Jump to content

Malwarebytes broken part 2


Recommended Posts

Originally posted at https://forums.malwarebytes.org/index.php?/topic/169928-malwarebytes-broken/

 

FRST.txt and Addition.txt below as suggested by 1PW

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by ME (administrator) on SPIKE on 30-06-2015 12:49:47
Running from C:\Documents and Settings\ME\Desktop
Loaded Profiles: ME (Available Profiles: ME)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Coupons.com Inc.) C:\Program Files\Coupon Printer\CouponPrinterService.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd.) C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [CTStartup] => C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE [28672 2001-09-15] (Creative Technology Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5535048 2015-05-27] (Avast Software s.r.o.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\Run: [TaskTray] => C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe [163840 2001-06-29] (Creative Technology Ltd.)
HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\Run: [Taskbar] => C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe [122880 2001-09-20] (Creative Technology Ltd)
HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\MountPoints2: {0397e4e0-48a1-11e4-8e76-00173fd00806} - F:\TotalLock.exe
HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\MountPoints2: {9f9bc9b0-489e-11e4-8e75-00173fd00806} - F:\TotalLock.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\ME\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\ME\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\ME\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\ME\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1078081533-839522115-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://o2wirelessbox.lan/login.lp
HKU\S-1-5-21-1078081533-839522115-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1078081533-839522115-1343024091-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1078081533-839522115-1343024091-1004 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1078081533-839522115-1343024091-1004 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-02] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-27] (Avast Software s.r.o.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-02] (Oracle Corporation)
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} file://D:\Resources\IntraLaunch.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E1C9F27F-680B-4AF2-BB35-FCFD4305A2B8}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default
FF DefaultSearchEngine: Microsoft (Bing)
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://192.168.0.1/sky_router_status.html
FF Keyword.URL: hxxp://www.bing.com/search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-02] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1078081533-839522115-1343024091-1004: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll No File
FF user.js: detected! => C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default\user.js [2015-01-14]
FF SearchPlugin: C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default\searchplugins\bing-avast.xml [2014-06-19]
FF SearchPlugin: C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default\searchplugins\zonealarm.xml [2015-01-14]
FF Extension: zonealarm.com - C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default\Extensions\ffxtlbr@zonealarm.com [2015-01-14]
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default\Extensions\https-everywhere@eff.org [2015-05-30]
FF Extension: WOT - C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-30]
FF Extension: PriceBlink - C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default\Extensions\info@priceblink.com.xpi [2013-09-30]
FF Extension: Cookie Controller - C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\arfzf0lb.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2013-10-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-27]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-27] (Avast Software s.r.o.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 CouponPrinterService; C:\Program Files\Coupon Printer\CouponPrinterService.exe [1051632 2015-05-18] (Coupons.com Inc.) <==== ATTENTION
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2013-07-02] (Oak Technology Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-27] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-27] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-27] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-27] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-27] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-27] ()
R3 ctac32k; C:\WINDOWS\System32\drivers\ctac32k.sys [110084 2001-09-11] (Creative Technology Ltd) [File not signed]
R3 ctprxy2k; C:\WINDOWS\System32\drivers\ctprxy2k.sys [11036 2001-09-11] (Creative Technology Ltd) [File not signed]
R3 ctsfm2k; C:\WINDOWS\System32\drivers\ctsfm2k.sys [207648 2001-09-11] (Creative Technology Ltd) [File not signed]
R3 emu10kx; C:\WINDOWS\System32\drivers\e10kx2k.sys [1757928 2001-10-02] (Creative Technology Ltd)
R3 emupia; C:\WINDOWS\System32\drivers\emupia2k.sys [154284 2001-09-11] (Creative Technology Ltd) [File not signed]
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2007-10-25] () [File not signed]
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13368 2015-06-02] (SlimWare Utilities, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [534024 2014-08-13] (Check Point Software Technologies Ltd.)
S3 eapihdrv; \??\C:\DOCUME~1\ME\LOCALS~1\Temp\ehdrv.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S3 MSICDSetup; \??\E:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 12:49 - 2015-06-30 12:50 - 00016318 _____ C:\Documents and Settings\ME\Desktop\FRST.txt
2015-06-30 12:49 - 2015-06-30 12:50 - 00000000 ____D C:\FRST
2015-06-30 12:48 - 2015-06-30 12:48 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\ME\Desktop\mbam-check-2.1.1.1001.exe
2015-06-30 12:47 - 2015-06-30 12:47 - 01636352 _____ (Farbar) C:\Documents and Settings\ME\Desktop\FRST.exe
2015-06-29 17:37 - 2015-06-30 12:19 - 03778236 _____ C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-00531102}.BAK
2015-06-29 17:35 - 2015-06-29 17:35 - 00013880 _____ C:\Documents and Settings\ME\My Documents\cc_20150629_173520.reg
2015-06-28 14:06 - 2015-06-28 20:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-24 14:11 - 2015-06-24 14:11 - 00604656 ____R (Couponstar LTD) C:\WINDOWS\system32\cpnprtukwin32.cid
2015-06-24 14:11 - 2015-06-24 14:11 - 00473584 ____R (Coupons, Inc.) C:\WINDOWS\system32\cpnprt2win32.cid
2015-06-24 14:11 - 2015-06-24 14:11 - 00000000 ____D C:\Program Files\Coupon Printer
2015-06-24 14:10 - 2015-06-24 14:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Coupon Printer
2015-06-21 15:25 - 2015-06-21 18:50 - 00000000 ____D C:\Documents and Settings\ME\My Documents\Eset
2015-06-10 14:03 - 2015-06-10 14:03 - 00027442 _____ C:\Documents and Settings\ME\My Documents\cc_20150610_140312.reg
2015-06-07 16:35 - 2015-06-07 16:35 - 00000000 ____D C:\Documents and Settings\ME\My Documents\ssp2015sm
2015-06-07 16:09 - 2015-06-07 16:09 - 00000000 _____ C:\WINDOWS\hpqEmlSz.INI
2015-06-07 15:42 - 2015-06-07 16:22 - 00000191 _____ C:\Documents and Settings\ME\My Documents\DPE.DUS
2015-06-06 19:35 - 2015-06-06 19:35 - 02359350 _____ C:\Documents and Settings\ME\My Documents\BTUKLocal&National.bmp
2015-06-02 11:32 - 2015-06-02 11:32 - 00000000 ____D C:\Program Files\Common Files\Java

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 12:50 - 2013-07-02 12:33 - 00000000 ____D C:\Documents and Settings\ME\Local Settings\Temp
2015-06-30 12:28 - 2013-07-02 19:21 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-06-30 12:28 - 2013-07-02 19:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-06-30 12:27 - 2015-05-27 15:19 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-30 12:24 - 2013-07-02 14:24 - 01460804 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-30 12:21 - 2013-07-02 12:36 - 00088566 _____ C:\WINDOWS\system32\nvapps.xml
2015-06-30 12:20 - 2013-07-02 22:03 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-30 12:20 - 2013-07-02 22:03 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-06-30 12:20 - 2013-07-02 12:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-30 12:19 - 2014-05-20 16:18 - 03778236 _____ C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-00531102}.CDF
2015-06-30 12:19 - 2014-05-20 16:17 - 00000024 _____ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000004-00531102}.dat
2015-06-30 12:19 - 2014-05-20 16:17 - 00000024 _____ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-00531102}.dat
2015-06-30 12:19 - 2013-07-02 13:38 - 00001072 _____ C:\WINDOWS\system32\settingsbkup.sfm
2015-06-30 12:19 - 2013-07-02 13:38 - 00001072 _____ C:\WINDOWS\system32\settings.sfm
2015-06-30 12:19 - 2013-07-02 12:33 - 00000278 ___SH C:\Documents and Settings\ME\ntuser.ini
2015-06-30 12:19 - 2013-07-02 12:33 - 00000000 ____D C:\Documents and Settings\ME
2015-06-30 12:19 - 2013-07-02 12:31 - 00032408 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-30 12:04 - 2013-07-03 16:15 - 00025600 _____ C:\Documents and Settings\ME\My Documents\zzzzzz.xls
2015-06-30 11:39 - 2015-01-01 15:28 - 00000000 ____D C:\WINDOWS\pss
2015-06-30 11:23 - 2013-07-03 10:07 - 00002441 _____ C:\Documents and Settings\ME\Desktop\HiJackThis.lnk
2015-06-30 11:19 - 2013-07-02 12:31 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-06-30 11:19 - 2001-08-18 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-30 00:00 - 2015-05-05 10:52 - 00000000 ____D C:\Documents and Settings\ME\Application Data\vlc
2015-06-29 15:43 - 2015-04-08 00:43 - 00000000 ____D C:\Program Files\RouterStats-Lite
2015-06-28 20:47 - 2013-09-30 16:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-26 20:06 - 2013-07-03 16:12 - 00000000 ____D C:\Documents and Settings\ME\My Documents\TCBQ
2015-06-26 15:19 - 2015-05-27 15:19 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-24 23:57 - 2015-05-19 09:14 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-24 23:57 - 2015-05-19 09:14 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-24 14:11 - 2014-01-23 19:25 - 00000082 ____H C:\WINDOWS\WindowsShellUK.Manifest
2015-06-24 14:11 - 2014-01-23 19:25 - 00000031 ____H C:\WINDOWS\UKCpInfo.sys
2015-06-19 16:25 - 2013-07-02 13:03 - 00000000 ____D C:\WINDOWS\Help
2015-06-13 08:00 - 2015-05-02 15:00 - 00000000 ____D C:\Documents and Settings\ME\Application Data\Valassis
2015-06-10 11:33 - 2013-07-02 20:19 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-06-10 11:33 - 2013-07-02 20:19 - 00000000 ____D C:\Program Files\CCleaner
2015-06-10 09:17 - 2013-07-09 21:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 09:00 - 2013-07-02 14:39 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 23:23 - 2015-04-29 23:31 - 00325504 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-06-08 18:49 - 2013-07-11 10:37 - 00000000 ____D C:\Documents and Settings\ME\Application Data\ZoomBrowser EX
2015-06-07 16:22 - 2001-08-18 13:00 - 00000709 _____ C:\WINDOWS\win.ini
2015-06-07 16:13 - 2013-07-02 16:23 - 00002483 _____ C:\Documents and Settings\ME\Desktop\Microsoft Word.lnk
2015-06-06 20:32 - 2014-11-08 10:04 - 00000000 ____D C:\Documents and Settings\ME\My Documents\Sky
2015-06-02 15:17 - 2014-08-09 10:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-02 11:33 - 2014-08-22 22:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-06-02 11:31 - 2014-08-06 23:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-06-02 11:30 - 2014-08-06 23:08 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-06-02 11:30 - 2014-08-06 23:07 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-06-02 11:27 - 2014-08-06 23:07 - 00000000 ____D C:\Program Files\Java
2015-06-02 10:55 - 2013-07-03 16:09 - 00000000 ____D C:\Documents and Settings\ME\My Documents\IntShop
2015-06-02 10:52 - 2013-07-03 16:08 - 00000000 ____D C:\Documents and Settings\ME\My Documents\Andrew
2015-06-02 09:48 - 2014-11-10 17:34 - 00013368 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys

==================== Files in the root of some directories =======

2014-03-14 12:32 - 2014-03-14 12:32 - 0002528 _____ () C:\Documents and Settings\ME\Application Data\$_hpcst$.hpc
2013-07-03 23:20 - 2013-07-03 23:21 - 0001402 _____ () C:\Documents and Settings\ME\Application Data\HPCOM_48BitScanUpdate.log
2013-07-03 13:46 - 2015-01-28 01:34 - 0006144 _____ () C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by ME at 2015-06-30 12:51:31
Running from C:\Documents and Settings\ME\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1078081533-839522115-1343024091-500 - Administrator - Enabled)
Guest (S-1-5-21-1078081533-839522115-1343024091-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1078081533-839522115-1343024091-1000 - Limited - Disabled)
ME (S-1-5-21-1078081533-839522115-1343024091-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\ME
SUPPORT_388945a0 (S-1-5-21-1078081533-839522115-1343024091-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Belkin Desktop PCI Card Driver (HKLM\...\{50D47CE8-9C16-42D1-A8D8-B143B22E232A}) (Version: 1.12.0005 - Belkin)
Belkin F5D5000 Desktop PCI Card Driver (HKLM\...\{1798227A-AA89-4C78-AF55-56A38E654788}) (Version: 1.00.0000 - Belkin)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer (HKLM\...\Coupon Printer2.2.1.6) (Version: 2.2.1.6 - Coupons.com Inc.)
Dropbox (HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
hp deskjet 940c series (Remove only) (HKLM\...\hp deskjet 940c series) (Version:  - )
HP Photo and Imaging 1.0 - Scanjet 3500c Series (HKLM\...\{B8E952E3-A823-443A-8493-39A0CCE0E3EB}) (Version: 1.00.0000 - {&Tahoma8}Hewlett-Packard)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.5.6 - ahead software gmbh)
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RouterStats-Lite v10.0 (HKLM\...\RouterStats-Lite_is1) (Version:  - vwlowen.co.uk)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Secure Print@Home (HKLM\...\{663D6D17-1631-4039-AE6A-F7BCCF758B20}) (Version: 3.16.1958.0 - Valassis)
ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
Sound Blaster Audigy (HKLM\...\Sound Blaster Audigy) (Version:  - )
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
ZoneAlarm Firewall (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1078081533-839522115-1343024091-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\ME\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1078081533-839522115-1343024091-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\ME\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1078081533-839522115-1343024091-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\ME\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1078081533-839522115-1343024091-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\ME\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1078081533-839522115-1343024091-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\ME\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1078081533-839522115-1343024091-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\ME\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

28-06-2015 19:03:40 System Checkpoint
28-06-2015 20:29:40 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.1.8.1057
29-06-2015 22:58:43 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-18 13:00 - 2014-09-08 16:33 - 00511276 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files\Advanced Driver Updater\adu.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-27 15:18 - 2015-05-27 15:18 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-27 15:18 - 2015-05-27 15:18 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-30 11:26 - 2015-06-30 11:26 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15063000\algo.dll
2014-01-27 17:43 - 2014-01-27 17:43 - 00065936 _____ () C:\Program Files\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
2015-05-27 15:18 - 2015-05-27 15:18 - 38327808 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1078081533-839522115-1343024091-1004\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1078081533-839522115-1343024091-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: Disc Detector => C:\Program Files\Creative\ShareDLL\CtNotify.exe
MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
MSCONFIG\startupreg: Jet Detection => C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
MSCONFIG\startupreg: NeroCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\Updreg.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe] => Enabled:KTF MUSIC AoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe] => Enabled:KTF MUSIC VoD Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\ME\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2015 00:15:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.13.0, faulting module Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (06/29/2015 09:20:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.2.929, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam.exe!ws!]

Error: (06/29/2015 08:40:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/29/2015 08:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.13.0, faulting module Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (06/29/2015 08:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.13.0, faulting module Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (06/29/2015 02:40:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.2.929, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam.exe!ws!]

Error: (06/28/2015 08:25:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.13.0, faulting module Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
Processing media-specific event for [mbamservice.exe!ws!]


System errors:
=============
Error: (06/30/2015 00:20:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2015 00:20:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (06/30/2015 00:17:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2015 00:17:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2015 00:17:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MBAMService service hung on starting.

Error: (06/30/2015 00:15:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (06/30/2015 11:47:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2015 11:47:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (06/30/2015 11:18:24 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/30/2015 10:30:44 AM) (Source: DCOM) (EventID: 10005) (User: SPIKE)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office:
=========================
Error: (06/30/2015 00:15:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.2.13.0Qt5Core.dll5.4.1.000026f16

Error: (06/29/2015 09:20:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.2.929msvcr100.dll10.0.40219.3250008d6fd

Error: (06/29/2015 08:40:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (06/29/2015 08:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.2.13.0Qt5Core.dll5.4.1.000026f16

Error: (06/29/2015 08:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.2.13.0Qt5Core.dll5.4.1.000026f16

Error: (06/29/2015 02:40:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.2.929msvcr100.dll10.0.40219.3250008d6fd

Error: (06/28/2015 08:25:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.2.13.0Qt5Core.dll5.4.1.000026f16


==================== Memory info ===========================

Processor: AMD Athlon XP1800+
Percentage of memory in use: 61%
Total physical RAM: 1279.47 MB
Available physical RAM: 492.7 MB
Total Pagefile: 3054.3 MB
Available Pagefile: 2347.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.26 GB) (Free:35.83 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 57.3 GB) (Disk ID: E4DFE4DF)
Partition 1: (Active) - (Size=57.3 GB) - (Type=07 NTFS)

==================== End of log ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

warning.gif Multiple Resident Protection warning!
 
Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

  • avast Free Antivirus
  • Microsoft Security Essentials

Uninstallation procedure:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.
 
 
Also, I would like you to uninstall Zone Alarm firewall at the moment, you can install it again later.
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

Before I go any further, Microsoft Security Essentials isn't on this computer. It was until quite a while back but was removed. I assume you're seeing remnants that shouldn't be there. Do I proceed to next stage?

 

qwbo

Link to post
Share on other sites

Well nothing's exploded and there's no steam coming out anywhere.

 

It seems stable though I've only got Firefox with this page open following your instruction in post #2

Link to post
Share on other sites

Malwarebytes 2.1.8.1057 failed.

 

Messages as before  - The application failed to initialize properly (0xc000001d) and Malwarebytes has encountered a problem and needs to close.

 

I haven't tried mbam clean or installing Zonealarm yet.

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

That's a bit radical. I'm not happy having no AV. I've installed Malwarebytes with Avast disabled and it doesn't work. It seems I'm not alone with this problem. Is the problem with Malwarebytes?

Link to post
Share on other sites

True, this is an old machine, but it hasn't been a problem with previous versions of Malwarebytes and it hasn't got to the point of running so hasn't got to the point where I'd expect it to be straining resources - I've yet to get it to launch. No indication on Task Manager either that resources were a problem.

Link to post
Share on other sites

You miss my point. There was no indication on Task Manager that either the processor or the available memory were being stretched. Malwarebytes didn't even begin to launch. And the link you've provided is for vista. This machine is XP.

Link to post
Share on other sites

Where do I start?

 

Switched on yesterday (Thursday) morning and got "Malwarebytes has encountered a problem and needs to close". That was before the desktop had finished loading. Why was Malwarebytes even attempting to run?

 

Malwarebytes was then removed from the system.

 

Zonealarm reinstalled without any major problems and various system settings returned to as before. Why have you introduced so much Google crap to my system?

 

You referred to my system being low on resources. According to https://support.malwarebytes.org/customer/portal/articles/1834851-what-are-the-system-requirements-to-run-malwarebytes-anti-malware-?b_id=6438

 

What are the system requirements to run Malwarebytes Anti-Malware?

The following are Malwarebytes Anti-Malware minimum system requirements:

  • Software Requirements:

    • Microsoft® Windows Vista, Windows 7, Windows 8 (32 bit and 64 bit).
    • Microsoft® Windows XP Service Pack 2 or later.
    • Microsoft® Internet Explorer 6 or newer.

    Hardware Requirements:

    • 800MHZ CPU or faster.
    • 256MB of RAM (512MB or more recommended).
    • 20MB free hard disk space.
    • 800x600 or greater screen resolution.
    • Active internet connection for database and product updates.

My old XP machine clearly exceeds these requirements.

 

I haven't run chkdsk as yet as I was tied up all day yesterday. I don't really think it'll make any difference. Based on postings on this forum and elsewhere, the problem seems to be with this Malwarebytes update.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.