TechSpot

Infected browsers - no internet connection

By morphy201180
Feb 20, 2015
  1. Hi,
    I hope you can help.
    I recently updated my chrome browser and ended up with trovi search engine and numerous tabs opening with search conduit home page. It has impossible to get rid of. I am now unable to connect to the internet as my service provider has blocked access due to infected browser.

    I'm not sure if the problem is related but since the trouble with the browser I am getting error messages saying that my laptop is low on system memory which I never had before.

    My Avast anti virus hasn't detected anything neither has malwarebytes. Please see logs below:-

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 20/02/2015
    Scan Time: 14:07:58
    Logfile: mbam log.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.20.05
    Rootkit Database: v2015.02.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Max Joyner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 335396
    Time Elapsed: 20 min, 11 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Max Joyner at 14:40:25 on 2015-02-20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.392 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    E:\Program Files\AVAST Software\Avast\AvastSvc.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    E:\WINDOWS\System32\alg.exe
    E:\Program Files\AVAST Software\Avast\AvastUI.exe
    E:\WINDOWS\RTHDCPL.EXE
    E:\WINDOWS\system32\wbem\unsecapp.exe
    E:\WINDOWS\system32\hkcmd.exe
    E:\WINDOWS\system32\igfxpers.exe
    E:\WINDOWS\system32\igfxsrvc.exe
    E:\WINDOWS\system32\wbem\wmiprvse.exe
    E:\Program Files\Google\Drive\googledrivesync.exe
    E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe
    E:\Program Files\Google\Drive\googledrivesync.exe
    E:\WINDOWS\explorer.exe
    E:\WINDOWS\notepad.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\WINDOWS\system32\svchost.exe -k DcomLaunch
    E:\WINDOWS\system32\svchost.exe -k rpcss
    E:\WINDOWS\System32\svchost.exe -k netsvcs
    E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    E:\WINDOWS\system32\svchost.exe -k NetworkService
    E:\WINDOWS\system32\svchost.exe -k LocalService
    E:\WINDOWS\system32\svchost.exe -k LocalService
    E:\WINDOWS\system32\svchost.exe -k imgsvc
    E:\WINDOWS\system32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - e:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - e:\program files\microsoft office\office14\URLREDIR.DLL
    uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [GoogleDriveSync] "e:\program files\google\drive\googledrivesync.exe" /autostart
    uRun: [GoogleChromeAutoLaunch_B1DDAB0696E4DF7F912F7BE99F479D2F] "e:\program files\google\chrome\application\chrome.exe" --no-startup-window
    mRun: [AvastUI.exe] "e:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
    mRun: [Persistence] e:\windows\system32\igfxpers.exe
    dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
    StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - e:\program files\realtek\8187se wireless lan utility\RtWLan.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: &D&ownload &with BitComet - e:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - e:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - e:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - e:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - e:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
    DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{57FBBE6F-4CCC-4FA9-85D9-9E6E9AAF98FE} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{FEC4CE48-E0A9-4DDA-BC74-64DA40C950E7} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - e:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - e:\program files\microsoft office\office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "e:\program files\google\chrome\application\40.0.2214.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [2014-7-30 49944]
    R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [2014-7-30 206248]
    R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswsnx.sys [2014-7-30 787800]
    R1 aswSP;aswSP;e:\windows\system32\drivers\aswsp.sys [2014-7-30 423784]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [2014-7-30 243128]
    R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [2014-7-30 24184]
    R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2014-7-30 70384]
    R2 avast! Antivirus;avast! Antivirus;e:\program files\avast software\avast\AvastSvc.exe [2014-7-30 50344]
    R2 HTCMonitorService;HTCMonitorService;e:\program files\htc\htc sync manager\HSMServiceEntry.exe [2014-6-27 87368]
    R2 PassThru Service;Internet Pass-Through Service;e:\program files\htc\internet pass-through\PassThruSvr.exe [2013-10-17 166912]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;e:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2012-6-19 1646608]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\drivers\RtsUStor.sys [2014-9-12 216280]
    R3 ST50220;Sonix ST50220 USB Video Camera Driver;e:\windows\system32\drivers\ST50220.sys [2014-9-12 34224]
    S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2014-9-12 1691480]
    S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\ANDROIDUSB.sys [2015-1-24 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [2013-10-17 21248]
    S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [2014-9-29 103424]
    .
    =============== File Associations ===============
    .
    ShellExec: BitComet.exe: open="e:\program files\bitcomet\BitComet.exe"
    .
    =============== Created Last 30 ================
    .
    2015-02-19 23:56:49 98816 ----a-w- e:\windows\sed.exe
    2015-02-19 23:56:49 256000 ----a-w- e:\windows\PEV.exe
    2015-02-19 23:56:49 208896 ----a-w- e:\windows\MBR.exe
    2015-02-19 13:01:19 -------- d-----w- e:\documents and settings\max joyner\local settings\application data\WMTools Downloaded Files
    2015-02-18 17:28:35 306176 ----a-w- e:\windows\system32\drivers\rtl8187Se.sys
    2015-02-18 17:28:34 306176 ----a-w- e:\windows\system\rtl8187Se.sys
    2015-02-18 17:26:22 172032 ----a-w- e:\windows\system32\igfxres.dll
    2015-02-16 13:23:38 -------- d-----w- E:\AdwCleaner
    2015-02-07 14:17:30 -------- d--h--w- e:\windows\PIF
    2015-01-24 14:24:22 24576 ----a-w- e:\windows\system32\drivers\ANDROIDUSB.sys
    2015-01-24 14:23:58 -------- d-----w- e:\program files\Spirent Communications
    .
    ==================== Find3M ====================
    .
    2015-02-20 14:07:48 114904 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-19 13:49:58 35064 ----a-w- e:\windows\system32\drivers\TrueSight.sys
    2015-02-19 13:47:56 108632 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
    2015-02-16 12:58:48 290304 ----a-w- e:\windows\system32\subinacl.exe
    2015-02-05 15:04:34 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
    2015-02-05 15:04:33 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-25 23:28:15 787800 ----a-w- e:\windows\system32\drivers\aswsnx.sys
    2013-02-07 12:22:00 50330 ----a-w- e:\program files\AntiDust.exe
    .
    ============= FINISH: 14:41:52.45 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/07/2014 14:16:31
    System Uptime: 20/02/2015 01:01:51 (13 hours ago)
    .
    Motherboard: DIXONSXP | | DIXONSXP
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 0 GiB total, 0.026 GiB free.
    D: is FIXED (NTFS) - 932 GiB total, 215.666 GiB free.
    E: is FIXED (NTFS) - 149 GiB total, 54.098 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {7240100F-6512-4548-8418-9EBB5C6A1A94}
    Description: USB Device
    Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
    Manufacturer:
    Name: USB Device
    PNP Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
    Service:
    .
    ==== System Restore Points ===================
    .
    RP159: 13/12/2014 23:38:41 - Techspot Clean December 2014
    RP160: 13/12/2014 23:38:41 - System Checkpoint
    RP161: 13/12/2014 23:38:42 - Installed Sophos Virus Removal Tool.
    RP162: 13/12/2014 23:38:48 - End of disinfection
    RP163: 13/12/2014 23:45:00 - Revo Uninstaller's restore point - Cooking Quest
    RP164: 13/12/2014 23:48:16 - Revo Uninstaller's restore point - Amazing Finds 1.00
    RP165: 13/12/2014 23:49:45 - Revo Uninstaller's restore point - Righteous Kill
    RP167: 13/12/2014 23:54:00 - Revo Uninstaller's restore point - Herods Lost Tomb
    RP168: 13/12/2014 23:57:49 - Revo Uninstaller's restore point - Mystery Legends - Sleepy Hollow 1.00
    RP169: 14/12/2014 00:06:32 - Revo Uninstaller's restore point - Hidden Mysteries Buckingham Palace
    RP170: 14/12/2014 00:09:32 - Revo Uninstaller's restore point - Redrum Dead Diary
    RP171: 14/12/2014 00:11:16 - Revo Uninstaller's restore point - Sophos Virus Removal Tool
    RP172: 14/12/2014 13:45:13 - Revo Uninstaller's restore point - HTC Sync Manager
    RP173: 14/12/2014 13:46:53 - Removed HTC Sync Manager.
    RP174: 14/12/2014 13:57:29 - Installed HTC Sync Manager.
    RP175: 14/12/2014 14:00:41 - Unsigned driver install
    RP176: 15/12/2014 23:12:24 - System Checkpoint
    RP177: 20/12/2014 16:54:11 - System Checkpoint
    RP178: 25/12/2014 12:29:17 - System Checkpoint
    RP179: 26/12/2014 12:50:34 - System Checkpoint
    RP180: 28/12/2014 19:36:43 - System Checkpoint
    RP181: 30/12/2014 11:01:58 - System Checkpoint
    RP182: 01/01/2015 14:24:38 - System Checkpoint
    RP183: 02/01/2015 20:26:50 - System Checkpoint
    RP184: 03/01/2015 22:04:57 - System Checkpoint
    RP185: 05/01/2015 11:13:15 - System Checkpoint
    RP186: 06/01/2015 11:47:20 - System Checkpoint
    RP187: 07/01/2015 12:04:40 - System Checkpoint
    RP188: 08/01/2015 12:59:38 - System Checkpoint
    RP189: 09/01/2015 13:57:12 - System Checkpoint
    RP190: 10/01/2015 14:39:33 - System Checkpoint
    RP191: 11/01/2015 15:32:11 - System Checkpoint
    RP192: 12/01/2015 15:58:23 - System Checkpoint
    RP193: 13/01/2015 16:58:23 - System Checkpoint
    RP194: 14/01/2015 19:33:35 - Software Distribution Service 3.0
    RP195: 14/01/2015 21:19:30 - System Checkpoint
    RP196: 15/01/2015 21:51:38 - System Checkpoint
    RP197: 17/01/2015 02:12:14 - System Checkpoint
    RP198: 18/01/2015 02:50:46 - System Checkpoint
    RP199: 19/01/2015 03:14:33 - System Checkpoint
    RP200: 20/01/2015 12:21:16 - System Checkpoint
    RP201: 21/01/2015 22:33:18 - System Checkpoint
    RP202: 23/01/2015 02:57:38 - System Checkpoint
    RP203: 24/01/2015 03:37:02 - System Checkpoint
    RP204: 25/01/2015 03:54:26 - System Checkpoint
    RP205: 27/01/2015 03:48:12 - System Checkpoint
    RP206: 28/01/2015 19:09:16 - System Checkpoint
    RP207: 31/01/2015 03:38:38 - System Checkpoint
    RP208: 01/02/2015 08:44:57 - System Checkpoint
    RP209: 01/02/2015 14:59:06 - System Checkpoint
    RP210: 02/02/2015 15:46:33 - System Checkpoint
    RP211: 03/02/2015 16:11:06 - System Checkpoint
    RP212: 04/02/2015 16:35:17 - System Checkpoint
    RP213: 05/02/2015 18:39:36 - System Checkpoint
    RP214: 06/02/2015 19:09:03 - System Checkpoint
    RP215: 07/02/2015 19:20:26 - System Checkpoint
    RP216: 08/02/2015 20:15:39 - System Checkpoint
    RP217: 09/02/2015 20:51:54 - System Checkpoint
    RP218: 10/02/2015 12:05:45 - Software Distribution Service 3.0
    RP219: 10/02/2015 12:26:51 - Software Distribution Service 3.0
    RP220: 11/02/2015 05:31:47 - Software Distribution Service 3.0
    RP221: 12/02/2015 03:00:24 - Software Distribution Service 3.0
    RP222: 12/02/2015 16:52:47 - Software Distribution Service 3.0
    RP223: 14/02/2015 03:33:58 - System Checkpoint
    RP224: 15/02/2015 18:00:30 - System Checkpoint
    RP225: 16/02/2015 13:36:25 - Revo Uninstaller's restore point - Google Chrome
    RP226: 17/02/2015 16:12:58 - System Checkpoint
    RP227: 18/02/2015 17:08:49 - Revo Uninstaller's restore point - REALTEK RTL8187SE Wireless LAN Driver and Utility
    RP228: 18/02/2015 17:28:23 - Installed REALTEK RTL8187SE Wireless LAN Driver
    RP229: 18/02/2015 17:36:40 - Installed REALTEK RTL8187SE Wireless LAN Driver and Utility
    RP230: 19/02/2015 14:07:21 - mbam
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 16 ActiveX
    Adobe Flash Player 16 NPAPI
    Adobe Reader XI (11.0.08)
    Avast Free Antivirus
    BitComet 1.37
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
    Free YouTube to MP3 Converter version 3.12.35.514
    Google Chrome
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================

    [​IMG] Attach.txt log from DDS is incomplete.
    Post complete log.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Here is the full DDS log. Will post the other logs shortly.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/07/2014 14:16:31
    System Uptime: 20/02/2015 01:01:51 (13 hours ago)
    .
    Motherboard: DIXONSXP | | DIXONSXP
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 0 GiB total, 0.026 GiB free.
    D: is FIXED (NTFS) - 932 GiB total, 215.666 GiB free.
    E: is FIXED (NTFS) - 149 GiB total, 54.098 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {7240100F-6512-4548-8418-9EBB5C6A1A94}
    Description: USB Device
    Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
    Manufacturer:
    Name: USB Device
    PNP Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
    Service:
    .
    ==== System Restore Points ===================
    .
    RP159: 13/12/2014 23:38:41 - Techspot Clean December 2014
    RP160: 13/12/2014 23:38:41 - System Checkpoint
    RP161: 13/12/2014 23:38:42 - Installed Sophos Virus Removal Tool.
    RP162: 13/12/2014 23:38:48 - End of disinfection
    RP163: 13/12/2014 23:45:00 - Revo Uninstaller's restore point - Cooking Quest
    RP164: 13/12/2014 23:48:16 - Revo Uninstaller's restore point - Amazing Finds 1.00
    RP165: 13/12/2014 23:49:45 - Revo Uninstaller's restore point - Righteous Kill
    RP167: 13/12/2014 23:54:00 - Revo Uninstaller's restore point - Herods Lost Tomb
    RP168: 13/12/2014 23:57:49 - Revo Uninstaller's restore point - Mystery Legends - Sleepy Hollow 1.00
    RP169: 14/12/2014 00:06:32 - Revo Uninstaller's restore point - Hidden Mysteries Buckingham Palace
    RP170: 14/12/2014 00:09:32 - Revo Uninstaller's restore point - Redrum Dead Diary
    RP171: 14/12/2014 00:11:16 - Revo Uninstaller's restore point - Sophos Virus Removal Tool
    RP172: 14/12/2014 13:45:13 - Revo Uninstaller's restore point - HTC Sync Manager
    RP173: 14/12/2014 13:46:53 - Removed HTC Sync Manager.
    RP174: 14/12/2014 13:57:29 - Installed HTC Sync Manager.
    RP175: 14/12/2014 14:00:41 - Unsigned driver install
    RP176: 15/12/2014 23:12:24 - System Checkpoint
    RP177: 20/12/2014 16:54:11 - System Checkpoint
    RP178: 25/12/2014 12:29:17 - System Checkpoint
    RP179: 26/12/2014 12:50:34 - System Checkpoint
    RP180: 28/12/2014 19:36:43 - System Checkpoint
    RP181: 30/12/2014 11:01:58 - System Checkpoint
    RP182: 01/01/2015 14:24:38 - System Checkpoint
    RP183: 02/01/2015 20:26:50 - System Checkpoint
    RP184: 03/01/2015 22:04:57 - System Checkpoint
    RP185: 05/01/2015 11:13:15 - System Checkpoint
    RP186: 06/01/2015 11:47:20 - System Checkpoint
    RP187: 07/01/2015 12:04:40 - System Checkpoint
    RP188: 08/01/2015 12:59:38 - System Checkpoint
    RP189: 09/01/2015 13:57:12 - System Checkpoint
    RP190: 10/01/2015 14:39:33 - System Checkpoint
    RP191: 11/01/2015 15:32:11 - System Checkpoint
    RP192: 12/01/2015 15:58:23 - System Checkpoint
    RP193: 13/01/2015 16:58:23 - System Checkpoint
    RP194: 14/01/2015 19:33:35 - Software Distribution Service 3.0
    RP195: 14/01/2015 21:19:30 - System Checkpoint
    RP196: 15/01/2015 21:51:38 - System Checkpoint
    RP197: 17/01/2015 02:12:14 - System Checkpoint
    RP198: 18/01/2015 02:50:46 - System Checkpoint
    RP199: 19/01/2015 03:14:33 - System Checkpoint
    RP200: 20/01/2015 12:21:16 - System Checkpoint
    RP201: 21/01/2015 22:33:18 - System Checkpoint
    RP202: 23/01/2015 02:57:38 - System Checkpoint
    RP203: 24/01/2015 03:37:02 - System Checkpoint
    RP204: 25/01/2015 03:54:26 - System Checkpoint
    RP205: 27/01/2015 03:48:12 - System Checkpoint
    RP206: 28/01/2015 19:09:16 - System Checkpoint
    RP207: 31/01/2015 03:38:38 - System Checkpoint
    RP208: 01/02/2015 08:44:57 - System Checkpoint
    RP209: 01/02/2015 14:59:06 - System Checkpoint
    RP210: 02/02/2015 15:46:33 - System Checkpoint
    RP211: 03/02/2015 16:11:06 - System Checkpoint
    RP212: 04/02/2015 16:35:17 - System Checkpoint
    RP213: 05/02/2015 18:39:36 - System Checkpoint
    RP214: 06/02/2015 19:09:03 - System Checkpoint
    RP215: 07/02/2015 19:20:26 - System Checkpoint
    RP216: 08/02/2015 20:15:39 - System Checkpoint
    RP217: 09/02/2015 20:51:54 - System Checkpoint
    RP218: 10/02/2015 12:05:45 - Software Distribution Service 3.0
    RP219: 10/02/2015 12:26:51 - Software Distribution Service 3.0
    RP220: 11/02/2015 05:31:47 - Software Distribution Service 3.0
    RP221: 12/02/2015 03:00:24 - Software Distribution Service 3.0
    RP222: 12/02/2015 16:52:47 - Software Distribution Service 3.0
    RP223: 14/02/2015 03:33:58 - System Checkpoint
    RP224: 15/02/2015 18:00:30 - System Checkpoint
    RP225: 16/02/2015 13:36:25 - Revo Uninstaller's restore point - Google Chrome
    RP226: 17/02/2015 16:12:58 - System Checkpoint
    RP227: 18/02/2015 17:08:49 - Revo Uninstaller's restore point - REALTEK RTL8187SE Wireless LAN Driver and Utility
    RP228: 18/02/2015 17:28:23 - Installed REALTEK RTL8187SE Wireless LAN Driver
    RP229: 18/02/2015 17:36:40 - Installed REALTEK RTL8187SE Wireless LAN Driver and Utility
    RP230: 19/02/2015 14:07:21 - mbam
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 16 ActiveX
    Adobe Flash Player 16 NPAPI
    Adobe Reader XI (11.0.08)
    Avast Free Antivirus
    BitComet 1.37
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
    Free YouTube to MP3 Converter version 3.12.35.514
    Google Chrome
    Google Drive
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    HTC Driver Installer
    HTC Sync Manager
    Intel(R) Graphics Media Accelerator Driver
    IPTInstaller
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    REALTEK RTL8187SE Wireless LAN Driver
    REALTEK RTL8187SE Wireless LAN Driver and Utility
    Revo Uninstaller 1.95
    Rosetta Stone Ltd Services
    Rosetta Stone TOTALe
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2909921)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB2964358)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2803821-v2)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2909212)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    Security Update for Windows XP (KB2936068)
    Security Update for Windows XP (KB2964358)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    VLC media player
    WebFldrs XP
    Winamp
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR 5.10 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/02/2015 10:59:44, error: Dhcp [1002] - The IP address lease 192.168.0.128 for the Network Card with network address 001D92CBEF24 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    20/02/2015 00:19:14, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    16/02/2015 13:30:12, error: Service Control Manager [7034] - The RosettaStoneDaemon service terminated unexpectedly. It has done this 1 time(s).
    16/02/2015 13:30:12, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
    16/02/2015 13:30:12, error: Service Control Manager [7034] - The HTCMonitorService service terminated unexpectedly. It has done this 1 time(s).
    16/02/2015 13:30:12, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    16/02/2015 13:30:12, error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  4. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    When I tried to update mbar it said host failed but I ran the scan anyway and here are the logs

    RogueKiller V10.4.1.0 [Feb 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Max Joyner [Administrator]
    Mode : Delete -- Date : 02/20/2015 23:56:30

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 2 ¤¤¤
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\mbr.sys) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\mbr.sys) -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [E:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 6 (Driver: Loaded) ¤¤¤
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d5f0 (jmp 0xfc9d1f4)
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d4d0 (jmp 0xfc9d2d8)
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d5f0 (jmp 0xfc1d1f4)
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d4d0 (jmp 0xfc1d2d8)
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d5f0 (jmp 0xf86d1f4)
    [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d4d0 (jmp 0xf86d2d8)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
    --- User ---
    [MBR] d9dca90451c08de74a04fb367c5ce6ff
    [BSP] e86d9534e2e6ffb61c396ab3ddba0d2a : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows XP Bootstrap | Windows XP Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST310005 20AS USB Device +++++
    --- User ---
    [MBR] 7435b395373533bcd39085cd12602a0e
    [BSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_DEL_02192015_140612.log - RKreport_DEL_12112014_112347.log - RKreport_SCN_02192015_135904.log - RKreport_SCN_12112014_111912.log
    RKreport_SCN_02202015_235535.log



    Malwarebytes Anti-Rootkit BETA 1.09.1.1004
    www.malwarebytes.org

    Database version:
    main: v2014.11.18.05
    rootkit: v2014.11.12.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Max Joyner :: MAX-0B83641C323 [administrator]

    21/02/2015 00:13:05
    mbar-log-2015-02-21 (00-13-05).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 314370
    Time elapsed: 33 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Please see combo fix log below -

    ComboFix 15-02-16.01 - Max Joyner 21/02/2015 13:26:15.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.569 [GMT 0:00]
    Running from: e:\documents and settings\Max Joyner\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_ctypes.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_elementtree.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_hashlib.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_multiprocessing.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_socket.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_ssl.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\hashobjs_ext.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\pyexpat.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\pysqlite2._sqlite.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\python27.dll
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\pythoncom27.dll
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\PyWinTypes27.dll
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\select.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\unicodedata.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32api.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32com.shell.shell.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32crypt.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32event.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32file.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32gui.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32inet.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32pdh.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32pipe.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32process.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32profile.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32security.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32ts.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\windows._lib_cacheinvalidation.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._animate.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._controls_.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._core_.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._gdi_.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._html2.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._misc_.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._windows_.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._wizard.pyd
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxbase294u_net_vc90.dll
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxbase294u_vc90.dll
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxmsw294u_adv_vc90.dll
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxmsw294u_core_vc90.dll
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxmsw294u_html_vc90.dll
    e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxmsw294u_webview_vc90.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_ctypes.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_elementtree.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_hashlib.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_multiprocessing.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_socket.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_ssl.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\hashobjs_ext.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\pyexpat.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\pysqlite2._sqlite.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\python27.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\pythoncom27.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\PyWinTypes27.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\select.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\unicodedata.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32api.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32com.shell.shell.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32crypt.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32event.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32file.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32gui.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32inet.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32pdh.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32pipe.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32process.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32profile.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32security.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32ts.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\windows._lib_cacheinvalidation.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._animate.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._controls_.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._core_.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._gdi_.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._html2.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._misc_.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._windows_.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._wizard.pyd
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxbase294u_net_vc90.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxbase294u_vc90.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxmsw294u_adv_vc90.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxmsw294u_core_vc90.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxmsw294u_html_vc90.dll
    e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxmsw294u_webview_vc90.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-01-21 to 2015-02-21 )))))))))))))))))))))))))))))))
    .
    .
    2015-02-19 13:01 . 2015-02-19 13:01 -------- d-----w- e:\documents and settings\Max Joyner\Local Settings\Application Data\WMTools Downloaded Files
    2015-02-18 17:28 . 2008-07-09 17:33 306176 ----a-w- e:\windows\system32\drivers\rtl8187Se.sys
    2015-02-18 17:28 . 2008-07-09 17:33 306176 ----a-w- e:\windows\system\rtl8187Se.sys
    2015-02-18 17:26 . 2014-07-30 18:00 172032 ----a-w- e:\windows\system32\igfxres.dll
    2015-02-16 13:23 . 2015-02-20 01:01 -------- d-----w- E:\AdwCleaner
    2015-02-07 14:17 . 2015-02-07 14:17 -------- d--h--w- e:\windows\PIF
    2015-01-24 14:24 . 2009-06-10 15:49 24576 ----a-w- e:\windows\system32\drivers\ANDROIDUSB.sys
    2015-01-24 14:23 . 2015-01-24 14:23 -------- d-----w- e:\program files\Spirent Communications
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-21 00:11 . 2014-07-30 18:36 119512 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-21 00:02 . 2014-07-30 18:36 120024 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
    2015-02-20 23:34 . 2014-12-11 11:12 35064 ----a-w- e:\windows\system32\drivers\TrueSight.sys
    2015-02-16 12:58 . 2014-07-30 18:38 290304 ----a-w- e:\windows\system32\subinacl.exe
    2015-02-05 15:04 . 2014-09-12 12:49 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
    2015-02-05 15:04 . 2014-09-12 12:49 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-25 23:28 . 2014-07-30 18:16 787800 ----a-w- e:\windows\system32\drivers\aswsnx.sys
    2014-11-25 23:27 . 2014-07-30 18:16 423784 ----a-w- e:\windows\system32\drivers\aswsp.sys
    2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- e:\program files\AntiDust.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-17 00:33 723976 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
    "GoogleDriveSync"="e:\program files\Google\Drive\googledrivesync.exe" [2015-01-15 23308256]
    "GoogleChromeAutoLaunch_B1DDAB0696E4DF7F912F7BE99F479D2F"="e:\program files\Google\Chrome\Application\chrome.exe" [2015-02-17 843592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="e:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
    "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
    "RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
    "IgfxTray"="e:\windows\system32\igfxtray.exe" [2014-07-30 141848]
    "HotKeysCmds"="e:\windows\system32\hkcmd.exe" [2014-07-30 166424]
    "Persistence"="e:\windows\system32\igfxpers.exe" [2014-07-30 137752]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    e:\documents and settings\All Users\Start Menu\Programs\Startup\
    REALTEK RTL8187SE Wireless LAN Utility.lnk - e:\program files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe /H [2015-2-18 880640]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "e:\\Program Files\\REALTEK\\8187SE Wireless LAN Utility\\RtWLan.exe"=
    "e:\\Program Files\\BitComet\\BitComet.exe"=
    "e:\\Program Files\\Winamp\\winamp.exe"=
    "e:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "e:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= e:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "e:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
    "e:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
    "e:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
    "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
    "23460:TCP"= 23460:TCP:BitComet 23460 TCP
    "23460:UDP"= 23460:UDP:BitComet 23460 UDP
    "18552:TCP"= 18552:TCP:BitComet 18552 TCP
    "18552:UDP"= 18552:UDP:BitComet 18552 UDP
    .
    R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [30/07/2014 18:16 49944]
    R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [30/07/2014 18:16 206248]
    R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswsnx.sys [30/07/2014 18:16 787800]
    R1 aswSP;aswSP;e:\windows\system32\drivers\aswsp.sys [30/07/2014 18:16 423784]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [30/07/2014 18:49 243128]
    R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [30/07/2014 18:16 24184]
    R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [30/07/2014 18:16 70384]
    R2 HTCMonitorService;HTCMonitorService;e:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [27/06/2014 10:24 87368]
    R2 PassThru Service;Internet Pass-Through Service;e:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [17/10/2013 14:27 166912]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [19/06/2012 15:21 1646608]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\drivers\RtsUStor.sys [12/09/2014 12:37 216280]
    R3 ST50220;Sonix ST50220 USB Video Camera Driver;e:\windows\system32\drivers\ST50220.sys [12/09/2014 12:46 34224]
    S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [12/09/2014 12:40 1691480]
    S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\ANDROIDUSB.sys [24/01/2015 14:24 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [17/10/2013 14:27 21248]
    S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [29/09/2014 22:09 103424]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-02-20 04:33 1084744 ----a-w- e:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-02-21 e:\windows\Tasks\Adobe Flash Player Updater.job
    - e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13 15:04]
    .
    2015-02-21 e:\windows\Tasks\avast! Emergency Update.job
    - e:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17 00:33]
    .
    2015-02-21 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2014-09-07 22:10]
    .
    2015-02-21 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2014-09-07 22:10]
    .
    2015-02-21 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    - e:\windows\system32\xp_eos.exe [2014-07-30 01:59]
    .
    2015-02-08 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - e:\windows\system32\xp_eos.exe [2014-07-30 01:59]
    .
    2015-02-21 e:\windows\Tasks\WGASetup.job
    - e:\windows\system32\KB905474\wgasetup.exe [2014-07-30 21:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    IE: &D&ownload &with BitComet - e:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-02-21 13:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1832)
    e:\windows\system32\WININET.dll
    e:\program files\Google\Drive\googledrivesync32.dll
    e:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    e:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
    e:\windows\system32\ieframe.dll
    e:\windows\system32\webcheck.dll
    e:\windows\system32\WPDShServiceObj.dll
    e:\windows\system32\PortableDeviceTypes.dll
    e:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2015-02-21 13:47:48
    ComboFix-quarantined-files.txt 2015-02-21 13:47
    ComboFix2.txt 2015-02-20 00:49
    .
    Pre-Run: 57,774,182,400 bytes free
    Post-Run: 57,762,668,544 bytes free
    .
    - - End Of File - - 50DF9998143A280BA3BCA81D5DEE764D
    8F558EB6672622401DA993E1E865C861
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  8. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    # AdwCleaner v4.111 - Logfile created 21/02/2015 at 19:21:35
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : Max Joyner - MAX-0B83641C323
    # Running from : E:\Documents and Settings\Max Joyner\Desktop\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v40.0.2214.115

    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=en_GB&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^GB&apn_uid=066896f7-7f84-42b9-9d71-38c20eaa9881&apn_sauid=986A356C-EA00-4B6D-9D7A-2F64381222F8
    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=en_GB&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^GB&apn_uid=066896f7-7f84-42b9-9d71-38c20eaa9881&apn_sauid=986A356C-EA00-4B6D-9D7A-2F64381222F8
    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=58&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=hostels+in+lo&useHistory=0&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&UM=5&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3325290&octid=EB_ORIGINAL_CTID

    *************************

    AdwCleaner[R0].txt - [1779 bytes] - [16/02/2015 13:23:43]
    AdwCleaner[R1].txt - [899 bytes] - [16/02/2015 15:03:15]
    AdwCleaner[R2].txt - [1014 bytes] - [20/02/2015 00:55:01]
    AdwCleaner[R3].txt - [2788 bytes] - [21/02/2015 18:55:53]
    AdwCleaner[S0].txt - [1986 bytes] - [16/02/2015 13:29:35]
    AdwCleaner[S1].txt - [964 bytes] - [16/02/2015 15:27:11]
    AdwCleaner[S2].txt - [1081 bytes] - [20/02/2015 01:01:00]
    AdwCleaner[S3].txt - [2725 bytes] - [21/02/2015 19:21:35]

    ########## EOF - E:\AdwCleaner\AdwCleaner[S3].txt - [2784 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Microsoft Windows XP x86
    Ran by Max Joyner on 21/02/2015 at 19:26:19.10
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 21/02/2015 at 19:41:01.06
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-02-2015
    Ran by Max Joyner (administrator) on MAX-0B83641C323 on 21-02-2015 19:42:20
    Running from E:\Documents and Settings\Max Joyner\Desktop
    Loaded Profiles: Max Joyner (Available profiles: Max Joyner)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
    (Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE
    (Nero AG) E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    (Rosetta Stone Ltd.) E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    (Intel Corporation) E:\WINDOWS\system32\hkcmd.exe
    () E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    (Intel Corporation) E:\WINDOWS\system32\igfxpers.exe
    (Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe
    (Microsoft Corporation) E:\WINDOWS\system32\wscntfy.exe
    (Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
    HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Run: [GoogleDriveSync] => E:\Program Files\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Run: [GoogleChromeAutoLaunch_B1DDAB0696E4DF7F912F7BE99F479D2F] => E:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
    Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187SE Wireless LAN Utility.lnk
    ShortcutTarget: REALTEK RTL8187SE Wireless LAN Utility.lnk -> E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-01]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=", "hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=", "hxxp://www.msn.com/?pc=AV01", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=", "https://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?g...-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
    CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
    CHR Profile: E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-16]
    CHR Extension: (Google Docs) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
    CHR Extension: (Google Drive) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-16]
    CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-20]
    CHR Extension: (WOT) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-16]
    CHR Extension: (YouTube) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-16]
    CHR Extension: (Google Search) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-16]
    CHR Extension: (Google Sheets) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-16]
    CHR Extension: (Avast Online Security) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-16]
    CHR Extension: (Application Launcher for Drive (by Google)) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-19]
    CHR Extension: (Google Wallet) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-16]
    CHR Extension: (Gmail) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-16]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
    CHR HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
    R2 HTCMonitorService; E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
    R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 RosettaStoneDaemon; E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AegisP; E:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2014-07-30] (Meetinghouse Data Communications) [File not signed]
    S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
    R2 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-17] ()
    R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-17] (AVAST Software)
    R1 aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-17] (AVAST Software)
    R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-17] ()
    R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
    R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
    R1 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-17] (AVAST Software)
    R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-17] ()
    S3 CCDECODE; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-30] (Disc Soft Ltd)
    S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
    S3 NdisIP; E:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    S3 qcserxp; E:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
    S3 rtl8187Se; E:\WINDOWS\System32\DRIVERS\rtl8187Se.sys [306176 2008-07-09] (Realtek Semiconductor Corporation )
    R3 ST50220; E:\WINDOWS\System32\Drivers\ST50220.sys [34224 2008-11-03] (Sonix)
    S3 catchme; \??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-21 19:42 - 2015-02-21 19:42 - 00014320 _____ () E:\Documents and Settings\Max Joyner\Desktop\FRST.txt
    2015-02-21 19:41 - 2015-02-21 19:42 - 00000000 ____D () E:\FRST
    2015-02-21 19:41 - 2015-02-21 19:41 - 00000586 _____ () E:\Documents and Settings\Max Joyner\Desktop\JRT.txt
    2015-02-21 19:01 - 2015-02-21 19:00 - 01126400 _____ (Farbar) E:\Documents and Settings\Max Joyner\Desktop\FRST.exe
    2015-02-21 18:59 - 2015-02-21 18:58 - 01388274 _____ (Thisisu) E:\Documents and Settings\Max Joyner\Desktop\JRT.exe
    2015-02-21 18:58 - 2015-02-21 18:56 - 02126848 _____ () E:\Documents and Settings\Max Joyner\Desktop\adwcleaner_4.111.exe
    2015-02-21 13:47 - 2015-02-21 13:47 - 00019439 _____ () E:\ComboFix.txt
    2015-02-21 13:47 - 2015-02-21 13:47 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp
    2015-02-21 13:47 - 2015-02-21 13:47 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp
    2015-02-21 13:47 - 2015-02-21 13:47 - 00000000 ____D () E:\Documents and Settings\Administrator\Local Settings\temp
    2015-02-21 01:10 - 2015-02-21 01:09 - 05611903 ____R (Swearware) E:\Documents and Settings\Max Joyner\Desktop\ComboFix.exe
    2015-02-21 00:01 - 2015-02-21 00:45 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Desktop\mbar
    2015-02-20 23:36 - 2015-02-20 23:35 - 16502728 _____ (Malwarebytes Corp.) E:\Documents and Settings\Max Joyner\Desktop\mbar-1.09.1.1004.exe
    2015-02-20 23:34 - 2015-02-20 23:33 - 15533656 _____ () E:\Documents and Settings\Max Joyner\Desktop\RogueKiller.exe
    2015-02-19 23:56 - 2015-02-21 13:47 - 00000000 ____D () E:\Qoobox
    2015-02-19 23:56 - 2011-06-26 06:45 - 00256000 _____ () E:\WINDOWS\PEV.exe
    2015-02-19 23:56 - 2010-11-07 17:20 - 00208896 _____ () E:\WINDOWS\MBR.exe
    2015-02-19 23:56 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe
    2015-02-19 23:56 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe
    2015-02-19 23:56 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe
    2015-02-19 23:56 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe
    2015-02-19 23:56 - 2000-08-31 00:00 - 00098816 _____ () E:\WINDOWS\sed.exe
    2015-02-19 23:56 - 2000-08-31 00:00 - 00080412 _____ () E:\WINDOWS\grep.exe
    2015-02-19 23:56 - 2000-08-31 00:00 - 00068096 _____ () E:\WINDOWS\zip.exe
    2015-02-19 13:01 - 2015-02-19 13:01 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\WMTools Downloaded Files
    2015-02-18 17:37 - 2015-02-18 17:37 - 00001907 _____ () E:\Documents and Settings\All Users\Desktop\REALTEK RTL8187SE Wireless LAN Utility.lnk
    2015-02-18 17:37 - 2015-02-18 17:37 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\REALTEK RTL8187SE Wireless LAN Utility
    2015-02-18 17:28 - 2008-07-09 17:33 - 00306176 _____ (Realtek Semiconductor Corporation ) E:\WINDOWS\system32\Drivers\rtl8187Se.sys
    2015-02-18 17:28 - 2008-07-09 17:33 - 00306176 _____ (Realtek Semiconductor Corporation ) E:\WINDOWS\system\rtl8187Se.sys
    2015-02-18 17:26 - 2014-07-30 18:00 - 00172032 _____ (Intel Corporation) E:\WINDOWS\system32\igfxres.dll
    2015-02-16 13:48 - 2015-02-20 04:34 - 00001813 _____ () E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-02-16 13:48 - 2015-02-16 13:48 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    2015-02-16 13:23 - 2015-02-21 19:21 - 00000000 ____D () E:\AdwCleaner
    2015-02-12 16:53 - 2015-02-12 16:54 - 00009294 _____ () E:\WINDOWS\KB939683.log
    2015-02-12 16:53 - 2015-02-12 16:53 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB939683$
    2015-02-11 05:32 - 2015-02-12 16:54 - 00013209 _____ () E:\WINDOWS\iis6.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00012367 _____ () E:\WINDOWS\FaxSetup.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00005912 _____ () E:\WINDOWS\ocgen.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00005642 _____ () E:\WINDOWS\tsoc.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00004056 _____ () E:\WINDOWS\comsetup.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00003714 _____ () E:\WINDOWS\msmqinst.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00002460 _____ () E:\WINDOWS\ntdtcsetup.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00002166 _____ () E:\WINDOWS\netfxocm.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00001374 _____ () E:\WINDOWS\imsins.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00000850 _____ () E:\WINDOWS\MedCtrOC.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00000684 _____ () E:\WINDOWS\ocmsn.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00000622 _____ () E:\WINDOWS\tabletoc.log
    2015-02-11 05:32 - 2015-02-12 16:54 - 00000618 _____ () E:\WINDOWS\msgsocm.log
    2015-02-11 05:32 - 2015-02-11 05:32 - 00001374 _____ () E:\WINDOWS\imsins.BAK
    2015-02-11 05:31 - 2015-02-11 05:32 - 00004171 _____ () E:\WINDOWS\KB954154.log
    2015-02-11 05:31 - 2015-02-11 05:31 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB954154_WM11$
    2015-02-10 12:27 - 2015-02-10 12:27 - 00006446 _____ () E:\WINDOWS\KB2378111.log
    2015-02-10 12:09 - 2015-02-10 12:09 - 00006455 _____ () E:\WINDOWS\MSCompPackV1.log
    2015-02-10 12:09 - 2007-07-27 10:41 - 00016760 ____N (Microsoft Corporation) E:\WINDOWS\system32\spmsg.dll
    2015-02-10 12:08 - 2015-02-10 12:27 - 00002426 _____ () E:\WINDOWS\updspapi.log
    2015-02-10 12:08 - 2015-02-10 12:09 - 00019887 _____ () E:\WINDOWS\wmp11.log
    2015-02-10 12:07 - 2015-02-10 12:29 - 00015467 _____ () E:\WINDOWS\spupdsvc.log
    2015-02-10 12:06 - 2015-02-10 12:07 - 00024903 _____ () E:\WINDOWS\WMFDist11.log
    2015-02-10 12:06 - 2015-02-10 12:06 - 00001608 _____ () E:\WINDOWS\Wudf01000Inst.log
    2015-02-10 12:03 - 2015-02-10 12:03 - 00000000 ____H () E:\WINDOWS\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
    2015-02-08 15:19 - 2015-02-08 15:23 - 00009342 _____ () E:\Documents and Settings\Max Joyner\My Documents\costings.xlsx
    2015-02-07 14:17 - 2015-02-07 14:17 - 00000000 ___HD () E:\WINDOWS\PIF
    2015-02-06 13:36 - 2015-02-06 13:36 - 00000165 ____H () E:\Documents and Settings\Max Joyner\My Documents\~$Introduction to Equality in the Workplace.pptx
    2015-02-06 12:57 - 2015-02-18 22:17 - 00066883 _____ () E:\Documents and Settings\Max Joyner\My Documents\Introduction to Equality in the Workplace.pptx
    2015-01-24 14:24 - 2009-06-10 15:49 - 00024576 _____ (HTC, Corporation) E:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
    2015-01-24 14:23 - 2015-01-24 14:23 - 00000000 ____D () E:\Program Files\Spirent Communications

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-21 19:42 - 2014-09-30 21:18 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Temp
    2015-02-21 19:37 - 2014-07-30 13:11 - 01795443 _____ () E:\WINDOWS\WindowsUpdate.log
    2015-02-21 19:33 - 2014-09-07 22:10 - 00000886 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-21 19:28 - 2014-07-30 18:16 - 00000364 ____H () E:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-02-21 19:25 - 2014-10-05 18:58 - 00000000 ___RD () E:\Documents and Settings\Max Joyner\My Documents\Google Drive
    2015-02-21 19:25 - 2014-07-30 17:32 - 00000387 _____ () E:\WINDOWS\RTacDbg.txt
    2015-02-21 19:23 - 2014-12-14 13:58 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\HTC MediaHub
    2015-02-21 19:23 - 2014-09-07 22:10 - 00000882 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-21 19:23 - 2014-07-30 20:03 - 00000232 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-02-21 19:23 - 2014-07-30 19:43 - 00000268 _____ () E:\WINDOWS\Tasks\WGASetup.job
    2015-02-21 19:23 - 2014-07-30 14:01 - 00000159 _____ () E:\WINDOWS\wiadebug.log
    2015-02-21 19:23 - 2014-07-30 14:01 - 00000049 _____ () E:\WINDOWS\wiaservc.log
    2015-02-21 19:23 - 2014-07-30 13:21 - 00032480 _____ () E:\WINDOWS\SchedLgU.Txt
    2015-02-21 19:23 - 2014-07-30 13:21 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
    2015-02-21 19:23 - 2014-07-30 13:17 - 00000000 __SHD () E:\Documents and Settings\NetworkService
    2015-02-21 19:21 - 2014-07-30 13:22 - 00000178 ___SH () E:\Documents and Settings\Max Joyner\ntuser.ini
    2015-02-21 19:04 - 2014-12-13 23:35 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-02-21 13:44 - 2001-10-05 00:16 - 00000227 _____ () E:\WINDOWS\system.ini
    2015-02-21 12:38 - 2014-08-28 03:40 - 00459335 _____ () E:\WINDOWS\setupapi.log
    2015-02-21 12:36 - 2001-10-05 00:16 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl
    2015-02-21 00:44 - 2014-12-11 11:28 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2015-02-21 00:11 - 2014-07-30 18:36 - 00119512 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-02-21 00:02 - 2014-07-30 18:36 - 00120024 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-02-20 23:34 - 2014-12-11 11:12 - 00035064 _____ () E:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-02-20 12:52 - 2014-08-01 01:49 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Application Data\vlc
    2015-02-20 00:37 - 2014-12-12 01:06 - 00000000 ____D () E:\WINDOWS\erdnt
    2015-02-18 22:47 - 2014-07-30 20:17 - 00065536 _____ () E:\WINDOWS\system32\config\OAlerts.evt
    2015-02-18 22:42 - 2014-07-30 18:58 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Application Data\Winamp
    2015-02-18 22:02 - 2014-08-01 01:25 - 00000000 ____D () E:\Documents and Settings\Max Joyner\My Documents\Work
    2015-02-18 17:41 - 2014-07-30 20:15 - 00002501 _____ () E:\Documents and Settings\Max Joyner\Desktop\Microsoft Word 2010.lnk
    2015-02-18 17:36 - 2014-07-30 17:31 - 00000000 ____D () E:\WINDOWS\system32\REALTEK RTL8187SE Wireless LAN Driver and Utility
    2015-02-18 17:36 - 2014-07-30 17:31 - 00000000 ____D () E:\Program Files\REALTEK
    2015-02-18 17:28 - 2014-08-20 02:16 - 00000000 ____D () E:\Program Files\REALTEK RTL8187SE Wireless LAN Driver
    2015-02-18 17:28 - 2014-07-30 13:50 - 00000000 ____D () E:\WINDOWS\system
    2015-02-18 17:22 - 2014-07-30 20:26 - 00000000 ____D () E:\WINDOWS\system32\ReinstallBackups
    2015-02-17 23:55 - 2014-07-30 13:51 - 00018944 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-16 13:48 - 2014-07-30 17:45 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google
    2015-02-16 13:47 - 2014-07-30 17:45 - 00000000 ____D () E:\Program Files\Google
    2015-02-16 13:36 - 2014-07-30 13:22 - 00000803 _____ () E:\Documents and Settings\Max Joyner\Start Menu\Programs\Internet Explorer.lnk
    2015-02-16 13:12 - 2014-07-30 18:38 - 00000000 ____D () E:\Program Files\Adware-Removal-Tool
    2015-02-16 12:58 - 2014-07-30 18:38 - 00290304 _____ (Microsoft Corporation) E:\WINDOWS\system32\subinacl.exe
    2015-02-16 12:50 - 2014-07-30 18:52 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Application Data\BitComet
    2015-02-13 03:43 - 2014-12-06 00:01 - 00004120 _____ () E:\WINDOWS\wmsetup.log
    2015-02-12 03:13 - 2014-07-30 17:38 - 00000000 ____D () E:\WINDOWS\Microsoft.NET
    2015-02-11 14:01 - 2014-08-27 00:24 - 00000444 _____ () E:\WINDOWS\brwmark.ini
    2015-02-11 05:54 - 2014-07-30 19:25 - 00000000 ____D () E:\WINDOWS\system32\MRT
    2015-02-11 05:35 - 2014-07-30 19:25 - 113756392 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
    2015-02-11 05:34 - 2014-07-30 20:09 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Microsoft Help
    2015-02-10 12:13 - 2014-08-26 02:26 - 00023392 _____ () E:\WINDOWS\system32\nscompat.tlb
    2015-02-10 12:13 - 2014-08-26 02:26 - 00016832 _____ () E:\WINDOWS\system32\amcompat.tlb
    2015-02-10 12:12 - 2014-07-30 13:22 - 00000000 ____D () E:\Documents and Settings\Max Joyner
    2015-02-10 12:09 - 2014-08-26 02:10 - 00000000 ____D () E:\Program Files\Windows Media Connect 2
    2015-02-10 12:09 - 2014-07-30 13:22 - 00000788 _____ () E:\Documents and Settings\Max Joyner\Start Menu\Programs\Windows Media Player.lnk
    2015-02-10 12:08 - 2014-07-30 13:50 - 00000000 ____D () E:\WINDOWS\Help
    2015-02-10 12:03 - 2014-09-04 21:31 - 00003948 _____ () E:\WINDOWS\setupact.log
    2015-02-08 22:09 - 2014-09-29 22:09 - 00179204 _____ () E:\WINDOWS\DPINST.LOG
    2015-02-08 15:08 - 2014-07-30 20:15 - 00002459 _____ () E:\Documents and Settings\Max Joyner\Desktop\Microsoft Excel 2010.lnk
    2015-02-08 15:00 - 2014-07-30 20:03 - 00000226 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-02-05 15:04 - 2014-09-12 12:49 - 00701616 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
    2015-02-05 15:04 - 2014-09-12 12:49 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-01-28 21:26 - 2014-09-27 01:16 - 00000000 ____D () E:\Documents and Settings\Max Joyner\My Documents\Outlook Files
    2015-01-27 03:28 - 2014-10-05 18:56 - 00001767 _____ () E:\Documents and Settings\All Users\Desktop\Google Slides.lnk
    2015-01-27 03:28 - 2014-10-05 18:56 - 00001765 _____ () E:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
    2015-01-27 03:28 - 2014-10-05 18:56 - 00001755 _____ () E:\Documents and Settings\All Users\Desktop\Google Docs.lnk
    2015-01-27 03:28 - 2014-10-05 18:56 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
    2015-01-24 14:30 - 2014-12-14 13:57 - 00001768 _____ () E:\Documents and Settings\All Users\Desktop\HTC Sync Manager.lnk
    2015-01-24 14:24 - 2014-12-14 13:56 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\HTC
    2015-01-24 14:23 - 2014-09-29 22:10 - 00000000 ____D () E:\Program Files\HTC
    2015-01-24 14:20 - 2014-09-29 22:25 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Downloaded Installations
    2015-01-22 21:14 - 2014-07-30 13:11 - 00000000 __SHD () E:\Documents and Settings\All Users\DRM

    ==================== Files in the root of some directories =======

    2013-02-07 12:22 - 2013-02-07 12:22 - 0050330 _____ () E:\Program Files\AntiDust.exe
    2014-08-09 18:24 - 2014-09-18 23:08 - 0000154 _____ () E:\Documents and Settings\Max Joyner\Application Data\Rim.Desktop.Exception.log
    2014-08-09 18:22 - 2014-09-30 21:00 - 0001925 _____ () E:\Documents and Settings\Max Joyner\Application Data\Rim.Desktop.HttpServerSetup.log
    2014-08-09 18:24 - 2014-09-18 23:08 - 0000154 _____ () E:\Documents and Settings\Max Joyner\Application Data\Rim.DesktopHelper.Exception.log
    2014-07-30 13:51 - 2015-02-17 23:55 - 0018944 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    Some content of TEMP:
    ====================
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    E:\WINDOWS\explorer.exe => File is digitally signed
    E:\WINDOWS\system32\winlogon.exe => File is digitally signed
    E:\WINDOWS\system32\svchost.exe => File is digitally signed
    E:\WINDOWS\system32\services.exe => File is digitally signed
    E:\WINDOWS\system32\User32.dll => File is digitally signed
    E:\WINDOWS\system32\userinit.exe => File is digitally signed
    E:\WINDOWS\system32\rpcss.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================
     
  10. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-02-2015
    Ran by Max Joyner at 2015-02-21 19:43:53
    Running from E:\Documents and Settings\Max Joyner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Free YouTube to MP3 Converter version 3.12.35.514 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.17.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7116 - Realtek Semiconductor Corp.)
    REALTEK RTL8187SE Wireless LAN Driver (HKLM\...\{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}) (Version: Package:1.00.0035 Driver:5.9067.710.2008 - REALTEK Semiconductor Corp.)
    REALTEK RTL8187SE Wireless LAN Driver and Utility (HKLM\...\{4DA7C45A-BE9E-4538-B233-F829D59545D1}) (Version: Package:1.00.0065 Driver:5.9067.710.2008 UI:600.1552.716.2008 - REALTEK Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Rosetta Stone Ltd Services (HKLM\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
    Rosetta Stone TOTALe (HKLM\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    13-12-2014 23:38:41 Techspot Clean December 2014
    13-12-2014 23:38:41 System Checkpoint
    13-12-2014 23:38:42 Installed Sophos Virus Removal Tool.
    13-12-2014 23:38:48 End of disinfection
    13-12-2014 23:45:00 Revo Uninstaller's restore point - Cooking Quest
    13-12-2014 23:48:16 Revo Uninstaller's restore point - Amazing Finds 1.00
    13-12-2014 23:49:45 Revo Uninstaller's restore point - Righteous Kill
    13-12-2014 23:52:30 Revo Uninstaller's restore point - CCleaner, версия 4.14.4808
    13-12-2014 23:54:00 Revo Uninstaller's restore point - Herods Lost Tomb
    13-12-2014 23:57:49 Revo Uninstaller's restore point - Mystery Legends - Sleepy Hollow 1.00
    14-12-2014 00:06:32 Revo Uninstaller's restore point - Hidden Mysteries Buckingham Palace
    14-12-2014 00:09:32 Revo Uninstaller's restore point - Redrum Dead Diary
    14-12-2014 00:11:16 Revo Uninstaller's restore point - Sophos Virus Removal Tool
    14-12-2014 13:45:13 Revo Uninstaller's restore point - HTC Sync Manager
    14-12-2014 13:46:53 Removed HTC Sync Manager.
    14-12-2014 13:57:29 Installed HTC Sync Manager.
    14-12-2014 14:00:41 Unsigned driver install
    15-12-2014 23:12:24 System Checkpoint
    20-12-2014 16:54:11 System Checkpoint
    25-12-2014 12:29:17 System Checkpoint
    26-12-2014 12:50:34 System Checkpoint
    28-12-2014 19:36:43 System Checkpoint
    30-12-2014 11:01:58 System Checkpoint
    01-01-2015 14:24:38 System Checkpoint
    02-01-2015 20:26:50 System Checkpoint
    03-01-2015 22:04:57 System Checkpoint
    05-01-2015 11:13:15 System Checkpoint
    06-01-2015 11:47:20 System Checkpoint
    07-01-2015 12:04:40 System Checkpoint
    08-01-2015 12:59:38 System Checkpoint
    09-01-2015 13:57:12 System Checkpoint
    10-01-2015 14:39:33 System Checkpoint
    11-01-2015 15:32:11 System Checkpoint
    12-01-2015 15:58:23 System Checkpoint
    13-01-2015 16:58:23 System Checkpoint
    14-01-2015 19:33:35 Software Distribution Service 3.0
    14-01-2015 21:19:30 System Checkpoint
    15-01-2015 21:51:38 System Checkpoint
    17-01-2015 02:12:14 System Checkpoint
    18-01-2015 02:50:46 System Checkpoint
    19-01-2015 03:14:33 System Checkpoint
    20-01-2015 12:21:16 System Checkpoint
    21-01-2015 22:33:18 System Checkpoint
    23-01-2015 02:57:38 System Checkpoint
    24-01-2015 03:37:02 System Checkpoint
    25-01-2015 03:54:26 System Checkpoint
    27-01-2015 03:48:12 System Checkpoint
    28-01-2015 19:09:16 System Checkpoint
    31-01-2015 03:38:38 System Checkpoint
    01-02-2015 08:44:57 System Checkpoint
    01-02-2015 14:59:06 System Checkpoint
    02-02-2015 15:46:33 System Checkpoint
    03-02-2015 16:11:06 System Checkpoint
    04-02-2015 16:35:17 System Checkpoint
    05-02-2015 18:39:36 System Checkpoint
    06-02-2015 19:09:03 System Checkpoint
    07-02-2015 19:20:26 System Checkpoint
    08-02-2015 20:15:39 System Checkpoint
    09-02-2015 20:51:54 System Checkpoint
    10-02-2015 12:05:45 Software Distribution Service 3.0
    10-02-2015 12:26:51 Software Distribution Service 3.0
    11-02-2015 05:31:47 Software Distribution Service 3.0
    12-02-2015 03:00:24 Software Distribution Service 3.0
    12-02-2015 16:52:47 Software Distribution Service 3.0
    14-02-2015 03:33:58 System Checkpoint
    15-02-2015 18:00:30 System Checkpoint
    16-02-2015 13:36:25 Revo Uninstaller's restore point - Google Chrome
    17-02-2015 16:12:58 System Checkpoint
    18-02-2015 17:08:49 Revo Uninstaller's restore point - REALTEK RTL8187SE Wireless LAN Driver and Utility
    18-02-2015 17:28:23 Installed REALTEK RTL8187SE Wireless LAN Driver
    18-02-2015 17:36:40 Installed REALTEK RTL8187SE Wireless LAN Driver and Utility
    19-02-2015 14:07:21 mbam
    20-02-2015 15:19:01 System Checkpoint
    21-02-2015 00:00:42 Techspot Clean 2015

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-12-12 01:28 - 2015-02-21 13:08 - 00000027 ____A E:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: E:\WINDOWS\Tasks\avast! Emergency Update.job => E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
    Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe
    Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => E:\WINDOWS\system32\xp_eos.exe
    Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => E:\WINDOWS\system32\xp_eos.exe
    Task: E:\WINDOWS\Tasks\WGASetup.job => E:\WINDOWS\system32\KB905474\wgasetup.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-02-21 12:39 - 2015-02-21 12:39 - 02911744 _____ () E:\Program Files\AVAST Software\Avast\defs\15022100\algo.dll
    2014-07-30 18:15 - 2014-11-17 00:33 - 38562088 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
    2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () E:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
    2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () E:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () E:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () E:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () E:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
    2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () E:\Program Files\HTC\HTC Sync Manager\zlib1.dll
    2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () E:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
    2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-12-18 15:10 - 2014-12-18 15:10 - 00821600 _____ () E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () E:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () E:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1292428093-688789844-527237240-1003\Control Panel\Desktop\\Wallpaper -> E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1292428093-688789844-527237240-500 - Administrator - Enabled)
    Guest (S-1-5-21-1292428093-688789844-527237240-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1292428093-688789844-527237240-1000 - Limited - Disabled)
    Max Joyner (S-1-5-21-1292428093-688789844-527237240-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Max Joyner
    SUPPORT_388945a0 (S-1-5-21-1292428093-688789844-527237240-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name: 802.11b/g Mini Card Wireless Adapter #2
    Description: 802.11b/g Mini Card Wireless Adapter
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Realtek
    Service: rtl8187Se
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: USB Device
    Description: USB Device
    Class Guid: {7240100F-6512-4548-8418-9EBB5C6A1A94}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/21/2015 00:59:50 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

    Error: (02/21/2015 00:59:30 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

    Error: (02/06/2015 08:35:39 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 1710557830.

    Error: (02/06/2015 08:35:38 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 1718027023.

    Error: (02/06/2015 08:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application EXCEL.EXE, version 14.0.4734.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (02/06/2015 08:34:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application POWERPNT.EXE, version 14.0.4734.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (02/01/2015 08:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application chrome.exe, version 40.0.2214.93, faulting module , version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [chrome.exe!ws!]

    Error: (01/28/2015 09:25:57 PM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
    Description: EventType officelifeboathang, P1 outlook.exe, P2 14.0.4734.1000, P3 outlook.exe, P4 14.0.4734.1000, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

    Error: (01/28/2015 09:22:50 PM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
    Description: EventType officelifeboathang, P1 outlook.exe, P2 14.0.4734.1000, P3 outlook.exe, P4 14.0.4734.1000, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

    Error: (01/24/2015 02:30:15 PM) (Source: MsiInstaller) (EventID: 11500) (User: MAX-0B83641C323)
    Description: Product: HTC Sync Manager -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.


    System errors:
    =============
    Error: (02/21/2015 06:54:12 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.0.115 for the Network Card with network address 00030DA9BC11 has been
    denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

    Error: (02/21/2015 01:45:51 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.0.115 for the Network Card with network address 00030DA9BC11 has been
    denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

    Error: (02/21/2015 10:40:26 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for E:\Program Files\AVAST Software\Avast\AavmRpch.dll.
    Reference error message: The operation completed successfully.
    .

    Error: (02/21/2015 10:40:26 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
    Reference error message: Insufficient system resources exist to complete the requested service.
    .

    Error: (02/21/2015 09:06:19 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for E:\WINDOWS\system32\wuapi.dll.
    Reference error message: The operation completed successfully.
    .

    Error: (02/21/2015 09:06:19 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
    Reference error message: Insufficient system resources exist to complete the requested service.
    .

    Error: (02/21/2015 08:47:43 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The error:
    "%%0"
    Happened while starting this command:
    E:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

    Error: (02/21/2015 08:47:43 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The error:
    "%%1450"
    Happened while starting this command:
    E:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

    Error: (02/21/2015 08:17:05 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for E:\WINDOWS\system32\mlang.dll.
    Reference error message: The operation completed successfully.
    .

    Error: (02/21/2015 08:17:05 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
    Reference error message: Insufficient system resources exist to complete the requested service.
    .


    Microsoft Office Sessions:
    =========================
    Error: (02/21/2015 00:59:50 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

    Error: (02/21/2015 00:59:30 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

    Error: (02/06/2015 08:35:39 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 1710557830

    Error: (02/06/2015 08:35:38 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 1718027023

    Error: (02/06/2015 08:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: EXCEL.EXE14.0.4734.1000hungapp0.0.0.000000000

    Error: (02/06/2015 08:34:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: POWERPNT.EXE14.0.4734.1000hungapp0.0.0.000000000

    Error: (02/01/2015 08:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe40.0.2214.930.0.0.000000000

    Error: (01/28/2015 09:25:57 PM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
    Description: officelifeboathangoutlook.exe14.0.4734.1000outlook.exe14.0.4734.1000NILNILNILNILNILNIL

    Error: (01/28/2015 09:22:50 PM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
    Description: officelifeboathangoutlook.exe14.0.4734.1000outlook.exe14.0.4734.1000NILNILNILNILNILNIL

    Error: (01/24/2015 02:30:15 PM) (Source: MsiInstaller) (EventID: 11500) (User: MAX-0B83641C323)
    Description: Product: HTC Sync Manager -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)


    ==================== Memory info ===========================

    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    Percentage of memory in use: 39%
    Total physical RAM: 1015.17 MB
    Available physical RAM: 609.25 MB
    Total Pagefile: 2442.1 MB
    Available Pagefile: 2140.93 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1939.3 MB

    ==================== Drives ================================

    Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (Movie Drive and Back up) (Fixed) (Total:931.51 GB) (Free:215.63 GB) NTFS
    Drive e: () (Fixed) (Total:148.95 GB) (Free:53.77 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 6E331D41)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-02-2015
    Ran by Max Joyner at 2015-02-22 00:22:55 Run:1
    Running from E:\Documents and Settings\Max Joyner\Desktop
    Loaded Profiles: Max Joyner (Available profiles: Max Joyner)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=", "hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=", "hxxp://www.msn.com/?pc=AV01", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=", "https://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?g...-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
    CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
    S3 catchme; \??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\catchme.sys [X]
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll

    *****************

    "HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => Key deleted successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    Chrome DefaultSearchURL deleted successfully.
    Chrome DefaultSuggestURL deleted successfully.
    catchme => Service deleted successfully.
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe => Moved successfully.
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll => Moved successfully.

    ==== End of Fixlog 00:22:56 ====
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  14. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    When I try to run the security check a message comes up saying "unsupported operating system! aborted!"
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Reading my replies carefully pays off...

     
  16. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Sorry about that - Here are the results of the scans

    Results of screen317's Security Check version 0.99.96
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader XI
    Google Chrome (40.0.2214.111)
    Google Chrome (40.0.2214.115)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive E:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 17-01-2015
    Ran by Max Joyner (administrator) on 22-02-2015 at 00:53:28
    Running from "E:\Documents and Settings\Max Joyner\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    E:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    E:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    E:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    E:\WINDOWS\system32\netman.dll => File is digitally signed
    E:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    E:\WINDOWS\system32\srsvc.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    E:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    E:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    E:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    E:\WINDOWS\system32\qmgr.dll => File is digitally signed
    E:\WINDOWS\system32\es.dll => File is digitally signed
    E:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    E:\WINDOWS\system32\svchost.exe => File is digitally signed
    E:\WINDOWS\system32\rpcss.dll => File is digitally signed
    E:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    AegisP(8) aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
    IpSec Tag value is correct.

    **** End of log ****

    2015-02-22 01:04:18.765 Sophos Virus Removal Tool version 2.5.4
    2015-02-22 01:04:18.765 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-02-22 01:04:18.765 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-02-22 01:04:18.765 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2015-02-22 01:04:18.765 Checking for updates...
    2015-02-22 01:04:19.375 Update progress: proxy server not available
    2015-02-22 01:05:06.875 Option all = no
    2015-02-22 01:05:06.875 Option recurse = yes
    2015-02-22 01:05:06.875 Option archive = no
    2015-02-22 01:05:06.875 Option service = yes
    2015-02-22 01:05:06.875 Option confirm = yes
    2015-02-22 01:05:06.875 Option sxl = yes
    2015-02-22 01:05:06.890 Option max-data-age = 35
    2015-02-22 01:05:06.890 Option EnableSafeClean = yes
    2015-02-22 01:05:07.265 Option vdl-logging = yes
    2015-02-22 01:05:07.312 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-22 01:05:07.312 Machine ID: dd11bbe1d8d9471b843ff4b2b7b003b7
    2015-02-22 01:05:07.640 Component SVRTcli.exe version 2.5.4
    2015-02-22 01:05:07.640 Component control.dll version 2.5.4
    2015-02-22 01:05:07.640 Component SVRTservice.exe version 2.5.4
    2015-02-22 01:05:07.640 Component engine\osdp.dll version 1.44.1.2183
    2015-02-22 01:05:07.640 Component engine\veex.dll version 3.58.3.2183
    2015-02-22 01:05:07.640 Component engine\savi.dll version 8.1.5.2183
    2015-02-22 01:05:07.796 Component rkdisk.dll version 1.5.30.0
    2015-02-22 01:05:07.796 Version info: Product version 2.5.4
    2015-02-22 01:05:07.796 Version info: Detection engine 3.58.3
    2015-02-22 01:05:07.796 Version info: Detection data 5.11
    2015-02-22 01:05:07.796 Version info: Build date 2/3/2015
    2015-02-22 01:05:07.796 Version info: Data files added 274
    2015-02-22 01:05:07.796 Version info: Last successful update (not yet updated)
    2015-02-22 01:05:10.937 Downloading updates...
    2015-02-22 01:05:10.937 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-02-22 01:05:10.937 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-02-22 01:05:10.937 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-02-22 01:05:10.937 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-02-22 01:05:10.937 Update progress: [I49502] Found supplement IDE514 LATEST
    2015-02-22 01:05:10.937 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-02-22 01:05:10.937 Update progress: [I19463] Syncing product SAVIW32 51
    2015-02-22 01:08:11.484 Update progress: [E59264] Cannot locate server for http://d1.sophosupd.com/update/5b8087a2207e3a098627e6ba53facc0fx000.dat
    2015-02-22 01:08:11.484 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-02-22 01:08:11.484 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-02-22 01:08:11.484 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-02-22 01:08:11.484 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-02-22 01:08:11.484 Update progress: [I49502] Found supplement IDE514 LATEST
    2015-02-22 01:08:11.484 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-02-22 01:08:11.484 Update progress: [I19463] Syncing product SAVIW32 51
    2015-02-22 01:11:30.843 Update progress: [I19463] Syncing product IDE512 166
    2015-02-22 01:11:30.843 Update progress: [E83521] Cannot create stream d484380cba2e5213298458f392c2beccx000.xml
    2015-02-22 01:11:30.843 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-02-22 01:11:30.843 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-02-22 01:11:30.843 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-02-22 01:11:30.843 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-02-22 01:11:30.843 Update progress: [I49502] Found supplement IDE514 LATEST
    2015-02-22 01:11:30.843 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-02-22 01:11:30.843 Update progress: [I19463] Syncing product SAVIW32 51
    2015-02-22 01:11:30.843 Update progress: [I19463] Syncing product IDE512 166
    2015-02-22 01:11:32.906 Installing updates...
    2015-02-22 01:11:34.937 Error level 1
    2015-02-22 01:11:35.093 Update progress: [I19463] Syncing product IDE513 112
    2015-02-22 01:11:35.093 Update progress: [I19463] Syncing product IDE514 1
    2015-02-22 01:12:07.953 Update successful
    2015-02-22 01:12:36.390 Option all = no
    2015-02-22 01:12:36.390 Option recurse = yes
    2015-02-22 01:12:36.390 Option archive = no
    2015-02-22 01:12:36.390 Option service = yes
    2015-02-22 01:12:36.390 Option confirm = yes
    2015-02-22 01:12:36.390 Option sxl = yes
    2015-02-22 01:12:36.406 Option max-data-age = 35
    2015-02-22 01:12:36.406 Option EnableSafeClean = yes
    2015-02-22 01:12:36.625 Option vdl-logging = yes
    2015-02-22 01:12:36.625 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-22 01:12:36.625 Machine ID: dd11bbe1d8d9471b843ff4b2b7b003b7
    2015-02-22 01:12:36.640 Component SVRTcli.exe version 2.5.4
    2015-02-22 01:12:36.640 Component control.dll version 2.5.4
    2015-02-22 01:12:36.640 Component SVRTservice.exe version 2.5.4
    2015-02-22 01:12:36.640 Component engine\osdp.dll version 1.44.1.2183
    2015-02-22 01:12:36.640 Component engine\veex.dll version 3.58.3.2183
    2015-02-22 01:12:36.640 Component engine\savi.dll version 8.1.5.2183
    2015-02-22 01:12:36.640 Component rkdisk.dll version 1.5.30.0
    2015-02-22 01:12:36.640 Version info: Product version 2.5.4
    2015-02-22 01:12:36.640 Version info: Detection engine 3.58.3
    2015-02-22 01:12:36.640 Version info: Detection data 5.11G
    2015-02-22 01:12:36.640 Version info: Build date 2/3/2015
    2015-02-22 01:12:36.640 Version info: Data files added 274
    2015-02-22 01:12:36.640 Version info: Last successful update 2/22/2015 1:12:07 AM

    2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file D:\RECYCLER\S-1-5-21-1078081533-1659004503-725345543-1003\Dj9.exe
    2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
    2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
    2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
    2015-02-22 02:06:30.531 >>> Virus 'Mal/Generic-S' found in file D:\System Volume Information\_restore{B81F6247-434C-476B-8225-12BF0A59DD68}\RP232\A0079689.exe
    2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
    2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
    2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
    2015-02-22 02:19:19.828 >>> Virus 'Mal/Generic-S' found in file E:\Documents and Settings\Max Joyner\Desktop\adwcleaner_4.111.exe
    2015-02-22 02:19:19.953 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
    2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
    2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
    2015-02-22 02:19:46.656 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-02-22 02:19:46.718 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-02-22 02:19:47.234 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-02-22 02:19:48.171 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-02-22 02:19:56.562 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Drive\lockfile (virus scan failed)
    2015-02-22 02:19:56.796 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Drive\user_default\lockfile (virus scan failed)
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file E:\System Volume Information\_restore{B81F6247-434C-476B-8225-12BF0A59DD68}\RP161\A0057321.exe
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file E:\System Volume Information\_restore{B81F6247-434C-476B-8225-12BF0A59DD68}\RP161\A0057321.exe
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file E:\System Volume Information\_restore{B81F6247-434C-476B-8225-12BF0A59DD68}\RP161\A0057321.exe
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
    2015-02-22 03:04:06.968 The following items will be cleaned up:
    2015-02-22 03:04:06.968 Mal/Generic-S
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...