Jump to content

Need help with browser redirecting to unintended sites


Recommended Posts

Hello,

 

I recently posted a topic seeking help with a browser redirecting problem. The reply I received asked me to run Malwarebytes Anti-malware, and if this didn't fix the problem, they told me to download and run FRST and copy/paste the files FRST.txt and Addition.txt in a new posting, which is what this is.

 

The problem I'm having is my browser (Opera 35) has recently started redirecting sites to other unintended sites. Oftentimes when I go to a site, an unrelated additional site will load as well in another tab. On some sites I'm unable to go back a page, and any links or subsequent pages on these sites won't work. Most times the only option is to close out of the site completely. 

 

I've ran Malwarebytes Anti-Malware, Avast Anti-Virus (my current anti-virus program), Rkill, Adwcleaner, Kapersky virus removal tool, Super Anti-spyware, and Hitman. All have come up clean.

 

Any help would be greatly appreciated. The 2 requested files from FRST are pasted below.

 

System info: Windows XP Pro, Service Pack 3. Browsers used: Opera 35 (main browser), Firefox, and Internet Explorer

 

Thank you

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016

Ran by User (administrator) on COMPUTER_1 (13-02-2016 20:19:20)

Running from C:\Documents and Settings\User\Desktop

Loaded Profiles: User &  (Available Profiles: User & Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)

Internet Explorer Version 8 (Default browser: Opera)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Zhorn Software) C:\Program Files\Stickies\stickies.exe

(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Opera Software) C:\Program Files\Opera 30 update\35.0.2066.37\opera.exe

(Opera Software) C:\Program Files\Opera 30 update\35.0.2066.37\opera.exe

(Opera Software) C:\Program Files\Opera 30 update\35.0.2066.37\opera.exe

(Opera Software) C:\Program Files\Opera 30 update\35.0.2066.37\opera.exe

(Opera Software) C:\Program Files\Opera 30 update\35.0.2066.37\opera.exe

(Opera Software) C:\Program Files\Opera 30 update\35.0.2066.37\opera.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-05] (AVAST Software)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)

Winlogon\Notify\AutorunsDisabled: 

HKLM\...\Policies\Explorer: [NoCDBurning] 0

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-03] (AVAST Software)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Stickies.lnk [2014-01-09]

ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\..\Interfaces\{23F10E96-259F-4068-9DA6-A21ADF63A56C}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-329068152-1935655697-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-329068152-1935655697-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-329068152-1935655697-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-329068152-1935655697-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = 

HKU\S-1-5-21-329068152-1935655697-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-329068152-1935655697-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = 

URLSearchHook: [s-1-5-21-329068152-1935655697-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-329068152-1935655697-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-03] (AVAST Software)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

Toolbar: HKU\S-1-5-21-329068152-1935655697-1417001333-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

Toolbar: HKU\S-1-5-21-329068152-1935655697-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\tftha0il.default-1414334938406

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-25] ()

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)

FF Extension: LastPass - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\tftha0il.default-1414334938406\extensions\support@lastpass.com [2015-12-20]

FF Extension: 1-Click YouTube Video Downloader - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\tftha0il.default-1414334938406\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-06-07]

FF Extension: Video DownloadHelper - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\tftha0il.default-1414334938406\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-06]

FF Extension: Adblock Plus - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\tftha0il.default-1414334938406\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-22] [not signed]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-03]

FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-03]

 

Chrome: 

=======

CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-03]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-03]

 

Opera: 

=======

OPR StartupUrls: "hxxps://us-mg6.mail.yahoo.com/neo/launch"

OPR Extension: (AdBlock) - C:\Documents and Settings\User\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-02-06]

OPR Extension: (Adguard) - C:\Documents and Settings\User\Application Data\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2016-02-09]

OPR Extension: (LastPass) - C:\Documents and Settings\User\Application Data\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2015-12-17]

OPR Extension: (Download YouTube Videos as MP4) - C:\Documents and Settings\User\Application Data\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2015-12-23]

OPR Extension: (Adblock Plus) - C:\Documents and Settings\User\Application Data\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-02-06]

OPR Extension: (Capture Webpage Screenshot - FireShot) - C:\Documents and Settings\User\Application Data\Opera Software\Opera Stable\Extensions\pbjmgmedeliohhbaefhlplndokcbmjio [2015-12-17]

StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera Old Version\Opera.exe

StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera 30 update\Launcher.exe

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-03] (AVAST Software)

S4 BackupService; C:\Documents and Settings\User\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [67104 2013-02-21] (ArcSoft, Inc.)

S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-02-03] (AVAST Software)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-02-03] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-02-03] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-02-03] (AVAST Software)

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [812720 2016-02-03] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [447848 2016-02-03] (AVAST Software)

R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [171608 2016-02-03] (AVAST Software)

S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67088 2016-02-03] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221240 2016-02-10] (AVAST Software)

S3 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2006-10-29] (Hewlett-Packard Development Company, L.P.)

S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2006-10-29] (Hewlett-Packard Development Company, L.P.)

S3 HP24X; C:\WINDOWS\System32\DRIVERS\HP24X.sys [33024 2006-10-19] (Hewlett Packard)

R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36352 2006-10-29] (Infineon Technologies AG)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-13] (Malwarebytes)

S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3634688 2009-01-05] (Intel Corporation)

R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]

S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-13 20:19 - 2016-02-13 20:19 - 00013507 _____ C:\Documents and Settings\User\Desktop\FRST.txt

2016-02-13 20:18 - 2016-02-13 20:18 - 01721344 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe

2016-02-13 10:50 - 2016-02-13 10:51 - 00000000 ____D C:\Documents and Settings\User\My Documents\Financial Statements

2016-02-13 10:42 - 2016-02-13 10:49 - 00000000 ____D C:\Documents and Settings\User\My Documents\Anti-Virus Programs

2016-02-13 10:39 - 2016-02-13 10:39 - 05657611 _____ (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe

2016-02-07 10:51 - 2016-02-07 14:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2016-02-07 10:46 - 2016-02-07 10:46 - 00004558 _____ C:\TDSSKiller.3.1.0.9_07.02.2016_10.46.33_log.txt

2016-02-07 06:43 - 2016-02-07 06:45 - 00118984 _____ C:\TDSSKiller.3.1.0.9_07.02.2016_06.43.04_log.txt

2016-02-06 17:20 - 2016-02-06 17:21 - 00118094 _____ C:\TDSSKiller.3.1.0.9_06.02.2016_17.20.21_log.txt

2016-02-03 15:56 - 2016-02-03 15:56 - 00334280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2016-02-03 15:56 - 2016-02-03 15:56 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2016-01-25 18:21 - 2016-01-25 18:21 - 00000454 _____ C:\Documents and Settings\User\Desktop\My Videos.lnk

2016-01-25 18:19 - 2016-01-25 18:19 - 00001602 _____ C:\Documents and Settings\User\Desktop\Services.lnk

2016-01-25 18:19 - 2016-01-25 18:19 - 00001592 _____ C:\Documents and Settings\User\Desktop\Event Viewer.lnk

2016-01-19 21:21 - 2016-01-19 21:21 - 00002049 _____ C:\Documents and Settings\User\resetlog.txt

2016-01-16 19:57 - 2016-02-13 20:19 - 00000000 ____D C:\Documents and Settings\User\Local Settings\temp

2016-01-16 19:57 - 2016-02-07 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp

2016-01-16 19:57 - 2016-01-22 19:59 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp

2016-01-16 19:57 - 2016-01-16 19:57 - 00011810 _____ C:\ComboFix.txt

2016-01-16 19:57 - 2016-01-16 19:57 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp

2016-01-16 19:57 - 2016-01-16 19:57 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp

2016-01-16 19:57 - 2016-01-16 19:57 - 00000000 ____D C:\Documents and Settings\Default User.WINDOWS.0\Local Settings\temp

2016-01-16 19:57 - 2016-01-16 19:57 - 00000000 ____D C:\Documents and Settings\David Balsamo\Local Settings\temp

2016-01-16 11:58 - 2016-01-16 12:01 - 00117936 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_11.58.07_log.txt

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-13 20:19 - 2015-02-26 19:46 - 00000000 ____D C:\FRST

2016-02-13 19:33 - 2015-08-30 10:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-02-13 19:25 - 1980-01-04 19:37 - 00618838 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-02-13 19:21 - 2015-08-02 10:19 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2016-02-13 19:21 - 2015-07-25 08:48 - 00000434 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1437832110.job

2016-02-13 19:21 - 2013-02-07 19:33 - 00000000 ____D C:\Documents and Settings\User\Application Data\stickies

2016-02-13 19:20 - 2012-09-12 16:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-02-13 17:42 - 2014-03-04 10:10 - 00032534 ____N C:\WINDOWS\SchedLgU.Txt

2016-02-13 17:42 - 2012-09-12 16:38 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini

2016-02-13 11:36 - 2015-09-06 17:00 - 00483895 _____ C:\Documents and Settings\User\Desktop\TD Checking.amj

2016-02-13 11:02 - 2012-09-12 16:38 - 00000000 ___RD C:\Documents and Settings\User\My Documents

2016-02-13 11:01 - 2013-01-12 15:29 - 00000000 ____D C:\Documents and Settings\User\My Documents\Word Documents

2016-02-12 23:00 - 2013-01-28 19:20 - 00000000 ____D C:\Documents and Settings\User\Application Data\vlc

2016-02-11 18:48 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2016-02-10 20:42 - 2013-01-10 18:32 - 00000000 ____D C:\Program Files\Paint Shop Pro 6

2016-02-10 16:47 - 2015-08-02 10:19 - 00221240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys

2016-02-09 16:59 - 2014-10-21 16:33 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-02-09 16:54 - 2013-08-10 12:30 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-02-07 10:57 - 2013-01-29 11:54 - 00000000 ____D C:\Documents and Settings\User\My Documents\CCleaner Saved Files

2016-02-07 10:24 - 2013-02-28 19:30 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini

2016-02-07 10:20 - 2014-01-07 09:11 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

2016-02-06 17:23 - 2015-03-03 20:57 - 00000000 ____D C:\AdwCleaner

2016-02-06 13:43 - 2013-01-19 14:40 - 00002497 _____ C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk

2016-02-06 11:39 - 2015-07-25 08:43 - 00000000 ____D C:\Program Files\Opera 30 update

2016-02-03 15:58 - 1980-01-04 19:31 - 00000000 ___HD C:\WINDOWS\inf

2016-02-03 15:56 - 2015-08-02 10:19 - 00812720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2016-02-03 15:56 - 2015-08-02 10:19 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2016-02-03 15:56 - 2015-08-02 10:19 - 00171608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys

2016-02-03 15:56 - 2015-08-02 10:19 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2016-02-03 15:56 - 2015-08-02 10:19 - 00067088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2016-02-03 15:56 - 2015-08-02 10:19 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2016-02-03 15:56 - 2015-08-02 10:19 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2016-02-03 15:56 - 2015-08-02 10:19 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2016-02-02 18:38 - 2013-01-12 17:56 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

2016-01-31 06:18 - 2014-01-07 09:42 - 00131072 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt

2016-01-30 20:06 - 2014-12-11 17:42 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job

2016-01-30 20:06 - 2014-08-18 02:44 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Adobe

2016-01-30 20:06 - 2013-01-15 11:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2016-01-30 20:06 - 2013-01-15 11:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2016-01-28 15:07 - 1980-01-04 19:31 - 00000000 ____D C:\WINDOWS\Help

2016-01-26 19:46 - 2012-09-12 16:38 - 00000000 ___RD C:\Documents and Settings\User\My Documents\My Pictures

2016-01-25 20:14 - 1980-01-04 19:31 - 00000000 RSHDC C:\WINDOWS\system32\dllcache

2016-01-25 18:21 - 2013-01-12 13:19 - 00000000 ___RD C:\Documents and Settings\User\My Documents\My Videos

2016-01-23 12:23 - 2012-09-12 16:38 - 00000000 ___RD C:\Documents and Settings\User\My Documents\My Music

2016-01-22 18:45 - 2015-08-21 17:43 - 00005544 _____ C:\WINDOWS\ModemLog_LSI HDA Modem.txt

2016-01-21 17:36 - 2015-09-08 19:51 - 00000000 ____D C:\Qoobox

2016-01-18 20:28 - 2012-09-12 16:29 - 00000000 ____D C:\WINDOWS\Registration

2016-01-17 23:22 - 1980-01-04 19:31 - 00000000 ____D C:\WINDOWS\security

2016-01-17 16:55 - 2014-01-17 04:56 - 00067584 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-01-17 07:33 - 2012-09-12 16:37 - 00000000 __SHD C:\Documents and Settings\LocalService

2016-01-17 00:52 - 1980-01-04 19:31 - 00000000 ____D C:\WINDOWS\Network Diagnostic

2016-01-16 19:53 - 2001-08-23 06:00 - 00000327 _____ C:\WINDOWS\system.ini

 

==================== Files in the root of some directories =======

 

2013-08-19 04:08 - 2013-08-19 04:18 - 0003891 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Dave's Financial Accounts.gnucash

2013-08-19 04:08 - 2013-08-19 04:17 - 0003663 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Dave's Financial Accounts.gnucash.20130819050809.log

2013-08-19 04:18 - 2013-08-19 04:18 - 0003697 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Dave's Financial Accounts.gnucash.20130819051807.gnucash

2013-08-19 04:18 - 2013-08-19 04:18 - 0000904 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Dave's Financial Accounts.gnucash.20130819051807.log

2013-08-19 07:41 - 2013-08-19 08:20 - 0000976 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Dave's Financial Accounts.gnucash.20130819084102.log

2013-08-19 08:46 - 2013-08-19 08:46 - 0000976 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Dave's Financial Accounts.gnucash.20130819094628.log

2013-08-19 08:47 - 2013-08-19 08:51 - 0003075 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Dave's Financial Accounts.gnucash.20130819094745.log

2014-01-17 04:56 - 2016-01-17 16:55 - 0067584 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-19 08:36 - 2013-08-19 08:36 - 0000218 _____ () C:\Documents and Settings\User\Local Settings\Application Data\recently-used.xbel

2014-09-10 04:13 - 2015-11-07 19:39 - 0000191 _____ () C:\Documents and Settings\All Users\Application Data\LockFilePath.ini

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End of FRST.txt ============================

 

 

 

 


Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016

Ran by User (2016-02-13 20:20:15)

Running from C:\Documents and Settings\User\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) (2012-09-12 21:35:20)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-329068152-1935655697-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

ASPNET (S-1-5-21-329068152-1935655697-1417001333-1004 - Limited - Disabled)

Guest (S-1-5-21-329068152-1935655697-1417001333-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-329068152-1935655697-1417001333-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-329068152-1935655697-1417001333-1002 - Limited - Disabled)

User (S-1-5-21-329068152-1935655697-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AceMoney (HKLM\...\AceMoney_is1) (Version:  - MechCAD Software)

AceMoney Lite (HKLM\...\AceMoney Lite_is1) (Version:  - MechCAD Software)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)

Adobe Flash Player 20 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)

Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)

Broadcom NetXtreme Ethernet Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.01 - Broadcom Corporation)

Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)

Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)

Canon MG2900 series On-screen Manual (HKLM\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)

Canon MG2900 series User Registration (HKLM\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)

Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)

Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)

HP PCMCIA Smart Card Reader (HKLM\...\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}) (Version: 1.01.0001 - HP)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 6.14.10.5218 - Intel Corporation)

Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden

LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)

LightScribe System Software (HKLM\...\{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}) (Version: 1.18.9.1 - LightScribe)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 43.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)

Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)

Opera Stable 35.0.2066.37 (HKLM\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)

Paint Shop Pro 6.0 (ESD) (HKLM\...\Paint Shop Pro 6.0) (Version:  - )

Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden

SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5240 - Analog Devices)

Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)

Stickies 7.1e (HKLM\...\ZhornStickies) (Version:  - Zhorn Software)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

WinZip (HKLM\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1399038432.job.bak => C:\Program Files\Opera\launcher.exe

Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1437832110.job => C:\Program Files\Opera 30 update\launcher.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-08-02 10:19 - 2016-02-03 15:56 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-08-02 10:19 - 2016-02-03 15:56 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-02-13 13:30 - 2016-02-13 13:30 - 02829824 _____ () C:\Program Files\AVAST Software\Avast\defs\16021301\algo.dll

2016-01-30 06:22 - 2016-02-03 15:56 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2015-08-02 10:19 - 2016-01-30 06:23 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-01-09 09:25 - 2014-01-09 09:25 - 00049152 _____ () C:\Program Files\Stickies\shook70.dll

2016-02-04 17:38 - 2016-02-04 17:37 - 62319736 _____ () C:\Program Files\Opera 30 update\35.0.2066.37\opera.dll

2008-04-13 23:41 - 2008-04-13 23:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2008-04-13 23:42 - 2008-04-13 23:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Documents and Settings\User\Desktop\adwcleaner_4.203.exe:BDU

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49290646.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49290646.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\1001movie.com -> 1001movie.com

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\1001night.biz -> 1001night.biz

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\100gal.net -> 100gal.net

IE restricted site: HKU\S-1-5-21-329068152-1935655697-1417001333-1003\...\100sexlinks.com -> 100sexlinks.com

 

There are 5317 more sites.

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2007-08-11 01:58 - 2016-01-16 19:53 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-329068152-1935655697-1417001333-1003\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.1.1

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup

MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk => C:\WINDOWS\pss\HP SimpleSave Monitor.lnkStartup

MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon

MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe

MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe

MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe

MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe

MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

StandardProfile\AuthorizedApplications: [C:\Program Files\Opera Old Version\opera.exe] => Enabled:Opera Internet Browser

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dxdiag.exe] => Disabled:Microsoft DirectX Diagnostic Tool

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpnsvr.exe] => Disabled:Microsoft DirectPlay8 Server

StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015

DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016

DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015

StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016

StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017

StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004

StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005

StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001

StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007

StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009

 

==================== Restore Points =========================

 

25-01-2016 19:17:16 System Checkpoint

28-01-2016 09:49:46 System Checkpoint

30-01-2016 06:24:41 Installed Windows XP Wdf01009.

31-01-2016 06:06:23 Software Distribution Service 3.0

03-02-2016 15:58:06 Installed Windows XP Wdf01009.

06-02-2016 12:27:33 System Checkpoint

06-02-2016 17:19:53 Checkpoint by HitmanPro

07-02-2016 06:56:39 Checkpoint by HitmanPro

09-02-2016 16:54:05 Software Distribution Service 3.0

10-02-2016 17:58:08 System Checkpoint

12-02-2016 15:20:11 System Checkpoint

13-02-2016 10:40:30 JRT Pre-Junkware Removal

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/17/2015 07:45:34 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: A connection with the server could not be established

 

Error: (12/17/2015 07:45:31 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This network connection does not exist.

 

Error: (12/17/2015 07:45:31 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This network connection does not exist.

 

Error: (12/17/2015 07:45:31 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This network connection does not exist.

 

Error: (12/17/2015 07:45:31 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This network connection does not exist.

 

Error: (12/17/2015 07:45:30 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: A connection with the server could not be established

 

Error: (10/12/2015 12:26:05 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application opera.exe, version 32.0.1948.69, faulting module unknown, version 0.0.0.0, fault address 0x454c504d.

Processing media-specific event for [opera.exe!ws!]

 

Error: (10/08/2015 08:12:16 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

 

Error: (10/08/2015 08:12:16 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This operation returned because the timeout period expired.

 

Error: (10/03/2015 03:59:39 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Processing media-specific event for [drwtsn32.exe!ws!]

 

 

System errors:

=============

Error: (02/13/2016 07:20:49 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (02/13/2016 10:40:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Simple TCP/IP Services service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/13/2016 05:28:22 AM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (02/12/2016 09:44:54 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (02/12/2016 12:46:30 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (02/11/2016 06:48:14 PM) (Source: 0) (EventID: 1) (User: )

Description: 0xC0000001HarddiskVolume1

 

Error: (02/11/2016 06:48:11 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (02/10/2016 04:47:02 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (02/10/2016 04:46:53 PM) (Source: 0) (EventID: 1) (User: )

Description: 0xC0000001HarddiskVolume1

 

Error: (02/09/2016 04:46:50 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU T7300 @ 2.00GHz

Percentage of memory in use: 66%

Total physical RAM: 2039.23 MB

Available physical RAM: 673.05 MB

Total Virtual: 3925.05 MB

Available Virtual: 2569.54 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:74.52 GB) (Free:51.32 GB) NTFS ==>[drive with boot components (Windows XP)]

Drive e: (KINGSTON) (Removable) (Total:3.78 GB) (Free:0.52 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 5363540D)

Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 3.8 GB) (Disk ID: 004FC0B3)

Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

 

==================== End of Addition.txt ============================


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....
 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Post those logs in your reply...

 

Thank you,

 

Kevin

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.