Solved Infected browsers - no internet connection

M

morphy201180

Posts: 79   +0
Hi,
I hope you can help.
I recently updated my chrome browser and ended up with trovi search engine and numerous tabs opening with search conduit home page. It has impossible to get rid of. I am now unable to connect to the internet as my service provider has blocked access due to infected browser.

I'm not sure if the problem is related but since the trouble with the browser I am getting error messages saying that my laptop is low on system memory which I never had before.

My Avast anti virus hasn't detected anything neither has malwarebytes. Please see logs below:-

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/02/2015
Scan Time: 14:07:58
Logfile: mbam log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.20.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Max Joyner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335396
Time Elapsed: 20 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Max Joyner at 14:40:25 on 2015-02-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.392 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
E:\Program Files\AVAST Software\Avast\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\AVAST Software\Avast\AvastUI.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\wbem\unsecapp.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\igfxsrvc.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Google\Drive\googledrivesync.exe
E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe
E:\Program Files\Google\Drive\googledrivesync.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\notepad.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\svchost.exe -k DcomLaunch
E:\WINDOWS\system32\svchost.exe -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - e:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - e:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [GoogleDriveSync] "e:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_B1DDAB0696E4DF7F912F7BE99F479D2F] "e:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [AvastUI.exe] "e:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [Persistence] e:\windows\system32\igfxpers.exe
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - e:\program files\realtek\8187se wireless lan utility\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &D&ownload &with BitComet - e:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - e:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - e:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - e:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{57FBBE6F-4CCC-4FA9-85D9-9E6E9AAF98FE} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FEC4CE48-E0A9-4DDA-BC74-64DA40C950E7} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - e:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - e:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "e:\program files\google\chrome\application\40.0.2214.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [2014-7-30 49944]
R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [2014-7-30 206248]
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswsnx.sys [2014-7-30 787800]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswsp.sys [2014-7-30 423784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [2014-7-30 243128]
R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [2014-7-30 24184]
R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2014-7-30 70384]
R2 avast! Antivirus;avast! Antivirus;e:\program files\avast software\avast\AvastSvc.exe [2014-7-30 50344]
R2 HTCMonitorService;HTCMonitorService;e:\program files\htc\htc sync manager\HSMServiceEntry.exe [2014-6-27 87368]
R2 PassThru Service;Internet Pass-Through Service;e:\program files\htc\internet pass-through\PassThruSvr.exe [2013-10-17 166912]
R2 RosettaStoneDaemon;RosettaStoneDaemon;e:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\drivers\RtsUStor.sys [2014-9-12 216280]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;e:\windows\system32\drivers\ST50220.sys [2014-9-12 34224]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2014-9-12 1691480]
S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\ANDROIDUSB.sys [2015-1-24 24576]
S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [2013-10-17 21248]
S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [2014-9-29 103424]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="e:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2015-02-19 23:56:49 98816 ----a-w- e:\windows\sed.exe
2015-02-19 23:56:49 256000 ----a-w- e:\windows\PEV.exe
2015-02-19 23:56:49 208896 ----a-w- e:\windows\MBR.exe
2015-02-19 13:01:19 -------- d-----w- e:\documents and settings\max joyner\local settings\application data\WMTools Downloaded Files
2015-02-18 17:28:35 306176 ----a-w- e:\windows\system32\drivers\rtl8187Se.sys
2015-02-18 17:28:34 306176 ----a-w- e:\windows\system\rtl8187Se.sys
2015-02-18 17:26:22 172032 ----a-w- e:\windows\system32\igfxres.dll
2015-02-16 13:23:38 -------- d-----w- E:\AdwCleaner
2015-02-07 14:17:30 -------- d--h--w- e:\windows\PIF
2015-01-24 14:24:22 24576 ----a-w- e:\windows\system32\drivers\ANDROIDUSB.sys
2015-01-24 14:23:58 -------- d-----w- e:\program files\Spirent Communications
.
==================== Find3M ====================
.
2015-02-20 14:07:48 114904 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-19 13:49:58 35064 ----a-w- e:\windows\system32\drivers\TrueSight.sys
2015-02-19 13:47:56 108632 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
2015-02-16 12:58:48 290304 ----a-w- e:\windows\system32\subinacl.exe
2015-02-05 15:04:34 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2015-02-05 15:04:33 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 23:28:15 787800 ----a-w- e:\windows\system32\drivers\aswsnx.sys
2013-02-07 12:22:00 50330 ----a-w- e:\program files\AntiDust.exe
.
============= FINISH: 14:41:52.45 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30/07/2014 14:16:31
System Uptime: 20/02/2015 01:01:51 (13 hours ago)
.
Motherboard: DIXONSXP | | DIXONSXP
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 0 GiB total, 0.026 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 215.666 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 54.098 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {7240100F-6512-4548-8418-9EBB5C6A1A94}
Description: USB Device
Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
Service:
.
==== System Restore Points ===================
.
RP159: 13/12/2014 23:38:41 - Techspot Clean December 2014
RP160: 13/12/2014 23:38:41 - System Checkpoint
RP161: 13/12/2014 23:38:42 - Installed Sophos Virus Removal Tool.
RP162: 13/12/2014 23:38:48 - End of disinfection
RP163: 13/12/2014 23:45:00 - Revo Uninstaller's restore point - Cooking Quest
RP164: 13/12/2014 23:48:16 - Revo Uninstaller's restore point - Amazing Finds 1.00
RP165: 13/12/2014 23:49:45 - Revo Uninstaller's restore point - Righteous Kill
RP167: 13/12/2014 23:54:00 - Revo Uninstaller's restore point - Herods Lost Tomb
RP168: 13/12/2014 23:57:49 - Revo Uninstaller's restore point - Mystery Legends - Sleepy Hollow 1.00
RP169: 14/12/2014 00:06:32 - Revo Uninstaller's restore point - Hidden Mysteries Buckingham Palace
RP170: 14/12/2014 00:09:32 - Revo Uninstaller's restore point - Redrum Dead Diary
RP171: 14/12/2014 00:11:16 - Revo Uninstaller's restore point - Sophos Virus Removal Tool
RP172: 14/12/2014 13:45:13 - Revo Uninstaller's restore point - HTC Sync Manager
RP173: 14/12/2014 13:46:53 - Removed HTC Sync Manager.
RP174: 14/12/2014 13:57:29 - Installed HTC Sync Manager.
RP175: 14/12/2014 14:00:41 - Unsigned driver install
RP176: 15/12/2014 23:12:24 - System Checkpoint
RP177: 20/12/2014 16:54:11 - System Checkpoint
RP178: 25/12/2014 12:29:17 - System Checkpoint
RP179: 26/12/2014 12:50:34 - System Checkpoint
RP180: 28/12/2014 19:36:43 - System Checkpoint
RP181: 30/12/2014 11:01:58 - System Checkpoint
RP182: 01/01/2015 14:24:38 - System Checkpoint
RP183: 02/01/2015 20:26:50 - System Checkpoint
RP184: 03/01/2015 22:04:57 - System Checkpoint
RP185: 05/01/2015 11:13:15 - System Checkpoint
RP186: 06/01/2015 11:47:20 - System Checkpoint
RP187: 07/01/2015 12:04:40 - System Checkpoint
RP188: 08/01/2015 12:59:38 - System Checkpoint
RP189: 09/01/2015 13:57:12 - System Checkpoint
RP190: 10/01/2015 14:39:33 - System Checkpoint
RP191: 11/01/2015 15:32:11 - System Checkpoint
RP192: 12/01/2015 15:58:23 - System Checkpoint
RP193: 13/01/2015 16:58:23 - System Checkpoint
RP194: 14/01/2015 19:33:35 - Software Distribution Service 3.0
RP195: 14/01/2015 21:19:30 - System Checkpoint
RP196: 15/01/2015 21:51:38 - System Checkpoint
RP197: 17/01/2015 02:12:14 - System Checkpoint
RP198: 18/01/2015 02:50:46 - System Checkpoint
RP199: 19/01/2015 03:14:33 - System Checkpoint
RP200: 20/01/2015 12:21:16 - System Checkpoint
RP201: 21/01/2015 22:33:18 - System Checkpoint
RP202: 23/01/2015 02:57:38 - System Checkpoint
RP203: 24/01/2015 03:37:02 - System Checkpoint
RP204: 25/01/2015 03:54:26 - System Checkpoint
RP205: 27/01/2015 03:48:12 - System Checkpoint
RP206: 28/01/2015 19:09:16 - System Checkpoint
RP207: 31/01/2015 03:38:38 - System Checkpoint
RP208: 01/02/2015 08:44:57 - System Checkpoint
RP209: 01/02/2015 14:59:06 - System Checkpoint
RP210: 02/02/2015 15:46:33 - System Checkpoint
RP211: 03/02/2015 16:11:06 - System Checkpoint
RP212: 04/02/2015 16:35:17 - System Checkpoint
RP213: 05/02/2015 18:39:36 - System Checkpoint
RP214: 06/02/2015 19:09:03 - System Checkpoint
RP215: 07/02/2015 19:20:26 - System Checkpoint
RP216: 08/02/2015 20:15:39 - System Checkpoint
RP217: 09/02/2015 20:51:54 - System Checkpoint
RP218: 10/02/2015 12:05:45 - Software Distribution Service 3.0
RP219: 10/02/2015 12:26:51 - Software Distribution Service 3.0
RP220: 11/02/2015 05:31:47 - Software Distribution Service 3.0
RP221: 12/02/2015 03:00:24 - Software Distribution Service 3.0
RP222: 12/02/2015 16:52:47 - Software Distribution Service 3.0
RP223: 14/02/2015 03:33:58 - System Checkpoint
RP224: 15/02/2015 18:00:30 - System Checkpoint
RP225: 16/02/2015 13:36:25 - Revo Uninstaller's restore point - Google Chrome
RP226: 17/02/2015 16:12:58 - System Checkpoint
RP227: 18/02/2015 17:08:49 - Revo Uninstaller's restore point - REALTEK RTL8187SE Wireless LAN Driver and Utility
RP228: 18/02/2015 17:28:23 - Installed REALTEK RTL8187SE Wireless LAN Driver
RP229: 18/02/2015 17:36:40 - Installed REALTEK RTL8187SE Wireless LAN Driver and Utility
RP230: 19/02/2015 14:07:21 - mbam
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.08)
Avast Free Antivirus
BitComet 1.37
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Free YouTube to MP3 Converter version 3.12.35.514
Google Chrome
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================

redtarget.gif
Attach.txt log from DDS is incomplete.
Post complete log.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
Here is the full DDS log. Will post the other logs shortly.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30/07/2014 14:16:31
System Uptime: 20/02/2015 01:01:51 (13 hours ago)
.
Motherboard: DIXONSXP | | DIXONSXP
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 0 GiB total, 0.026 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 215.666 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 54.098 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {7240100F-6512-4548-8418-9EBB5C6A1A94}
Description: USB Device
Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
Service:
.
==== System Restore Points ===================
.
RP159: 13/12/2014 23:38:41 - Techspot Clean December 2014
RP160: 13/12/2014 23:38:41 - System Checkpoint
RP161: 13/12/2014 23:38:42 - Installed Sophos Virus Removal Tool.
RP162: 13/12/2014 23:38:48 - End of disinfection
RP163: 13/12/2014 23:45:00 - Revo Uninstaller's restore point - Cooking Quest
RP164: 13/12/2014 23:48:16 - Revo Uninstaller's restore point - Amazing Finds 1.00
RP165: 13/12/2014 23:49:45 - Revo Uninstaller's restore point - Righteous Kill
RP167: 13/12/2014 23:54:00 - Revo Uninstaller's restore point - Herods Lost Tomb
RP168: 13/12/2014 23:57:49 - Revo Uninstaller's restore point - Mystery Legends - Sleepy Hollow 1.00
RP169: 14/12/2014 00:06:32 - Revo Uninstaller's restore point - Hidden Mysteries Buckingham Palace
RP170: 14/12/2014 00:09:32 - Revo Uninstaller's restore point - Redrum Dead Diary
RP171: 14/12/2014 00:11:16 - Revo Uninstaller's restore point - Sophos Virus Removal Tool
RP172: 14/12/2014 13:45:13 - Revo Uninstaller's restore point - HTC Sync Manager
RP173: 14/12/2014 13:46:53 - Removed HTC Sync Manager.
RP174: 14/12/2014 13:57:29 - Installed HTC Sync Manager.
RP175: 14/12/2014 14:00:41 - Unsigned driver install
RP176: 15/12/2014 23:12:24 - System Checkpoint
RP177: 20/12/2014 16:54:11 - System Checkpoint
RP178: 25/12/2014 12:29:17 - System Checkpoint
RP179: 26/12/2014 12:50:34 - System Checkpoint
RP180: 28/12/2014 19:36:43 - System Checkpoint
RP181: 30/12/2014 11:01:58 - System Checkpoint
RP182: 01/01/2015 14:24:38 - System Checkpoint
RP183: 02/01/2015 20:26:50 - System Checkpoint
RP184: 03/01/2015 22:04:57 - System Checkpoint
RP185: 05/01/2015 11:13:15 - System Checkpoint
RP186: 06/01/2015 11:47:20 - System Checkpoint
RP187: 07/01/2015 12:04:40 - System Checkpoint
RP188: 08/01/2015 12:59:38 - System Checkpoint
RP189: 09/01/2015 13:57:12 - System Checkpoint
RP190: 10/01/2015 14:39:33 - System Checkpoint
RP191: 11/01/2015 15:32:11 - System Checkpoint
RP192: 12/01/2015 15:58:23 - System Checkpoint
RP193: 13/01/2015 16:58:23 - System Checkpoint
RP194: 14/01/2015 19:33:35 - Software Distribution Service 3.0
RP195: 14/01/2015 21:19:30 - System Checkpoint
RP196: 15/01/2015 21:51:38 - System Checkpoint
RP197: 17/01/2015 02:12:14 - System Checkpoint
RP198: 18/01/2015 02:50:46 - System Checkpoint
RP199: 19/01/2015 03:14:33 - System Checkpoint
RP200: 20/01/2015 12:21:16 - System Checkpoint
RP201: 21/01/2015 22:33:18 - System Checkpoint
RP202: 23/01/2015 02:57:38 - System Checkpoint
RP203: 24/01/2015 03:37:02 - System Checkpoint
RP204: 25/01/2015 03:54:26 - System Checkpoint
RP205: 27/01/2015 03:48:12 - System Checkpoint
RP206: 28/01/2015 19:09:16 - System Checkpoint
RP207: 31/01/2015 03:38:38 - System Checkpoint
RP208: 01/02/2015 08:44:57 - System Checkpoint
RP209: 01/02/2015 14:59:06 - System Checkpoint
RP210: 02/02/2015 15:46:33 - System Checkpoint
RP211: 03/02/2015 16:11:06 - System Checkpoint
RP212: 04/02/2015 16:35:17 - System Checkpoint
RP213: 05/02/2015 18:39:36 - System Checkpoint
RP214: 06/02/2015 19:09:03 - System Checkpoint
RP215: 07/02/2015 19:20:26 - System Checkpoint
RP216: 08/02/2015 20:15:39 - System Checkpoint
RP217: 09/02/2015 20:51:54 - System Checkpoint
RP218: 10/02/2015 12:05:45 - Software Distribution Service 3.0
RP219: 10/02/2015 12:26:51 - Software Distribution Service 3.0
RP220: 11/02/2015 05:31:47 - Software Distribution Service 3.0
RP221: 12/02/2015 03:00:24 - Software Distribution Service 3.0
RP222: 12/02/2015 16:52:47 - Software Distribution Service 3.0
RP223: 14/02/2015 03:33:58 - System Checkpoint
RP224: 15/02/2015 18:00:30 - System Checkpoint
RP225: 16/02/2015 13:36:25 - Revo Uninstaller's restore point - Google Chrome
RP226: 17/02/2015 16:12:58 - System Checkpoint
RP227: 18/02/2015 17:08:49 - Revo Uninstaller's restore point - REALTEK RTL8187SE Wireless LAN Driver and Utility
RP228: 18/02/2015 17:28:23 - Installed REALTEK RTL8187SE Wireless LAN Driver
RP229: 18/02/2015 17:36:40 - Installed REALTEK RTL8187SE Wireless LAN Driver and Utility
RP230: 19/02/2015 14:07:21 - mbam
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.08)
Avast Free Antivirus
BitComet 1.37
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Free YouTube to MP3 Converter version 3.12.35.514
Google Chrome
Google Drive
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
HTC Driver Installer
HTC Sync Manager
Intel(R) Graphics Media Accelerator Driver
IPTInstaller
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK RTL8187SE Wireless LAN Driver
REALTEK RTL8187SE Wireless LAN Driver and Utility
Revo Uninstaller 1.95
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2909212)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB2936068)
Security Update for Windows XP (KB2964358)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VLC media player
WebFldrs XP
Winamp
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 5.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
20/02/2015 10:59:44, error: Dhcp [1002] - The IP address lease 192.168.0.128 for the Network Card with network address 001D92CBEF24 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
20/02/2015 00:19:14, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
16/02/2015 13:30:12, error: Service Control Manager [7034] - The RosettaStoneDaemon service terminated unexpectedly. It has done this 1 time(s).
16/02/2015 13:30:12, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
16/02/2015 13:30:12, error: Service Control Manager [7034] - The HTCMonitorService service terminated unexpectedly. It has done this 1 time(s).
16/02/2015 13:30:12, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
16/02/2015 13:30:12, error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
When I tried to update mbar it said host failed but I ran the scan anyway and here are the logs

RogueKiller V10.4.1.0 [Feb 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Max Joyner [Administrator]
Mode : Delete -- Date : 02/20/2015 23:56:30

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\mbr.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\mbr.sys) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[E:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 6 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d5f0 (jmp 0xfc9d1f4)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d4d0 (jmp 0xfc9d2d8)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d5f0 (jmp 0xfc1d1f4)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d4d0 (jmp 0xfc1d2d8)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d5f0 (jmp 0xf86d1f4)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : E:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x1000d4d0 (jmp 0xf86d2d8)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] d9dca90451c08de74a04fb367c5ce6ff
[BSP] e86d9534e2e6ffb61c396ab3ddba0d2a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST310005 20AS USB Device +++++
--- User ---
[MBR] 7435b395373533bcd39085cd12602a0e
[BSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_02192015_140612.log - RKreport_DEL_12112014_112347.log - RKreport_SCN_02192015_135904.log - RKreport_SCN_12112014_111912.log
RKreport_SCN_02202015_235535.log



Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Max Joyner :: MAX-0B83641C323 [administrator]

21/02/2015 00:13:05
mbar-log-2015-02-21 (00-13-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 314370
Time elapsed: 33 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Please see combo fix log below -

ComboFix 15-02-16.01 - Max Joyner 21/02/2015 13:26:15.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.569 [GMT 0:00]
Running from: e:\documents and settings\Max Joyner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_ctypes.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_elementtree.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_hashlib.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_multiprocessing.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_socket.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\_ssl.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\hashobjs_ext.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\pyexpat.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\pysqlite2._sqlite.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\python27.dll
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\pythoncom27.dll
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\PyWinTypes27.dll
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\select.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\unicodedata.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32api.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32com.shell.shell.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32crypt.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32event.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32file.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32gui.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32inet.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32pdh.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32pipe.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32process.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32profile.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32security.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\win32ts.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\windows._lib_cacheinvalidation.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._animate.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._controls_.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._core_.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._gdi_.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._html2.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._misc_.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._windows_.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wx._wizard.pyd
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxbase294u_net_vc90.dll
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxbase294u_vc90.dll
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxmsw294u_adv_vc90.dll
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxmsw294u_core_vc90.dll
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxmsw294u_html_vc90.dll
e:\docume~1\MAXJOY~1\LOCALS~1\Temp\_MEI29402\wxmsw294u_webview_vc90.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_ctypes.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_elementtree.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_hashlib.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_multiprocessing.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_socket.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\_ssl.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\hashobjs_ext.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\pyexpat.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\pysqlite2._sqlite.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\python27.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\pythoncom27.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\PyWinTypes27.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\select.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\unicodedata.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32api.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32com.shell.shell.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32crypt.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32event.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32file.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32gui.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32inet.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32pdh.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32pipe.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32process.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32profile.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32security.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\win32ts.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\windows._lib_cacheinvalidation.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._animate.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._controls_.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._core_.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._gdi_.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._html2.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._misc_.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._windows_.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wx._wizard.pyd
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxbase294u_net_vc90.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxbase294u_vc90.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxmsw294u_adv_vc90.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxmsw294u_core_vc90.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxmsw294u_html_vc90.dll
e:\documents and settings\Max Joyner\Local Settings\Temp\_MEI29402\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-01-21 to 2015-02-21 )))))))))))))))))))))))))))))))
.
.
2015-02-19 13:01 . 2015-02-19 13:01 -------- d-----w- e:\documents and settings\Max Joyner\Local Settings\Application Data\WMTools Downloaded Files
2015-02-18 17:28 . 2008-07-09 17:33 306176 ----a-w- e:\windows\system32\drivers\rtl8187Se.sys
2015-02-18 17:28 . 2008-07-09 17:33 306176 ----a-w- e:\windows\system\rtl8187Se.sys
2015-02-18 17:26 . 2014-07-30 18:00 172032 ----a-w- e:\windows\system32\igfxres.dll
2015-02-16 13:23 . 2015-02-20 01:01 -------- d-----w- E:\AdwCleaner
2015-02-07 14:17 . 2015-02-07 14:17 -------- d--h--w- e:\windows\PIF
2015-01-24 14:24 . 2009-06-10 15:49 24576 ----a-w- e:\windows\system32\drivers\ANDROIDUSB.sys
2015-01-24 14:23 . 2015-01-24 14:23 -------- d-----w- e:\program files\Spirent Communications
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-21 00:11 . 2014-07-30 18:36 119512 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-21 00:02 . 2014-07-30 18:36 120024 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
2015-02-20 23:34 . 2014-12-11 11:12 35064 ----a-w- e:\windows\system32\drivers\TrueSight.sys
2015-02-16 12:58 . 2014-07-30 18:38 290304 ----a-w- e:\windows\system32\subinacl.exe
2015-02-05 15:04 . 2014-09-12 12:49 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2015-02-05 15:04 . 2014-09-12 12:49 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 23:28 . 2014-07-30 18:16 787800 ----a-w- e:\windows\system32\drivers\aswsnx.sys
2014-11-25 23:27 . 2014-07-30 18:16 423784 ----a-w- e:\windows\system32\drivers\aswsp.sys
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- e:\program files\AntiDust.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-17 00:33 723976 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 16:59 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"GoogleDriveSync"="e:\program files\Google\Drive\googledrivesync.exe" [2015-01-15 23308256]
"GoogleChromeAutoLaunch_B1DDAB0696E4DF7F912F7BE99F479D2F"="e:\program files\Google\Chrome\Application\chrome.exe" [2015-02-17 843592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="e:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
"IgfxTray"="e:\windows\system32\igfxtray.exe" [2014-07-30 141848]
"HotKeysCmds"="e:\windows\system32\hkcmd.exe" [2014-07-30 166424]
"Persistence"="e:\windows\system32\igfxpers.exe" [2014-07-30 137752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187SE Wireless LAN Utility.lnk - e:\program files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe /H [2015-2-18 880640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\REALTEK\\8187SE Wireless LAN Utility\\RtWLan.exe"=
"e:\\Program Files\\BitComet\\BitComet.exe"=
"e:\\Program Files\\Winamp\\winamp.exe"=
"e:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= e:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"e:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
"e:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
"e:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"23460:TCP"= 23460:TCP:BitComet 23460 TCP
"23460:UDP"= 23460:UDP:BitComet 23460 UDP
"18552:TCP"= 18552:TCP:BitComet 18552 TCP
"18552:UDP"= 18552:UDP:BitComet 18552 UDP
.
R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [30/07/2014 18:16 49944]
R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [30/07/2014 18:16 206248]
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswsnx.sys [30/07/2014 18:16 787800]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswsp.sys [30/07/2014 18:16 423784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [30/07/2014 18:49 243128]
R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [30/07/2014 18:16 24184]
R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [30/07/2014 18:16 70384]
R2 HTCMonitorService;HTCMonitorService;e:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [27/06/2014 10:24 87368]
R2 PassThru Service;Internet Pass-Through Service;e:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [17/10/2013 14:27 166912]
R2 RosettaStoneDaemon;RosettaStoneDaemon;e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [19/06/2012 15:21 1646608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\drivers\RtsUStor.sys [12/09/2014 12:37 216280]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;e:\windows\system32\drivers\ST50220.sys [12/09/2014 12:46 34224]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [12/09/2014 12:40 1691480]
S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\ANDROIDUSB.sys [24/01/2015 14:24 24576]
S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [17/10/2013 14:27 21248]
S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [29/09/2014 22:09 103424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 04:33 1084744 ----a-w- e:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-21 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13 15:04]
.
2015-02-21 e:\windows\Tasks\avast! Emergency Update.job
- e:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17 00:33]
.
2015-02-21 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2014-09-07 22:10]
.
2015-02-21 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2014-09-07 22:10]
.
2015-02-21 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- e:\windows\system32\xp_eos.exe [2014-07-30 01:59]
.
2015-02-08 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- e:\windows\system32\xp_eos.exe [2014-07-30 01:59]
.
2015-02-21 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2014-07-30 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: &D&ownload &with BitComet - e:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-21 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1832)
e:\windows\system32\WININET.dll
e:\program files\Google\Drive\googledrivesync32.dll
e:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
e:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2015-02-21 13:47:48
ComboFix-quarantined-files.txt 2015-02-21 13:47
ComboFix2.txt 2015-02-20 00:49
.
Pre-Run: 57,774,182,400 bytes free
Post-Run: 57,762,668,544 bytes free
.
- - End Of File - - 50DF9998143A280BA3BCA81D5DEE764D
8F558EB6672622401DA993E1E865C861
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
# AdwCleaner v4.111 - Logfile created 21/02/2015 at 19:21:35
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Max Joyner - MAX-0B83641C323
# Running from : E:\Documents and Settings\Max Joyner\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v40.0.2214.115

[E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=en_GB&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^GB&apn_uid=066896f7-7f84-42b9-9d71-38c20eaa9881&apn_sauid=986A356C-EA00-4B6D-9D7A-2F64381222F8
[E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=en_GB&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^GB&apn_uid=066896f7-7f84-42b9-9d71-38c20eaa9881&apn_sauid=986A356C-EA00-4B6D-9D7A-2F64381222F8
[E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=58&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
[E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=hostels+in+lo&useHistory=0&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&UM=5&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3325290&octid=EB_ORIGINAL_CTID

*************************

AdwCleaner[R0].txt - [1779 bytes] - [16/02/2015 13:23:43]
AdwCleaner[R1].txt - [899 bytes] - [16/02/2015 15:03:15]
AdwCleaner[R2].txt - [1014 bytes] - [20/02/2015 00:55:01]
AdwCleaner[R3].txt - [2788 bytes] - [21/02/2015 18:55:53]
AdwCleaner[S0].txt - [1986 bytes] - [16/02/2015 13:29:35]
AdwCleaner[S1].txt - [964 bytes] - [16/02/2015 15:27:11]
AdwCleaner[S2].txt - [1081 bytes] - [20/02/2015 01:01:00]
AdwCleaner[S3].txt - [2725 bytes] - [21/02/2015 19:21:35]

########## EOF - E:\AdwCleaner\AdwCleaner[S3].txt - [2784 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Microsoft Windows XP x86
Ran by Max Joyner on 21/02/2015 at 19:26:19.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/02/2015 at 19:41:01.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-02-2015
Ran by Max Joyner (administrator) on MAX-0B83641C323 on 21-02-2015 19:42:20
Running from E:\Documents and Settings\Max Joyner\Desktop
Loaded Profiles: Max Joyner (Available profiles: Max Joyner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE
(Nero AG) E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Rosetta Stone Ltd.) E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Intel Corporation) E:\WINDOWS\system32\hkcmd.exe
() E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Intel Corporation) E:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) E:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Run: [GoogleDriveSync] => E:\Program Files\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Run: [GoogleChromeAutoLaunch_B1DDAB0696E4DF7F912F7BE99F479D2F] => E:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187SE Wireless LAN Utility.lnk
ShortcutTarget: REALTEK RTL8187SE Wireless LAN Utility.lnk -> E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=", "hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=", "hxxp://www.msn.com/?pc=AV01", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=", "https://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?g...-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-16]
CHR Extension: (Google Docs) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-20]
CHR Extension: (WOT) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-16]
CHR Extension: (YouTube) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-16]
CHR Extension: (Google Search) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-16]
CHR Extension: (Google Sheets) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-16]
CHR Extension: (Avast Online Security) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-16]
CHR Extension: (Application Launcher for Drive (by Google)) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-19]
CHR Extension: (Google Wallet) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-16]
CHR Extension: (Gmail) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
CHR HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
R2 HTCMonitorService; E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RosettaStoneDaemon; E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; E:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2014-07-30] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
R2 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-17] ()
R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-17] (AVAST Software)
R1 aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-17] (AVAST Software)
R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-17] ()
R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
R1 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-17] (AVAST Software)
R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-17] ()
S3 CCDECODE; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-30] (Disc Soft Ltd)
S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
S3 NdisIP; E:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 qcserxp; E:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
S3 rtl8187Se; E:\WINDOWS\System32\DRIVERS\rtl8187Se.sys [306176 2008-07-09] (Realtek Semiconductor Corporation )
R3 ST50220; E:\WINDOWS\System32\Drivers\ST50220.sys [34224 2008-11-03] (Sonix)
S3 catchme; \??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 19:42 - 2015-02-21 19:42 - 00014320 _____ () E:\Documents and Settings\Max Joyner\Desktop\FRST.txt
2015-02-21 19:41 - 2015-02-21 19:42 - 00000000 ____D () E:\FRST
2015-02-21 19:41 - 2015-02-21 19:41 - 00000586 _____ () E:\Documents and Settings\Max Joyner\Desktop\JRT.txt
2015-02-21 19:01 - 2015-02-21 19:00 - 01126400 _____ (Farbar) E:\Documents and Settings\Max Joyner\Desktop\FRST.exe
2015-02-21 18:59 - 2015-02-21 18:58 - 01388274 _____ (Thisisu) E:\Documents and Settings\Max Joyner\Desktop\JRT.exe
2015-02-21 18:58 - 2015-02-21 18:56 - 02126848 _____ () E:\Documents and Settings\Max Joyner\Desktop\adwcleaner_4.111.exe
2015-02-21 13:47 - 2015-02-21 13:47 - 00019439 _____ () E:\ComboFix.txt
2015-02-21 13:47 - 2015-02-21 13:47 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-21 13:47 - 2015-02-21 13:47 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp
2015-02-21 13:47 - 2015-02-21 13:47 - 00000000 ____D () E:\Documents and Settings\Administrator\Local Settings\temp
2015-02-21 01:10 - 2015-02-21 01:09 - 05611903 ____R (Swearware) E:\Documents and Settings\Max Joyner\Desktop\ComboFix.exe
2015-02-21 00:01 - 2015-02-21 00:45 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Desktop\mbar
2015-02-20 23:36 - 2015-02-20 23:35 - 16502728 _____ (Malwarebytes Corp.) E:\Documents and Settings\Max Joyner\Desktop\mbar-1.09.1.1004.exe
2015-02-20 23:34 - 2015-02-20 23:33 - 15533656 _____ () E:\Documents and Settings\Max Joyner\Desktop\RogueKiller.exe
2015-02-19 23:56 - 2015-02-21 13:47 - 00000000 ____D () E:\Qoobox
2015-02-19 23:56 - 2011-06-26 06:45 - 00256000 _____ () E:\WINDOWS\PEV.exe
2015-02-19 23:56 - 2010-11-07 17:20 - 00208896 _____ () E:\WINDOWS\MBR.exe
2015-02-19 23:56 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe
2015-02-19 23:56 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe
2015-02-19 23:56 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe
2015-02-19 23:56 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe
2015-02-19 23:56 - 2000-08-31 00:00 - 00098816 _____ () E:\WINDOWS\sed.exe
2015-02-19 23:56 - 2000-08-31 00:00 - 00080412 _____ () E:\WINDOWS\grep.exe
2015-02-19 23:56 - 2000-08-31 00:00 - 00068096 _____ () E:\WINDOWS\zip.exe
2015-02-19 13:01 - 2015-02-19 13:01 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\WMTools Downloaded Files
2015-02-18 17:37 - 2015-02-18 17:37 - 00001907 _____ () E:\Documents and Settings\All Users\Desktop\REALTEK RTL8187SE Wireless LAN Utility.lnk
2015-02-18 17:37 - 2015-02-18 17:37 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\REALTEK RTL8187SE Wireless LAN Utility
2015-02-18 17:28 - 2008-07-09 17:33 - 00306176 _____ (Realtek Semiconductor Corporation ) E:\WINDOWS\system32\Drivers\rtl8187Se.sys
2015-02-18 17:28 - 2008-07-09 17:33 - 00306176 _____ (Realtek Semiconductor Corporation ) E:\WINDOWS\system\rtl8187Se.sys
2015-02-18 17:26 - 2014-07-30 18:00 - 00172032 _____ (Intel Corporation) E:\WINDOWS\system32\igfxres.dll
2015-02-16 13:48 - 2015-02-20 04:34 - 00001813 _____ () E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-16 13:48 - 2015-02-16 13:48 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-02-16 13:23 - 2015-02-21 19:21 - 00000000 ____D () E:\AdwCleaner
2015-02-12 16:53 - 2015-02-12 16:54 - 00009294 _____ () E:\WINDOWS\KB939683.log
2015-02-12 16:53 - 2015-02-12 16:53 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB939683$
2015-02-11 05:32 - 2015-02-12 16:54 - 00013209 _____ () E:\WINDOWS\iis6.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00012367 _____ () E:\WINDOWS\FaxSetup.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00005912 _____ () E:\WINDOWS\ocgen.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00005642 _____ () E:\WINDOWS\tsoc.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00004056 _____ () E:\WINDOWS\comsetup.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00003714 _____ () E:\WINDOWS\msmqinst.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00002460 _____ () E:\WINDOWS\ntdtcsetup.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00002166 _____ () E:\WINDOWS\netfxocm.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00001374 _____ () E:\WINDOWS\imsins.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00000850 _____ () E:\WINDOWS\MedCtrOC.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00000684 _____ () E:\WINDOWS\ocmsn.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00000622 _____ () E:\WINDOWS\tabletoc.log
2015-02-11 05:32 - 2015-02-12 16:54 - 00000618 _____ () E:\WINDOWS\msgsocm.log
2015-02-11 05:32 - 2015-02-11 05:32 - 00001374 _____ () E:\WINDOWS\imsins.BAK
2015-02-11 05:31 - 2015-02-11 05:32 - 00004171 _____ () E:\WINDOWS\KB954154.log
2015-02-11 05:31 - 2015-02-11 05:31 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB954154_WM11$
2015-02-10 12:27 - 2015-02-10 12:27 - 00006446 _____ () E:\WINDOWS\KB2378111.log
2015-02-10 12:09 - 2015-02-10 12:09 - 00006455 _____ () E:\WINDOWS\MSCompPackV1.log
2015-02-10 12:09 - 2007-07-27 10:41 - 00016760 ____N (Microsoft Corporation) E:\WINDOWS\system32\spmsg.dll
2015-02-10 12:08 - 2015-02-10 12:27 - 00002426 _____ () E:\WINDOWS\updspapi.log
2015-02-10 12:08 - 2015-02-10 12:09 - 00019887 _____ () E:\WINDOWS\wmp11.log
2015-02-10 12:07 - 2015-02-10 12:29 - 00015467 _____ () E:\WINDOWS\spupdsvc.log
2015-02-10 12:06 - 2015-02-10 12:07 - 00024903 _____ () E:\WINDOWS\WMFDist11.log
2015-02-10 12:06 - 2015-02-10 12:06 - 00001608 _____ () E:\WINDOWS\Wudf01000Inst.log
2015-02-10 12:03 - 2015-02-10 12:03 - 00000000 ____H () E:\WINDOWS\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2015-02-08 15:19 - 2015-02-08 15:23 - 00009342 _____ () E:\Documents and Settings\Max Joyner\My Documents\costings.xlsx
2015-02-07 14:17 - 2015-02-07 14:17 - 00000000 ___HD () E:\WINDOWS\PIF
2015-02-06 13:36 - 2015-02-06 13:36 - 00000165 ____H () E:\Documents and Settings\Max Joyner\My Documents\~$Introduction to Equality in the Workplace.pptx
2015-02-06 12:57 - 2015-02-18 22:17 - 00066883 _____ () E:\Documents and Settings\Max Joyner\My Documents\Introduction to Equality in the Workplace.pptx
2015-01-24 14:24 - 2009-06-10 15:49 - 00024576 _____ (HTC, Corporation) E:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
2015-01-24 14:23 - 2015-01-24 14:23 - 00000000 ____D () E:\Program Files\Spirent Communications

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 19:42 - 2014-09-30 21:18 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Temp
2015-02-21 19:37 - 2014-07-30 13:11 - 01795443 _____ () E:\WINDOWS\WindowsUpdate.log
2015-02-21 19:33 - 2014-09-07 22:10 - 00000886 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 19:28 - 2014-07-30 18:16 - 00000364 ____H () E:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-21 19:25 - 2014-10-05 18:58 - 00000000 ___RD () E:\Documents and Settings\Max Joyner\My Documents\Google Drive
2015-02-21 19:25 - 2014-07-30 17:32 - 00000387 _____ () E:\WINDOWS\RTacDbg.txt
2015-02-21 19:23 - 2014-12-14 13:58 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\HTC MediaHub
2015-02-21 19:23 - 2014-09-07 22:10 - 00000882 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 19:23 - 2014-07-30 20:03 - 00000232 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-02-21 19:23 - 2014-07-30 19:43 - 00000268 _____ () E:\WINDOWS\Tasks\WGASetup.job
2015-02-21 19:23 - 2014-07-30 14:01 - 00000159 _____ () E:\WINDOWS\wiadebug.log
2015-02-21 19:23 - 2014-07-30 14:01 - 00000049 _____ () E:\WINDOWS\wiaservc.log
2015-02-21 19:23 - 2014-07-30 13:21 - 00032480 _____ () E:\WINDOWS\SchedLgU.Txt
2015-02-21 19:23 - 2014-07-30 13:21 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
2015-02-21 19:23 - 2014-07-30 13:17 - 00000000 __SHD () E:\Documents and Settings\NetworkService
2015-02-21 19:21 - 2014-07-30 13:22 - 00000178 ___SH () E:\Documents and Settings\Max Joyner\ntuser.ini
2015-02-21 19:04 - 2014-12-13 23:35 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-21 13:44 - 2001-10-05 00:16 - 00000227 _____ () E:\WINDOWS\system.ini
2015-02-21 12:38 - 2014-08-28 03:40 - 00459335 _____ () E:\WINDOWS\setupapi.log
2015-02-21 12:36 - 2001-10-05 00:16 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl
2015-02-21 00:44 - 2014-12-11 11:28 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-02-21 00:11 - 2014-07-30 18:36 - 00119512 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 00:02 - 2014-07-30 18:36 - 00120024 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-20 23:34 - 2014-12-11 11:12 - 00035064 _____ () E:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-20 12:52 - 2014-08-01 01:49 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Application Data\vlc
2015-02-20 00:37 - 2014-12-12 01:06 - 00000000 ____D () E:\WINDOWS\erdnt
2015-02-18 22:47 - 2014-07-30 20:17 - 00065536 _____ () E:\WINDOWS\system32\config\OAlerts.evt
2015-02-18 22:42 - 2014-07-30 18:58 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Application Data\Winamp
2015-02-18 22:02 - 2014-08-01 01:25 - 00000000 ____D () E:\Documents and Settings\Max Joyner\My Documents\Work
2015-02-18 17:41 - 2014-07-30 20:15 - 00002501 _____ () E:\Documents and Settings\Max Joyner\Desktop\Microsoft Word 2010.lnk
2015-02-18 17:36 - 2014-07-30 17:31 - 00000000 ____D () E:\WINDOWS\system32\REALTEK RTL8187SE Wireless LAN Driver and Utility
2015-02-18 17:36 - 2014-07-30 17:31 - 00000000 ____D () E:\Program Files\REALTEK
2015-02-18 17:28 - 2014-08-20 02:16 - 00000000 ____D () E:\Program Files\REALTEK RTL8187SE Wireless LAN Driver
2015-02-18 17:28 - 2014-07-30 13:50 - 00000000 ____D () E:\WINDOWS\system
2015-02-18 17:22 - 2014-07-30 20:26 - 00000000 ____D () E:\WINDOWS\system32\ReinstallBackups
2015-02-17 23:55 - 2014-07-30 13:51 - 00018944 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-16 13:48 - 2014-07-30 17:45 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google
2015-02-16 13:47 - 2014-07-30 17:45 - 00000000 ____D () E:\Program Files\Google
2015-02-16 13:36 - 2014-07-30 13:22 - 00000803 _____ () E:\Documents and Settings\Max Joyner\Start Menu\Programs\Internet Explorer.lnk
2015-02-16 13:12 - 2014-07-30 18:38 - 00000000 ____D () E:\Program Files\Adware-Removal-Tool
2015-02-16 12:58 - 2014-07-30 18:38 - 00290304 _____ (Microsoft Corporation) E:\WINDOWS\system32\subinacl.exe
2015-02-16 12:50 - 2014-07-30 18:52 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Application Data\BitComet
2015-02-13 03:43 - 2014-12-06 00:01 - 00004120 _____ () E:\WINDOWS\wmsetup.log
2015-02-12 03:13 - 2014-07-30 17:38 - 00000000 ____D () E:\WINDOWS\Microsoft.NET
2015-02-11 14:01 - 2014-08-27 00:24 - 00000444 _____ () E:\WINDOWS\brwmark.ini
2015-02-11 05:54 - 2014-07-30 19:25 - 00000000 ____D () E:\WINDOWS\system32\MRT
2015-02-11 05:35 - 2014-07-30 19:25 - 113756392 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
2015-02-11 05:34 - 2014-07-30 20:09 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-02-10 12:13 - 2014-08-26 02:26 - 00023392 _____ () E:\WINDOWS\system32\nscompat.tlb
2015-02-10 12:13 - 2014-08-26 02:26 - 00016832 _____ () E:\WINDOWS\system32\amcompat.tlb
2015-02-10 12:12 - 2014-07-30 13:22 - 00000000 ____D () E:\Documents and Settings\Max Joyner
2015-02-10 12:09 - 2014-08-26 02:10 - 00000000 ____D () E:\Program Files\Windows Media Connect 2
2015-02-10 12:09 - 2014-07-30 13:22 - 00000788 _____ () E:\Documents and Settings\Max Joyner\Start Menu\Programs\Windows Media Player.lnk
2015-02-10 12:08 - 2014-07-30 13:50 - 00000000 ____D () E:\WINDOWS\Help
2015-02-10 12:03 - 2014-09-04 21:31 - 00003948 _____ () E:\WINDOWS\setupact.log
2015-02-08 22:09 - 2014-09-29 22:09 - 00179204 _____ () E:\WINDOWS\DPINST.LOG
2015-02-08 15:08 - 2014-07-30 20:15 - 00002459 _____ () E:\Documents and Settings\Max Joyner\Desktop\Microsoft Excel 2010.lnk
2015-02-08 15:00 - 2014-07-30 20:03 - 00000226 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-02-05 15:04 - 2014-09-12 12:49 - 00701616 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 15:04 - 2014-09-12 12:49 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-28 21:26 - 2014-09-27 01:16 - 00000000 ____D () E:\Documents and Settings\Max Joyner\My Documents\Outlook Files
2015-01-27 03:28 - 2014-10-05 18:56 - 00001767 _____ () E:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2015-01-27 03:28 - 2014-10-05 18:56 - 00001765 _____ () E:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2015-01-27 03:28 - 2014-10-05 18:56 - 00001755 _____ () E:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2015-01-27 03:28 - 2014-10-05 18:56 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-01-24 14:30 - 2014-12-14 13:57 - 00001768 _____ () E:\Documents and Settings\All Users\Desktop\HTC Sync Manager.lnk
2015-01-24 14:24 - 2014-12-14 13:56 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\HTC
2015-01-24 14:23 - 2014-09-29 22:10 - 00000000 ____D () E:\Program Files\HTC
2015-01-24 14:20 - 2014-09-29 22:25 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Downloaded Installations
2015-01-22 21:14 - 2014-07-30 13:11 - 00000000 __SHD () E:\Documents and Settings\All Users\DRM

==================== Files in the root of some directories =======

2013-02-07 12:22 - 2013-02-07 12:22 - 0050330 _____ () E:\Program Files\AntiDust.exe
2014-08-09 18:24 - 2014-09-18 23:08 - 0000154 _____ () E:\Documents and Settings\Max Joyner\Application Data\Rim.Desktop.Exception.log
2014-08-09 18:22 - 2014-09-30 21:00 - 0001925 _____ () E:\Documents and Settings\Max Joyner\Application Data\Rim.Desktop.HttpServerSetup.log
2014-08-09 18:24 - 2014-09-18 23:08 - 0000154 _____ () E:\Documents and Settings\Max Joyner\Application Data\Rim.DesktopHelper.Exception.log
2014-07-30 13:51 - 2015-02-17 23:55 - 0018944 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe
E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-02-2015
Ran by Max Joyner at 2015-02-21 19:43:53
Running from E:\Documents and Settings\Max Joyner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.17.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7116 - Realtek Semiconductor Corp.)
REALTEK RTL8187SE Wireless LAN Driver (HKLM\...\{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}) (Version: Package:1.00.0035 Driver:5.9067.710.2008 - REALTEK Semiconductor Corp.)
REALTEK RTL8187SE Wireless LAN Driver and Utility (HKLM\...\{4DA7C45A-BE9E-4538-B233-F829D59545D1}) (Version: Package:1.00.0065 Driver:5.9067.710.2008 UI:600.1552.716.2008 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Ltd Services (HKLM\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

13-12-2014 23:38:41 Techspot Clean December 2014
13-12-2014 23:38:41 System Checkpoint
13-12-2014 23:38:42 Installed Sophos Virus Removal Tool.
13-12-2014 23:38:48 End of disinfection
13-12-2014 23:45:00 Revo Uninstaller's restore point - Cooking Quest
13-12-2014 23:48:16 Revo Uninstaller's restore point - Amazing Finds 1.00
13-12-2014 23:49:45 Revo Uninstaller's restore point - Righteous Kill
13-12-2014 23:52:30 Revo Uninstaller's restore point - CCleaner, версия 4.14.4808
13-12-2014 23:54:00 Revo Uninstaller's restore point - Herods Lost Tomb
13-12-2014 23:57:49 Revo Uninstaller's restore point - Mystery Legends - Sleepy Hollow 1.00
14-12-2014 00:06:32 Revo Uninstaller's restore point - Hidden Mysteries Buckingham Palace
14-12-2014 00:09:32 Revo Uninstaller's restore point - Redrum Dead Diary
14-12-2014 00:11:16 Revo Uninstaller's restore point - Sophos Virus Removal Tool
14-12-2014 13:45:13 Revo Uninstaller's restore point - HTC Sync Manager
14-12-2014 13:46:53 Removed HTC Sync Manager.
14-12-2014 13:57:29 Installed HTC Sync Manager.
14-12-2014 14:00:41 Unsigned driver install
15-12-2014 23:12:24 System Checkpoint
20-12-2014 16:54:11 System Checkpoint
25-12-2014 12:29:17 System Checkpoint
26-12-2014 12:50:34 System Checkpoint
28-12-2014 19:36:43 System Checkpoint
30-12-2014 11:01:58 System Checkpoint
01-01-2015 14:24:38 System Checkpoint
02-01-2015 20:26:50 System Checkpoint
03-01-2015 22:04:57 System Checkpoint
05-01-2015 11:13:15 System Checkpoint
06-01-2015 11:47:20 System Checkpoint
07-01-2015 12:04:40 System Checkpoint
08-01-2015 12:59:38 System Checkpoint
09-01-2015 13:57:12 System Checkpoint
10-01-2015 14:39:33 System Checkpoint
11-01-2015 15:32:11 System Checkpoint
12-01-2015 15:58:23 System Checkpoint
13-01-2015 16:58:23 System Checkpoint
14-01-2015 19:33:35 Software Distribution Service 3.0
14-01-2015 21:19:30 System Checkpoint
15-01-2015 21:51:38 System Checkpoint
17-01-2015 02:12:14 System Checkpoint
18-01-2015 02:50:46 System Checkpoint
19-01-2015 03:14:33 System Checkpoint
20-01-2015 12:21:16 System Checkpoint
21-01-2015 22:33:18 System Checkpoint
23-01-2015 02:57:38 System Checkpoint
24-01-2015 03:37:02 System Checkpoint
25-01-2015 03:54:26 System Checkpoint
27-01-2015 03:48:12 System Checkpoint
28-01-2015 19:09:16 System Checkpoint
31-01-2015 03:38:38 System Checkpoint
01-02-2015 08:44:57 System Checkpoint
01-02-2015 14:59:06 System Checkpoint
02-02-2015 15:46:33 System Checkpoint
03-02-2015 16:11:06 System Checkpoint
04-02-2015 16:35:17 System Checkpoint
05-02-2015 18:39:36 System Checkpoint
06-02-2015 19:09:03 System Checkpoint
07-02-2015 19:20:26 System Checkpoint
08-02-2015 20:15:39 System Checkpoint
09-02-2015 20:51:54 System Checkpoint
10-02-2015 12:05:45 Software Distribution Service 3.0
10-02-2015 12:26:51 Software Distribution Service 3.0
11-02-2015 05:31:47 Software Distribution Service 3.0
12-02-2015 03:00:24 Software Distribution Service 3.0
12-02-2015 16:52:47 Software Distribution Service 3.0
14-02-2015 03:33:58 System Checkpoint
15-02-2015 18:00:30 System Checkpoint
16-02-2015 13:36:25 Revo Uninstaller's restore point - Google Chrome
17-02-2015 16:12:58 System Checkpoint
18-02-2015 17:08:49 Revo Uninstaller's restore point - REALTEK RTL8187SE Wireless LAN Driver and Utility
18-02-2015 17:28:23 Installed REALTEK RTL8187SE Wireless LAN Driver
18-02-2015 17:36:40 Installed REALTEK RTL8187SE Wireless LAN Driver and Utility
19-02-2015 14:07:21 mbam
20-02-2015 15:19:01 System Checkpoint
21-02-2015 00:00:42 Techspot Clean 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-12 01:28 - 2015-02-21 13:08 - 00000027 ____A E:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: E:\WINDOWS\Tasks\avast! Emergency Update.job => E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe
Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\WGASetup.job => E:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-21 12:39 - 2015-02-21 12:39 - 02911744 _____ () E:\Program Files\AVAST Software\Avast\defs\15022100\algo.dll
2014-07-30 18:15 - 2014-11-17 00:33 - 38562088 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () E:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () E:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () E:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () E:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () E:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () E:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () E:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-12-18 15:10 - 2014-12-18 15:10 - 00821600 _____ () E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () E:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () E:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1292428093-688789844-527237240-1003\Control Panel\Desktop\\Wallpaper -> E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1292428093-688789844-527237240-500 - Administrator - Enabled)
Guest (S-1-5-21-1292428093-688789844-527237240-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1292428093-688789844-527237240-1000 - Limited - Disabled)
Max Joyner (S-1-5-21-1292428093-688789844-527237240-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Max Joyner
SUPPORT_388945a0 (S-1-5-21-1292428093-688789844-527237240-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: 802.11b/g Mini Card Wireless Adapter #2
Description: 802.11b/g Mini Card Wireless Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8187Se
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB Device
Description: USB Device
Class Guid: {7240100F-6512-4548-8418-9EBB5C6A1A94}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2015 00:59:50 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (02/21/2015 00:59:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (02/06/2015 08:35:39 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1710557830.

Error: (02/06/2015 08:35:38 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1718027023.

Error: (02/06/2015 08:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application EXCEL.EXE, version 14.0.4734.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/06/2015 08:34:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application POWERPNT.EXE, version 14.0.4734.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/01/2015 08:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 40.0.2214.93, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/28/2015 09:25:57 PM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
Description: EventType officelifeboathang, P1 outlook.exe, P2 14.0.4734.1000, P3 outlook.exe, P4 14.0.4734.1000, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (01/28/2015 09:22:50 PM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
Description: EventType officelifeboathang, P1 outlook.exe, P2 14.0.4734.1000, P3 outlook.exe, P4 14.0.4734.1000, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (01/24/2015 02:30:15 PM) (Source: MsiInstaller) (EventID: 11500) (User: MAX-0B83641C323)
Description: Product: HTC Sync Manager -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.


System errors:
=============
Error: (02/21/2015 06:54:12 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.115 for the Network Card with network address 00030DA9BC11 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/21/2015 01:45:51 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.115 for the Network Card with network address 00030DA9BC11 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/21/2015 10:40:26 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for E:\Program Files\AVAST Software\Avast\AavmRpch.dll.
Reference error message: The operation completed successfully.
.

Error: (02/21/2015 10:40:26 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: Insufficient system resources exist to complete the requested service.
.

Error: (02/21/2015 09:06:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for E:\WINDOWS\system32\wuapi.dll.
Reference error message: The operation completed successfully.
.

Error: (02/21/2015 09:06:19 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: Insufficient system resources exist to complete the requested service.
.

Error: (02/21/2015 08:47:43 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%0"
Happened while starting this command:
E:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/21/2015 08:47:43 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%1450"
Happened while starting this command:
E:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/21/2015 08:17:05 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for E:\WINDOWS\system32\mlang.dll.
Reference error message: The operation completed successfully.
.

Error: (02/21/2015 08:17:05 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: Insufficient system resources exist to complete the requested service.
.


Microsoft Office Sessions:
=========================
Error: (02/21/2015 00:59:50 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (02/21/2015 00:59:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (02/06/2015 08:35:39 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 1710557830

Error: (02/06/2015 08:35:38 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 1718027023

Error: (02/06/2015 08:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE14.0.4734.1000hungapp0.0.0.000000000

Error: (02/06/2015 08:34:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: POWERPNT.EXE14.0.4734.1000hungapp0.0.0.000000000

Error: (02/01/2015 08:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.930.0.0.000000000

Error: (01/28/2015 09:25:57 PM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
Description: officelifeboathangoutlook.exe14.0.4734.1000outlook.exe14.0.4734.1000NILNILNILNILNILNIL

Error: (01/28/2015 09:22:50 PM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
Description: officelifeboathangoutlook.exe14.0.4734.1000outlook.exe14.0.4734.1000NILNILNILNILNILNIL

Error: (01/24/2015 02:30:15 PM) (Source: MsiInstaller) (EventID: 11500) (User: MAX-0B83641C323)
Description: Product: HTC Sync Manager -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Percentage of memory in use: 39%
Total physical RAM: 1015.17 MB
Available physical RAM: 609.25 MB
Total Pagefile: 2442.1 MB
Available Pagefile: 2140.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.3 MB

==================== Drives ================================

Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Movie Drive and Back up) (Fixed) (Total:931.51 GB) (Free:215.63 GB) NTFS
Drive e: () (Fixed) (Total:148.95 GB) (Free:53.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 6E331D41)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2 KB · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-02-2015
Ran by Max Joyner at 2015-02-22 00:22:55 Run:1
Running from E:\Documents and Settings\Max Joyner\Desktop
Loaded Profiles: Max Joyner (Available profiles: Max Joyner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=", "hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=", "hxxp://www.msn.com/?pc=AV01", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=", "https://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?g...-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
S3 catchme; \??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\catchme.sys [X]
E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe
E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll

*****************

"HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
catchme => Service deleted successfully.
E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe => Moved successfully.
E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll => Moved successfully.

==== End of Fixlog 00:22:56 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Reading my replies carefully pays off...

NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Click to expand...
 
Sorry about that - Here are the results of the scans

Results of screen317's Security Check version 0.99.96
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive E:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 17-01-2015
Ran by Max Joyner (administrator) on 22-02-2015 at 00:53:28
Running from "E:\Documents and Settings\Max Joyner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
E:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
E:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
E:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
E:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
E:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
E:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
E:\WINDOWS\system32\netman.dll => File is digitally signed
E:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
E:\WINDOWS\system32\srsvc.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
E:\WINDOWS\system32\wscsvc.dll => File is digitally signed
E:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
E:\WINDOWS\system32\wuauserv.dll => File is digitally signed
E:\WINDOWS\system32\qmgr.dll => File is digitally signed
E:\WINDOWS\system32\es.dll => File is digitally signed
E:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
AegisP(8) aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

2015-02-22 01:04:18.765 Sophos Virus Removal Tool version 2.5.4
2015-02-22 01:04:18.765 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-02-22 01:04:18.765 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-02-22 01:04:18.765 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2015-02-22 01:04:18.765 Checking for updates...
2015-02-22 01:04:19.375 Update progress: proxy server not available
2015-02-22 01:05:06.875 Option all = no
2015-02-22 01:05:06.875 Option recurse = yes
2015-02-22 01:05:06.875 Option archive = no
2015-02-22 01:05:06.875 Option service = yes
2015-02-22 01:05:06.875 Option confirm = yes
2015-02-22 01:05:06.875 Option sxl = yes
2015-02-22 01:05:06.890 Option max-data-age = 35
2015-02-22 01:05:06.890 Option EnableSafeClean = yes
2015-02-22 01:05:07.265 Option vdl-logging = yes
2015-02-22 01:05:07.312 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-22 01:05:07.312 Machine ID: dd11bbe1d8d9471b843ff4b2b7b003b7
2015-02-22 01:05:07.640 Component SVRTcli.exe version 2.5.4
2015-02-22 01:05:07.640 Component control.dll version 2.5.4
2015-02-22 01:05:07.640 Component SVRTservice.exe version 2.5.4
2015-02-22 01:05:07.640 Component engine\osdp.dll version 1.44.1.2183
2015-02-22 01:05:07.640 Component engine\veex.dll version 3.58.3.2183
2015-02-22 01:05:07.640 Component engine\savi.dll version 8.1.5.2183
2015-02-22 01:05:07.796 Component rkdisk.dll version 1.5.30.0
2015-02-22 01:05:07.796 Version info: Product version 2.5.4
2015-02-22 01:05:07.796 Version info: Detection engine 3.58.3
2015-02-22 01:05:07.796 Version info: Detection data 5.11
2015-02-22 01:05:07.796 Version info: Build date 2/3/2015
2015-02-22 01:05:07.796 Version info: Data files added 274
2015-02-22 01:05:07.796 Version info: Last successful update (not yet updated)
2015-02-22 01:05:10.937 Downloading updates...
2015-02-22 01:05:10.937 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-22 01:05:10.937 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-22 01:05:10.937 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-22 01:05:10.937 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-22 01:05:10.937 Update progress: [I49502] Found supplement IDE514 LATEST
2015-02-22 01:05:10.937 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-22 01:05:10.937 Update progress: [I19463] Syncing product SAVIW32 51
2015-02-22 01:08:11.484 Update progress: [E59264] Cannot locate server for http://d1.sophosupd.com/update/5b8087a2207e3a098627e6ba53facc0fx000.dat
2015-02-22 01:08:11.484 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-22 01:08:11.484 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-22 01:08:11.484 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-22 01:08:11.484 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-22 01:08:11.484 Update progress: [I49502] Found supplement IDE514 LATEST
2015-02-22 01:08:11.484 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-22 01:08:11.484 Update progress: [I19463] Syncing product SAVIW32 51
2015-02-22 01:11:30.843 Update progress: [I19463] Syncing product IDE512 166
2015-02-22 01:11:30.843 Update progress: [E83521] Cannot create stream d484380cba2e5213298458f392c2beccx000.xml
2015-02-22 01:11:30.843 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-22 01:11:30.843 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-22 01:11:30.843 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-22 01:11:30.843 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-22 01:11:30.843 Update progress: [I49502] Found supplement IDE514 LATEST
2015-02-22 01:11:30.843 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-22 01:11:30.843 Update progress: [I19463] Syncing product SAVIW32 51
2015-02-22 01:11:30.843 Update progress: [I19463] Syncing product IDE512 166
2015-02-22 01:11:32.906 Installing updates...
2015-02-22 01:11:34.937 Error level 1
2015-02-22 01:11:35.093 Update progress: [I19463] Syncing product IDE513 112
2015-02-22 01:11:35.093 Update progress: [I19463] Syncing product IDE514 1
2015-02-22 01:12:07.953 Update successful
2015-02-22 01:12:36.390 Option all = no
2015-02-22 01:12:36.390 Option recurse = yes
2015-02-22 01:12:36.390 Option archive = no
2015-02-22 01:12:36.390 Option service = yes
2015-02-22 01:12:36.390 Option confirm = yes
2015-02-22 01:12:36.390 Option sxl = yes
2015-02-22 01:12:36.406 Option max-data-age = 35
2015-02-22 01:12:36.406 Option EnableSafeClean = yes
2015-02-22 01:12:36.625 Option vdl-logging = yes
2015-02-22 01:12:36.625 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-22 01:12:36.625 Machine ID: dd11bbe1d8d9471b843ff4b2b7b003b7
2015-02-22 01:12:36.640 Component SVRTcli.exe version 2.5.4
2015-02-22 01:12:36.640 Component control.dll version 2.5.4
2015-02-22 01:12:36.640 Component SVRTservice.exe version 2.5.4
2015-02-22 01:12:36.640 Component engine\osdp.dll version 1.44.1.2183
2015-02-22 01:12:36.640 Component engine\veex.dll version 3.58.3.2183
2015-02-22 01:12:36.640 Component engine\savi.dll version 8.1.5.2183
2015-02-22 01:12:36.640 Component rkdisk.dll version 1.5.30.0
2015-02-22 01:12:36.640 Version info: Product version 2.5.4
2015-02-22 01:12:36.640 Version info: Detection engine 3.58.3
2015-02-22 01:12:36.640 Version info: Detection data 5.11G
2015-02-22 01:12:36.640 Version info: Build date 2/3/2015
2015-02-22 01:12:36.640 Version info: Data files added 274
2015-02-22 01:12:36.640 Version info: Last successful update 2/22/2015 1:12:07 AM

2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file D:\RECYCLER\S-1-5-21-1078081533-1659004503-725345543-1003\Dj9.exe
2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-22 02:06:05.187 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-22 02:06:30.531 >>> Virus 'Mal/Generic-S' found in file D:\System Volume Information\_restore{B81F6247-434C-476B-8225-12BF0A59DD68}\RP232\A0079689.exe
2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-22 02:06:30.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-22 02:19:19.828 >>> Virus 'Mal/Generic-S' found in file E:\Documents and Settings\Max Joyner\Desktop\adwcleaner_4.111.exe
2015-02-22 02:19:19.953 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-22 02:19:19.968 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-22 02:19:46.656 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-02-22 02:19:46.718 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-02-22 02:19:47.234 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-02-22 02:19:48.171 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-02-22 02:19:56.562 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Drive\lockfile (virus scan failed)
2015-02-22 02:19:56.796 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Drive\user_default\lockfile (virus scan failed)
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file E:\System Volume Information\_restore{B81F6247-434C-476B-8225-12BF0A59DD68}\RP161\A0057321.exe
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file E:\System Volume Information\_restore{B81F6247-434C-476B-8225-12BF0A59DD68}\RP161\A0057321.exe
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file E:\System Volume Information\_restore{B81F6247-434C-476B-8225-12BF0A59DD68}\RP161\A0057321.exe
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-22 02:36:37.265 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-22 03:04:06.968 The following items will be cleaned up:
2015-02-22 03:04:06.968 Mal/Generic-S
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back