Jump to content

keep getting redirected when doing searches web sites like adultube.su


chowe

Recommended Posts

Hi help required

I've downloaded what looks to be the trail version of malware and ran but still have a problem.

Everytime i load a website with a search facility to find what you want on that site as soon as i click on it i have another page open and have been redirected to site like adultube.su, i've tried uninstalling chrome and reinstalling with no affect.

Malware also constantly has message of website being blooked outbound 91.212.124.174

 

I've posted to two results from farbar below

many thanks

Chowe

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by User (administrator) on USER-8C0CE49A8D on 05-02-2015 12:45:47
Running from C:\Documents and Settings\User\My Documents\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.adobe.com)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 2147344384.2147340288.1342568.1244472 - Audible, Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bluetooth Stack for Windows by Technika (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v3.03.13© - )
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Creative ZEN V Series (R2) (HKLM\...\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}) (Version: 1.0 - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-299502267-1935655697-682003330-1004\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
eLecta Live Virtual Room 7.0 (HKLM\...\{4FACB22F-171F-4BA8-8DF5-06650E2C2F85}_is1) (Version: 7.0 - ELECTA COMMUNICATIONS LTD)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESC48 User's Guide (HKLM\...\ESC48 User's Guide) (Version:  - )
EssentialPIM (HKLM\...\EssentialPIM) (Version: 3.53 - )
FileZilla Client 3.3.2 (HKLM\...\FileZilla Client) (Version: 3.3.2 - )
FinePixViewer Ver.4.0 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version:  - )
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 4.5.0.457 (HKU\S-1-5-21-299502267-1935655697-682003330-1004\...\GoToMeeting) (Version:  - )
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
ImageMixer VCD for FinePix (HKLM\...\{D3AA158A-9421-4883-8767-E771B0964A1D}) (Version:  - )
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
InterVideo DeviceService (HKLM\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
InterVideo WinDVD 4 (HKLM\...\{98E8A2EF-4EAE-43B8-A172-74842B764777}) (Version:  - InterVideo Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Java SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
jZip (HKLM\...\jZip) (Version:  - Discordia Limited.)
LightScribe System Software  1.12.29.2 (HKLM\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - http://www.lightscribe.com)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Money (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Photo Premium 10 (HKLM\...\PictureItPrem_v10) (Version: 10.0.0706 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
MicroStaff WINASPI NT (HKLM\...\MWASPINT) (Version:  - )
Mozilla Thunderbird (3.1.17) (HKLM\...\Mozilla Thunderbird (3.1.17)) (Version: 3.1.17 (en-US) - Mozilla)
MP3 Player Recovery Tool (HKLM\...\MP3 Player Recovery Tool_is1) (Version: 2.0.0.5 - Creative Labs)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nikon File Uploader 2 (HKLM\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.00.0001 - Nikon)
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nokia Connectivity Cable Driver (HKLM\...\{11964613-805F-432D-A12B-169554B793E7}) (Version: 6.84.4.0 - Nokia)
Nokia PC Suite (HKLM\...\InstallShield_{1267949C-73FC-4692-AA22-176F5E909647}) (Version: 6.50.12 - Nokia)
Nokia PC Suite (Version: 6.50.12 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{57CEA991-6F11-4E7E-B67C-2F02168CED6B}) (Version: 01.04.014.30155 - Nokia Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Olympus Digital Wave Player (HKLM\...\{FB91E774-867B-4567-ACE7-8144EF036068}) (Version:  - )
Orange Toolbar (HKLM\...\OrangeToolbarUK) (Version: 1.0 - France Telecom SA)
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.0 - Nikon)
Platform (Version: 1.12 - VIA Technologies, Inc.) Hidden
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.3.01.09273 - Sony Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - CyberLink Corporation)
ProPlan 5 (HKLM\...\ProPlan 5) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (HKLM\...\Rapport_msi) (Version: 3.5.1008.49 - Trusteer)
Rapport (Version: 3.5.1008.49 - Trusteer) Hidden
RAW FILE CONVERTER LE (HKLM\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Runtime 8.0 Libraries (HKLM\...\{EA4FA30B-7321-4428-90E9-28B088EC8DC9}) (Version: 1.0.0.0 - Microsoft)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (HKLM\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG SYMBIAN USB Download Driver (HKLM\...\{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}) (Version: 1.1.808.7165 - SAMSUNG Electronics CO,.LTD)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Link 56K Voice Modem (HKLM\...\SLAMRNTV) (Version:  - )
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB2.0 PC Camera (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.5.8.17(MT9v111) - )
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.12 - VIA Technologies, Inc.)
VIA Vinyl Audio Codecs Driver Setup Program (HKLM\...\VIA Vinyl Audio Codecs Driver Setup Program) (Version:  - )
VIA/S3G Display Driver (HKLM\...\VIA/S3G UniChrome Family Win2K/XP/Server2003 Display) (Version:  - )
ViewNX 2 (HKLM\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.1 - Nikon)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 8.0.7.26 - Webroot)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
World of Tanks (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version:  - Wargaming.net)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )
ZENcast Organizer (HKLM\...\ZENcast Organizer) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-1935655697-682003330-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll N (the data entry has 6 more characters).
 
==================== Restore Points  =========================
 
11-11-2014 19:21:34 System Checkpoint
15-11-2014 18:52:43 Software Distribution Service 3.0
19-11-2014 21:53:58 System Checkpoint
22-11-2014 09:31:18 System Checkpoint
23-11-2014 12:00:49 System Checkpoint
26-11-2014 10:54:38 System Checkpoint
29-11-2014 20:51:22 System Checkpoint
04-12-2014 21:19:14 System Checkpoint
15-12-2014 20:02:39 Software Distribution Service 3.0
17-12-2014 18:18:58 System Checkpoint
18-12-2014 21:13:12 System Checkpoint
30-12-2014 16:04:22 System Checkpoint
07-01-2015 20:31:22 System Checkpoint
15-01-2015 08:09:23 Software Distribution Service 3.0
18-01-2015 12:09:44 System Checkpoint
22-01-2015 08:52:01 System Checkpoint
23-01-2015 14:22:32 System Checkpoint
01-02-2015 18:53:19 System Checkpoint
04-02-2015 18:30:59 Removed Google SketchUp Viewer
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1935655697-682003330-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1935655697-682003330-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{12C0EB2C-E7A0-403E-A2C8-98AE8AA8C753}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_USER-8C0CE49A8D_User.job => C:\WINDOWS\system32\mobsync.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-02-21 16:33 - 2010-02-21 16:33 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-08-04 12:00 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2009-12-08 09:41 - 2008-09-09 10:01 - 00283680 _____ () C:\WINDOWS\system32\prntjpg.dll
2004-07-20 16:04 - 2004-07-20 16:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-07 18:12 - 2014-05-28 04:57 - 00036864 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2014-02-07 18:12 - 2014-05-28 04:58 - 14937600 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
2014-02-07 18:12 - 2014-05-28 04:58 - 00594944 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
2014-02-07 18:12 - 2014-05-28 04:57 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
2014-02-07 15:34 - 2014-02-07 15:34 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2004-09-22 09:09 - 2004-09-22 09:09 - 00065536 _____ () C:\WINDOWS\system32\TosCommAPI.dll
2003-07-29 14:33 - 2003-07-29 14:33 - 00061440 _____ () C:\WINDOWS\system32\TosHidAPI.dll
2004-10-01 13:13 - 2004-10-01 13:13 - 00045056 _____ () C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll
2008-06-11 18:21 - 2004-06-21 09:14 - 00053248 _____ () C:\WINDOWS\system32\OdiAPI.dll
2008-06-11 18:21 - 2005-07-30 20:00 - 00114688 _____ () C:\WINDOWS\system32\OdiOlDVR.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00750080 _____ () C:\Documents and Settings\User\Application Data\Dropbox\bin\libGLESv2.dll
2015-02-05 11:04 - 2015-02-05 11:04 - 00043008 _____ () c:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkq6mdn.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00047616 _____ () C:\Documents and Settings\User\Application Data\Dropbox\bin\libEGL.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00863744 _____ () C:\Documents and Settings\User\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00200704 _____ () C:\Documents and Settings\User\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
2004-08-04 12:00 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2015-02-04 18:35 - 2015-01-27 03:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-04-13 09:59 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-13 09:59 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-02-04 18:35 - 2015-01-27 03:44 - 14913864 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:70F0A2F4
AlternateDataStreams: C:\Documents and Settings\User\My Documents\Greeting Card1.png:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\User\My Documents\Greeting Card1.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-299502267-1935655697-682003330-1004\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-299502267-1935655697-682003330-1004\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-299502267-1935655697-682003330-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk => C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AudioDeck => C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NPSStartup => 
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RaidTool => C:\Program Files\VIA\RAID\raid_tool.exe
MSCONFIG\startupreg: REGSHAVE => C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe
MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
MSCONFIG\startupreg: VTTimer => VTTimer.exe
MSCONFIG\startupreg: VTTrayp => VTtrayp.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-299502267-1935655697-682003330-500 - Administrator - Enabled)
Guest (S-1-5-21-299502267-1935655697-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-1935655697-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-1935655697-682003330-1002 - Limited - Disabled)
User (S-1-5-21-299502267-1935655697-682003330-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User
 
==================== Faulty Device Manager Devices =============
 
Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Communications Port (COM2)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/04/2015 07:10:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/02/2015 09:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/02/2015 09:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/02/2015 08:32:35 PM) (Source: PDH) (EventID: 2011) (User: )
Description: 
 
Error: (01/21/2015 08:25:01 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.
 
Error: (11/26/2014 05:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/26/2014 05:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/26/2014 05:44:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/23/2014 05:41:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application componentlauncher.exe, version 3.2.0.12228, faulting module imagelibrary.dll, version 3.2.0.12228, fault address 0x0006f6c0.
Processing media-specific event for [componentlauncher.exe!ws!]
 
Error: (11/22/2014 03:44:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (02/05/2015 11:03:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (02/04/2015 06:13:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/02/2015 08:38:05 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 100000c5, parameter1 00000001, parameter2 00000002, parameter3 00000000, parameter4 805447b2.
 
Error: (12/11/2014 10:43:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: 
%%1056
 
Error: (12/11/2014 10:43:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/28/2014 06:25:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error: 
%%1053
 
Error: (11/28/2014 06:25:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
 
Error: (11/24/2014 07:53:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: 
%%1056
 
Error: (11/24/2014 07:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/23/2014 00:14:54 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (02/04/2015 07:10:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (02/02/2015 09:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (02/02/2015 09:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (02/02/2015 08:32:35 PM) (Source: PDH) (EventID: 2011) (User: )
Description: 
 
Error: (01/21/2015 08:25:01 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)
 
Error: (11/26/2014 05:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (11/26/2014 05:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (11/26/2014 05:44:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (11/23/2014 05:41:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: componentlauncher.exe3.2.0.12228imagelibrary.dll3.2.0.122280006f6c0
 
Error: (11/22/2014 03:44:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE10.0.6866.0hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron Processor 2800+
Percentage of memory in use: 89%
Total physical RAM: 1535.48 MB
Available physical RAM: 164.91 MB
Total Pagefile: 2921.18 MB
Available Pagefile: 1359.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.1 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:76.32 GB) (Free:6.4 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.3 GB) (Disk ID: E857E857)
Partition 1: (Active) - (Size=76.3 GB) - (Type=07 NTFS)
 
==================== End Of Log =======
Link to post
Share on other sites

Hello and welcome!

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

windows_xp_logo.jpg Windows XP notes

I've noticed that you're a Windows XP user. I need to tell you that my canned speeches (texts I use to present instructions) are designed for newer systems in first place. Therefore, whenever you will see a request to Run as Administrator, please ignore it and instead run the tool just by a double-click on the aforementioned icon.

warning.gif Windows XP end of support warning!

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft.

Any patches, updates or security releases are ceased for this System.

This is just an information for you if not aware.

My recommendation would be to start thinking about replacing it with some newer edition, like Windows Vista, Windows 7 or Windows 8.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

Thanks for your above reply post

 

I did look up between postings on google and found a suggestion to reset chrome settings / default browser / in advance setting / reset settings

 

which seem to have solved the problem in both Chrome and internet explorer browsers, but i also ran the malware again with the rootkits box checked as you suggested for which it picked uyp two trojans which should be on log attached for which i applied action to as asked.

 

so computer seems fine with no re-directions happening now

 

Many thanks for your help, i will llook to see if you reply with anything else that should be done, and YES i do definately  need to get another computer with updated running system other than unsupported xp

 

Chowe

malware scan.txt

Link to post
Share on other sites

Hi, 

 

This looks to me more like a router infection. That means the router is hacked and your traffic will be redirected every time that you are connecting using it. My best shot here will be to reset the router and change the admin password.

 

Bare in mind that default login/passwords are very common and hackers just love to abuse them. If you want to be secured, you just need to change them.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.