - 01100800 _____ (Farbar) C:\Documents and Settings\Dan Popp\Desktop\FRST.exe
2014-10-04 13:12 - 2012-07-08 22:24 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-04 12:49 - 2012-07-10 15:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-04 11:57 - 2009-02-28 14:51 - 01087509 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-04 11:54 - 2013-10-01 14:30 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-651377827-839522115-1003.job
2014-10-04 11:53 - 2013-10-01 14:30 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-651377827-839522115-1003.job
2014-10-04 11:51 - 2003-07-16 11:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-04 11:50 - 2009-02-26 01:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-04 11:50 - 2009-02-25 18:55 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-10-04 11:50 - 2009-02-25 18:55 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-10-03 23:58 - 2009-02-26 01:09 - 00000178 ___SH () C:\Documents and Settings\Dan Popp\ntuser.ini
2014-10-03 23:58 - 2009-02-26 01:08 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-03 21:21 - 2014-01-02 03:53 - 00072192 _____ () C:\Documents and Settings\Dan Popp\My Documents\Lists - To-Get, CDs, Songs to Download, Unsure, Equalize - Borrowed Things.xls
2014-10-03 18:19 - 2009-06-15 00:19 - 00098304 _____ (Sony DADC Austria AG.) C:\WINDOWS\system32\CmdLineExt.dll
2014-10-03 17:21 - 2014-08-10 21:15 - 00021491 _____ () C:\WINDOWS\wmsetup.log
2014-10-03 15:48 - 2013-05-23 17:36 - 00000000 ____D () C:\Program Files\Steam
2014-10-03 15:22 - 2009-03-01 22:09 - 00048250 _____ () C:\Documents and Settings\Dan Popp\Application Data\wklnhst.dat
2014-10-02 22:22 - 2014-07-29 20:04 - 00006916 _____ () C:\WINDOWS\setupapi.log
2014-10-02 21:36 - 2009-03-02 23:52 - 00000000 ____D () C:\Program Files\LucasArts
2014-10-02 21:36 - 2009-02-26 01:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-01 22:48 - 2009-02-28 16:19 - 00000000 ____D () C:\Program Files\EA GAMES
2014-10-01 22:08 - 2009-02-28 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EA GAMES
2014-10-01 19:01 - 2009-03-02 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-09-30 16:06 - 2014-07-12 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-09-30 16:06 - 2014-07-12 17:59 - 00000000 ____D () C:\Program Files\mbar
2014-09-30 15:36 - 2014-07-07 15:07 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-30 15:35 - 2014-07-07 13:27 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-30 00:00 - 2009-02-26 01:09 - 00000000 ____D () C:\Documents and Settings\Dan Popp
2014-09-29 15:48 - 2011-09-23 22:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-09-29 10:11 - 2009-02-27 19:36 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-09-26 09:43 - 2013-02-14 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 19:08 - 2009-02-27 21:50 - 00000000 ____D () C:\Documents and Settings\Dan Popp\My Documents\Resumes
2014-09-23 19:49 - 2012-07-10 15:43 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-23 19:49 - 2011-06-01 18:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-14 00:13 - 2013-02-04 02:22 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Application Data\Spotify
2014-09-13 23:45 - 2013-02-04 02:25 - 00000000 ____D () C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Spotify
2014-09-11 21:44 - 2013-07-11 13:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 21:36 - 2009-03-02 21:52 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-09 11:03 - 2009-02-25 18:53 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-08 19:21 - 2009-02-26 01:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-08 11:53 - 2009-02-26 01:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-09-08 11:39 - 2003-07-16 11:41 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-08 11:17 - 2012-05-19 16:44 - 00000000 ____D () C:\WINDOWS\ERDNT

Some content of TEMP:
====================
C:\Documents and Settings\Dan Popp\Local Settings\temp\CmdLineExt03.dll
C:\Documents and Settings\Dan Popp\Local Settings\temp\SecuExp.exe
C:\Documents and Settings\Dan Popp\Local Settings\temp\SIntf16.dll
C:\Documents and Settings\Dan Popp\Local Settings\temp\SIntf32.dll
C:\Documents and Settings\Dan Popp\Local Settings\temp\SIntfNT.dll
C:\Documents and Settings\Dan Popp\Local Settings\temp\Uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-10-2014 01
Ran by Dan Popp at 2014-10-04 13:43:19
Running from C:\Documents and Settings\Dan Popp\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 1942 (HKLM\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
BF1942 Transformers Mod Version 2.0 Full Client (HKLM\...\BF1942 Transformers Mod Version 2.0 Full Client) (Version:  - )
BFE-WaW Map Pack #1 (HKLM\...\BFE-WaW Map Pack #1) (Version:  - )
Brother HL-2140 (HKLM\...\{6BFE96F1-BE26-4FC5-965D-5CED037DE3E9}) (Version: 1.00 - Brother)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.2.0.13 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.6.0.27 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Celtx (2.9) (HKLM\...\Celtx (2.9)) (Version: 2.9 (en-US) - Greyfirst)
Command & Conquer Red Alert 2 (HKLM\...\Red Alert 2) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Forgotten Hope FAN MAPPACK V6.0 (HKLM\...\Forgotten Hope FAN MAPPACK) (Version: V6.0 - Forgotten Hope Mod Team)
Forgotten Hope Fanmappack 4.0 (HKLM\...\Forgotten Hope Fanmappack) (Version: 4.0 - Forgotten Hope Mod Team)
Free YouTube to MP3 Converter version 3.12.29.304 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gpg4win (2.1.0) (HKLM\...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.0.2.1 - QFX Software Corporation)
LucasArts' Rogue Squadron (HKLM\...\LucasArts' Rogue Squadron) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Default Manager (Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (HKLM\...\IDNMitigationAPIs) (Version:  - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (HKLM\...\NLSDownlevelMapping) (Version:  - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.126.0 - Microsoft Corporation) Hidden
Microsoft UI Engine (Version: 4.0.0318.1 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (HKLM\...\Works2004Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{33BEE6F3-9987-4F98-A069-97A64EC8321A}) (Version: 7.0.0.0000 - Microsoft Corporation)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - Taleworlds Entertainment)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN Toolbar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0401.0 - Microsoft Corporation)
MSN Toolbar Platform (Version: 4.0.0401.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA Control Panel 260.99 (Version: 260.99 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.0.14.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.36 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13065 - NVIDIA Corporation) Hidden
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.3 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.80 - Sonic Solutions)
Sound Blaster Live! (HKLM\...\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars - Jedi Knight II: Jedi Outcast (HKLM\...\Steam App 6030) (Version:  - Raven Software)
Star Wars Galactic Battlegrounds: Saga (HKLM\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version:  - )
Star Wars Jedi Knight Jedi Academy (HKLM\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )
Star Wars® Knights of the Old Republic® II: The Sith Lords (HKLM\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Star Wars®: Knights of the Old Republic (HKLM\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TGW 0.15 (HKLM\...\TGW 0.15) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wireless-G PCI Adapter with SRX400 (HKLM\...\{201C78EE-ED2D-4A50-8187-02812063DFA9}) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.d (the data entry has 10 more characters).
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2000478354-651377827-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Dan Popp\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll (the data entry has 8 more characters).

==================== Restore Points  =========================

05-09-2014 01:51:28 System Checkpoint
06-09-2014 23:33:53 System Checkpoint
07-09-2014 23:48:52 System Checkpoint
08-09-2014 04:45:43 Software Distribution Service 3.0
08-09-2014 17:40:29 Software Distribution Service 3.0
09-09-2014 15:56:04 Software Distribution Service 3.0
10-09-2014 19:00:54 System Checkpoint
11-09-2014 19:25:35 System Checkpoint
12-09-2014 02:36:10 Software Distribution Service 3.0
13-09-2014 04:07:19 System Checkpoint
14-09-2014 16:54:04 System Checkpoint
15-09-2014 16:54:40 System Checkpoint
16-09-2014 18:03:42 System Checkpoint
17-09-2014 18:25:04 System Checkpoint
18-09-2014 20:06:41 System Checkpoint
19-09-2014 23:54:21 System Checkpoint
21-09-2014 23:00:15 System Checkpoint
22-09-2014 23:30:46 System Checkpoint
24-09-2014 00:09:51 System Checkpoint
25-09-2014 00:49:19 System Checkpoint
26-09-2014 01:49:41 System Checkpoint
27-09-2014 03:06:35 System Checkpoint
28-09-2014 19:18:24 System Checkpoint
29-09-2014 21:25:11 System Checkpoint
30-09-2014 22:55:31 System Checkpoint
01-10-2014 14:50:53 Configured Wings of War
01-10-2014 14:53:32 Removed Alcohol 120% (Trial Version)
01-10-2014 17:49:39 Removed Microsoft Silverlight
01-10-2014 21:44:30 Removed Java 7 Update 45
01-10-2014 21:45:44 Removed Java 6 Update 22
01-10-2014 21:46:58 Removed Java 6 Update 19
01-10-2014 21:48:47 Removed JavaFX 2.1.1
02-10-2014 04:18:08 Installed Star Wars®: Knights of the Old Republic
02-10-2014 04:20:30 Removed Star Wars®: Knights of the Old Republic
02-10-2014 14:42:45 Revo Uninstaller's restore point - Star Wars®: Knights of the Old Republic
03-10-2014 02:21:10 Installed Star Wars®: Knights of the Old Republic
03-10-2014 02:27:11 Revo Uninstaller's restore point - Star Wars®: Knights of the Old Republic
03-10-2014 02:27:40 Removed Star Wars®: Knights of the Old Republic
03-10-2014 02:36:40 Installed Star Wars®: Knights of the Old Republic

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-07-16 11:23 - 2014-10-01 19:02 - 00449906 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-651377827-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-651377827-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2010-03-08 01:30 - 2010-08-26 01:12 - 00555624 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2009-06-13 18:16 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2010-02-01 15:01 - 2014-07-06 13:11 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-10-04 11:56 - 2014-10-04 11:56 - 02859008 _____ () C:\Program Files\Alwil Software\Avast5\defs\14100400\algo.dll
2011-03-02 10:20 - 2011-03-02 10:20 - 00224256 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2011-03-02 10:16 - 2011-03-02 10:16 - 00208384 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2011-03-02 10:13 - 2011-03-02 10:13 - 00048640 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2011-03-02 10:11 - 2011-03-02 10:11 - 00038400 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2011-03-02 10:16 - 2011-03-02 10:16 - 00073216 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2011-03-02 10:17 - 2011-03-02 10:17 - 00603136 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-11.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-01 18:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-01 18:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-01 18:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-01 18:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-01 18:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-02-26 01:16 - 2005-09-02 09:25 - 00045056 _____ () C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\Security.dll
2009-02-26 01:16 - 2005-04-26 13:43 - 00110592 _____ () C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\GEMWEP.DLL
2009-02-26 01:16 - 2005-12-02 17:11 - 00438272 _____ () C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\Airgo.DLL
2009-02-26 01:16 - 2003-10-13 16:30 - 00094208 _____ () C:\WINDOWS\system32\GTW32N50.DLL
2013-12-06 20:16 - 2014-07-06 13:11 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78378790.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78378790.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2000478354-651377827-839522115-500 - Administrator - Enabled)
Dan Popp (S-1-5-21-2000478354-651377827-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dan Popp
Guest (S-1-5-21-2000478354-651377827-839522115-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-2000478354-651377827-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2000478354-651377827-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2014 01:32:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/04/2014 01:32:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/04/2014 01:31:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/04/2014 01:31:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/03/2014 11:24:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/03/2014 11:24:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/04/2014 11:50:28 AM) (Source: 0) (EventID: 5002) (User: )
Description: Wireless-G PCI Adapter with SRX400

Error: (10/03/2014 10:34:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.


Microsoft Office Sessions:
=========================
Error: (10/04/2014 01:32:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (10/04/2014 01:32:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (10/04/2014 01:31:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (10/04/2014 01:31:21 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (10/04/2014 11:50:21 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (10/03/2014 11:24:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (10/03/2014 11:24:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 44%
Total physical RAM: 1407 MB
Available physical RAM: 778.61 MB
Total Pagefile: 2413.11 MB
Available Pagefile: 1934.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.46 GB) (Free:10.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive h: () (Removable) (Total:14.9 GB) (Free:2.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/4/2014
Scan Time: 6:22:14 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.04.12
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Dan Popp

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327793
Time Elapsed: 29 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

So how is the computer running now?

 

Are there still any signs of an infection?

 

I notice you're still on Internet Explorer Version 6 - I would highly suggest trying to update  to Internet Explorer Version 8 for better protection even if you don't use IE as your main browser.

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

So far, everything has been running normally.  I tried to update Internet Explorer, but Microsoft's site would not let me, saying that Internet Explorer 8 would not run on my computer, as I have the 32-bit version of Windows XP.  That struck me as strange because I thought I was able to run IE8 before, but none of the versions that came out after that.

 

Is there any risk if I never use Internet Explorer at all?  I haven't been using it for anything.  I've been using only Firefox for the last year and a half or so.

And I hope I didn't throw anything off by not re-setting Firefox.  I just didn't want to lose all my add-ons that I have found to be very useful. 

 

I just ran SecurityCheck.exe, here are the log results:

 

 Results of screen317's Security Check version 0.99.88  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 MVPS Hosts File  
 Spybot - Search & Destroy
 CCleaner     
 Adobe Flash Player     15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````
 WinPatrol winpatrol.exe
Spybot Teatimer.exe is disabled!
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
 Ruiware WinPatrol winpatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

Well as long as everything is still working how you want it and no signs of an infection then you should be okay.

It looks like Microsoft no longer offers Internet Explorer 8 for XP as they have discontinued support for XP. You can still get it from Filhippo though it looks like. I'd recommend trying to install it if you're going to try to hang onto XP still.

Internet Explorer 8.0 for XP via Filehippo

Also since you're running an older non supported Operating System you may want to take a look at another product we have that can help to protect Windows XP from exploits as Microsoft will no longer update it even for security issues.

MBAE Exploits How they work

Malwarebytes Anti-Exploit in action

Product information for Malwarebytes Anti-Exploit

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.