Jump to content


Photo

Facebook says computer infected?


  • This topic is locked This topic is locked
19 replies to this topic

#1 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 07 July 2015 - 01:44 PM

Just tried to log onto Facebook and got a warning "Your computer needs to be cleaned...."

 

It then wants me to go on and run an online check.  Let's just say that I'm a little less than trusting of that.  I can connect to FB via my phone just fine.   It's just the desktop that's the issue.

 

I use Avast Free Program version 2015.10.2218.  Definitions up to date.  And malwarebytes Home (Premium) with real time malware and malicious website protection turned on.

 

So, I'm guessing probably a hijack.  Here are my logs:

 

Malwarebytes Anti Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/7/2015
Scan Time: 1:59:18 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.07.04
Rootkit Database: v2015.07.07.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372398
Time Elapsed: 30 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by user at 14:13:58 on 2015-07-07
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2044.457 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyboard Express 3\keyexp.exe
C:\Program Files\Citrix\GoToMeeting\1767\g2mcomm.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Citrix\GoToMeeting\1767\g2mlauncher.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Watch for Browser Events: {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - c:\program files\keyboard express 3\kie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} -
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1767\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GhostStartTrayApp] c:\program files\symantec\norton ghost 2003\GhostStartTrayApp.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [8169Diag] c:\program files\realtek\diagnostics utility\8169Diag.exe /hw
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\docume~1\user\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms products\bounceback express\BBStartup.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\keyboa~1.lnk - c:\program files\keyboard express 3\keyexp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\announce.txt
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sideact!.lnk - c:\program files\act\SideACT.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249575361234
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BB12FE0F-6522-40FD-BDB9-31B29FE52F51} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.130\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\u0flkzf4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.asmicro.com/Corporate/burkhead.htm
FF - plugin: c:\documents and settings\user\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_190.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-5-2 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-5-2 209048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-5-2 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-5-2 428120]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-2 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-5-2 74976]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-5 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-19 98520]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S0 cccllq;cccllq;c:\windows\system32\drivers\qvilowj.sys --> c:\windows\system32\drivers\qvilowj.sys [?]
S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-7-11 8960]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-9-24 27064]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-7-11 16640]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\mi1933~1\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2015-06-23 23:30:11    18174128    ------w-    c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2015-07-07 17:59:17    98520    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-23 23:30:16    778416    ------w-    c:\windows\system32\FlashPlayerApp.exe
2015-06-23 23:30:16    142512    ------w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 12:41:46    121560    ------w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 12:41:36    23256    ------w-    c:\windows\system32\drivers\mbam.sys
2015-05-29 15:19:42    227328    ------w-    c:\windows\system32\ltocx12n.oca
2015-05-29 15:19:41    300544    ------w-    c:\windows\system32\ltdlg12n.oca
2015-05-21 12:51:55    74976    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-05-21 12:51:55    49904    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-05-21 12:51:55    24144    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-05-21 12:51:55    209048    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-05-21 12:51:51    43112    ------w-    c:\windows\avastSS.scr
2015-05-21 12:51:40    787760    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-05-18 19:46:01    265728    ------w-    c:\windows\system32\MSCOMCTL.oca
2015-05-18 19:46:00    132096    ------w-    c:\windows\system32\olch3x32.oca
2015-05-18 19:45:59    35840    ------w-    c:\windows\system32\Comdlg32.oca
2015-05-18 19:45:59    159232    ------w-    c:\windows\system32\olch2x32.oca
.
============= FINISH: 14:15:51.89 ===============
 

Security Check:

  Results of screen317's Security Check version 1.004  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Norton Ghost    
 HijackThis 2.0.2    
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player     17.0.0.190 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (39.0)
 Mozilla Thunderbird (31.7.0)
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.130)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#2 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 07 July 2015 - 02:12 PM

And Avast did not find any viruses but "Grimefighter" said there was "grime" on the computer.



#3 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 07 July 2015 - 02:14 PM

Tried to update Flash Player a few days ago.  Got a very unhelpful "install failed" error message.



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 08 July 2015 - 06:45 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 08 July 2015 - 08:35 AM

After running those I get the same issue.

 

ADWCleaner log:

# AdwCleaner v4.207 - Logfile created 08/07/2015 at 09:20:19
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : user - ASM17
# Running from : C:\Documents and Settings\user\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Common Files\Viewpoint

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Deleted : HKU\.DEFAULT\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.132

[C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [11889 bytes] - [23/09/2013 14:33:08]
AdwCleaner[R1].txt - [2159 bytes] - [08/07/2015 09:18:20]
AdwCleaner[S0].txt - [11921 bytes] - [23/09/2013 14:33:43]
AdwCleaner[S1].txt - [2108 bytes] - [08/07/2015 09:20:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2167  bytes] ##########
 

Frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by user (administrator) on ASM17 on 08-07-2015 09:31:07
Running from C:\Documents and Settings\user\Desktop
Loaded Profiles: user (Available Profiles: user & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Symantec) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
(Realtek) C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe
(Insight Software Solutions) C:\Program Files\Keyboard Express 3\keyexp.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mcomm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
() C:\Program Files\ACT\SideACT.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mlauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16806912 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Norton Ghost 15.0] => C:\Program Files\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [233304 2009-02-03] (Microsoft Corp.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [GhostStartTrayApp] => C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [94208 2003-12-17] (Symantec Corporation)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-09-25] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [8169Diag] => C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe [909312 2008-02-26] (Realtek)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-21] (Avast Software s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-07-21] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe [40304 2014-09-26] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssbezier.scr [19968 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2013-09-25]
ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-08-05]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to announce.lnk [2013-09-25]
ShortcutTarget: Shortcut to announce.lnk -> C:\announce.txt ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk [2013-09-25]
ShortcutTarget: SideACT!.lnk -> C:\Program Files\ACT\SideACT.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-09-25]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2013-09-25]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2013-09-25]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-21] (Avast Software s.r.o.)
BootExecute: autocheck autochk /r \??\J:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-21] (Avast Software s.r.o.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1249575361234
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2000-12-23] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB12FE0F-6522-40FD-BDB9-31B29FE52F51}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default
FF Homepage: hxxp://www.asmicro.com/Corporate/burkhead.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-11-02] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1081035915-1334999037-3880933879-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\user\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-07-26] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npcosmop211.dll [2007-09-23] (PLATINUM technology, inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: FireFTP - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-01]
FF Extension: Firebug - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-07-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-02]

Chrome:
=======
CHR Profile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02]
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-09]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-06]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-21] (Avast Software s.r.o.)
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
S3 GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
R2 GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [200704 2003-12-17] (Symantec Corporation) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2009-09-21] (Symantec)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe /Processid:{541078A4-D4C1-42FA-BA83-F0039487567F}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327808 2005-07-20] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2005-07-20] (Aladdin Knowledge Systems Ltd.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2003-12-17] (Adaptec)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-21] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-21] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-21] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-21] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-21] ()
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
R1 GhPciScan; C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [5632 2003-12-17] (Symantec Corporation) [File not signed]
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [79960 2008-08-18] (JMicron Technology Corp.)
S2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-08] (Malwarebytes Corporation)
R0 MtxDma0; C:\WINDOWS\System32\drivers\MtxDma0.sys [179164 2001-12-13] (Matrox Electronic Systems Ltd.) [File not signed]
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [X]
S0 cccllq; System32\drivers\qvilowj.sys [X]
S3 Diag69xp; System32\Drivers\Diag69xp.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 09:31 - 2015-07-08 09:31 - 00021904 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2015-07-08 09:30 - 2015-07-08 09:31 - 00000000 ____D C:\FRST
2015-07-08 09:29 - 2015-07-08 09:29 - 01636352 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2015-07-08 09:23 - 2015-07-08 09:23 - 00102400 _____ C:\WINDOWS\Minidump\Mini070815-01.dmp
2015-07-08 09:16 - 2015-07-08 09:16 - 02244096 _____ C:\Documents and Settings\user\Desktop\adwcleaner_4.207.exe
2015-07-07 14:16 - 2015-07-07 14:16 - 00019844 ____N C:\Documents and Settings\user\Desktop\attach.txt
2015-07-07 14:16 - 2015-07-07 14:15 - 00011203 ____N C:\Documents and Settings\user\Desktop\dds.txt
2015-07-03 15:14 - 2015-07-06 09:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-01 12:40 - 2015-05-21 08:51 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-23 19:30 - 2015-06-23 19:30 - 18174128 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 09:32 - 2013-09-23 10:39 - 00000000 ____D C:\Documents and Settings\user\Local Settings\temp
2015-07-08 09:30 - 2012-04-05 14:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-08 09:27 - 2008-04-25 05:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-07-08 09:26 - 2013-09-23 14:32 - 00000000 ____D C:\AdwCleaner
2015-07-08 09:26 - 2008-04-25 17:28 - 01177724 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-08 09:25 - 2009-12-30 13:57 - 00000000 ____D C:\Program Files\Keyboard Express 3
2015-07-08 09:24 - 2014-05-19 11:43 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 09:24 - 2014-05-02 16:35 - 00000316 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-08 09:24 - 2008-04-25 12:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-08 09:23 - 2014-03-26 17:28 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-08 09:23 - 2013-10-16 09:55 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 09:23 - 2013-09-23 10:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-07-08 09:23 - 2010-03-24 18:40 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-08 09:23 - 2009-08-31 16:09 - 08405015 _____ C:\WINDOWS\TempFile
2015-07-08 09:23 - 2008-04-25 17:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-08 09:23 - 2008-04-25 05:25 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-08 09:23 - 2008-04-25 05:25 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-08 09:21 - 2009-07-11 20:22 - 00458752 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-07-08 09:21 - 2008-04-25 17:32 - 00032578 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-08 09:20 - 2009-07-21 17:21 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2015-07-08 09:19 - 2014-01-24 02:33 - 00000512 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1081035915-1334999037-3880933879-1005.job
2015-07-08 08:59 - 2013-10-16 09:55 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 08:21 - 2015-05-30 07:43 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1081035915-1334999037-3880933879-1005.job
2015-07-07 21:57 - 2010-08-18 12:33 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\BounceBack Express
2015-07-07 21:00 - 2014-05-02 16:35 - 00001846 ____N C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-07-07 15:56 - 2009-08-31 14:36 - 00000000 ____D C:\Documents and Settings\user\My Documents\My PSP8 Files
2015-07-07 15:54 - 2009-10-05 13:06 - 00000000 ____D C:\Program Files\dtpdemotest
2015-07-07 15:28 - 2009-09-21 12:32 - 00000000 ____D C:\arwork
2015-07-06 14:19 - 2014-08-26 14:55 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2015-07-06 09:15 - 2012-04-26 10:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-03 17:13 - 2008-04-25 17:26 - 00131766 ____N C:\WINDOWS\wmsetup.log
2015-07-03 15:55 - 2009-10-07 18:56 - 00000116 ____N C:\WINDOWS\NeroDigital.ini
2015-07-01 12:41 - 2014-11-24 10:46 - 00001722 ____N C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-06-30 09:21 - 2014-05-19 11:43 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-26 15:49 - 2014-05-02 16:34 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-06-23 19:30 - 2012-04-05 14:07 - 00778416 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-23 19:30 - 2011-06-07 10:06 - 00142512 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-22 17:28 - 2012-12-04 15:34 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canon
2015-06-18 08:41 - 2014-05-19 11:43 - 00121560 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-05-05 11:30 - 00023256 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-15 14:50 - 2009-08-31 17:37 - 00247808 ____N C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-15 12:17 - 2009-10-20 09:50 - 00677104 ____N C:\WINDOWS\setupapi.log
2015-06-15 12:17 - 2009-07-12 03:10 - 00006801 ____N C:\WINDOWS\setupact.log
2015-06-15 03:00 - 2009-08-05 16:52 - 136900096 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 15:00 - 2014-03-26 17:28 - 00000214 ____N C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2010-01-12 12:33 - 2010-01-14 19:08 - 0006772 ____N () C:\Documents and Settings\user\Local Settings\Application Data\admin.anduril
2010-01-15 15:27 - 2010-03-17 10:41 - 0009686 ____N () C:\Documents and Settings\user\Local Settings\Application Data\dburkhead.anduril
2010-02-05 10:54 - 2010-03-16 18:36 - 0001853 ____N () C:\Documents and Settings\user\Local Settings\Application Data\dbuser.anduril
2009-08-31 17:37 - 2015-06-15 14:50 - 0247808 ____N () C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-07-21 17:21 - 2009-07-21 17:22 - 0000127 ____N () C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\user\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwm4tmb.dll
C:\Documents and Settings\user\Local Settings\temp\G2MInstallerExtractor.exe
C:\Documents and Settings\user\Local Settings\temp\GLF6.EXE
C:\Documents and Settings\user\Local Settings\temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Documents and Settings\user\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\user\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\user\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

Attached Files



#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 09 July 2015 - 07:26 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-09]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-21]
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [X]
S0 cccllq; System32\drivers\qvilowj.sys [X]
S3 Diag69xp; System32\Drivers\Diag69xp.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
U2 V2iMount; No ImagePath

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

If still an issues reset Firefox:
Reset Default Browsing settings:
https://support.mozi.../www.google.ca/

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is it now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 09 July 2015 - 08:59 AM

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by user at 2015-07-09 09:16:48 Run:2
Running from C:\Documents and Settings\user\Desktop
Loaded Profiles: user (Available Profiles: user & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO: Windows
Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-09]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02]
CHR HKLM\...\Chrome\Extension:
[eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-21]
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [X]
S0 cccllq; System32\drivers\qvilowj.sys [X]
S3 Diag69xp; System32\Drivers\Diag69xp.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
U2 V2iMount; No ImagePath

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} => key not found.
HKCR\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: Windows => key not found.
HKCR\CLSID\BHO: Windows => key not found.
Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found.
HKCR\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found.
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully.
CHR HKLM\...\Chrome\Extension: => Error: No automatic fix found for this entry.
[eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
catchme => Service removed successfully.
cccllq => Service removed successfully.
Diag69xp => Service removed successfully.
Sentinel => Service removed successfully.
V2iMount => Service removed successfully.
EmptyTemp: => 387.3 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-09 09:19:45)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 09:19:46 ====

 

Zoek-results.txt:

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by user on Thu 07/09/2015 at  9:26:05.62.

Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\user\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-07-08-211829.log    14594 bytes

==== System Restore Info ======================

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Firefox Start and Search pages ======================

ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default
user_pref("backup.old.browser.startup.homepage", "http://www.asmicro.c...burkhead.htm");
user_pref("browser.startup.homepage", "http://www.asmicro.c...burkhead.htm");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [07/01/2015 12:40 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi

ProfilePath: C:\Documents and Settings\user\Application Data\Thunderbird\Profiles\i8g2z9e3.default
- Skicka Senare - %ProfilePath%\extensions\sendlater3@kamens.us.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default
28000D7EEB2FD95A36E1A7539F599C3B    - C:\Program Files\Windows Media Player\npdrmv2.dll -    Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7    - C:\Program Files\Windows Media Player\npdsplay.dll -    Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D    - C:\Program Files\Windows Media Player\npwmsdrm.dll -    Microsoft® DRM
421CB2C1010522B3BF7C00725520B844    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
005EBE4A4E6E9C9A7967F6C3F413C1DF    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
08ACECEB47FAF053C468D8AFE44709AD    - C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll -    Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67    - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation
AAA414455FE1AA87E424BDFCAE249B50    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live® Photo Gallery
5B92CB0A3EEE50F6B9AE036B4F9B0F0C    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
F98B0B2789436E072D7ED979C4E44D07    - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll -    Shockwave for Director / Shockwave for Director
9F8956BF8C354FCC6E0C416417E5E7ED    - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll -    Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Documents and Settings\user\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.132

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[08/06/2014 04:37 PM]

Bookmark Manager - user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Startpages ======================

C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
F15E5061178C31CE186787E651F8D80C98B0ECAB63168AC12D3E6963E2608","username":"47F8418AF5BB6E9F838F4A9C70E31F92D49B0F18451E069B33DA40CC9A37E4C1"}},"homepage":"ECC870CB2ED696334440C9F74232EE96173D0950457FE0DF05CFA5C0235312C7","homepage_is_newtabpage":"D2246B09CA9DA970B819B69D076D1B720CE2F68C34E003B9C1A11B3EEFCFB4C4","pinned_tabs":"A3E4DDB604AF63D21AD07A547B0FD45114038FF38FD50E841A5555791243C082","prefs":{"preference_reset_time":"F6FD127648B58587FDC48CEA2429889CF412182E34217CA3776483DFA68264C9"},"profile":{"reset_prompt_memento":"DDE72E3F5584FA42B6B440FF900E485CC1F0929F62E1036290238C43F74AFCB7"},"safebrowsing":{"incidents_sent":"86FA6148AAB36DC6BAEED2D6DEA8B60A2DF552D53373E8C5DECB5B023FF63992"},"search_provider_overrides":"542527CB2669C53C6BA3BEA581941E03FE9ED7FFAEE36BCF7AECE1417529BEF3","session":{"restore_on_startup":"B1F589C88F1141B1D8A55ABAF51AA3D939998DB3280C07C83978A839A34E42A6","startup_urls":"482D19AC3EC8ECD4C1A51A03D7A0796650C4C606CB8068C72B262A8C77ABC17D"},"software_reporter":{"prompt_reason":"B6C583829F5511CBB1A777F027B1199D4D415D6CBF98F53C8AE84A494B1824C9","prompt_seed":"64A7FB6A8EF95A4282D624B818F0D6E2A2029784EA2E0C32D12BAB8647CA9735","prompt_version":"1AA06B3AE3B60B777D5872D72A32B7511D1663387E36D81ADFCD3FC8E63F80EC"},"sync":{"remaining_rollback_tries":"2502F2B153117F273F7B2178B863BA55133FDEF0AFB3E87D321AC935E7B572F6"}},"super_mac":"FE764A6E30C80E68CA451CF72049F92DFBE65181B29A4D55772BABBA8A1C8DE2"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/"]}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Home_Page"="http://www.dell.com"
"Help_Page"="http://support.dell....=us&l=en&s=gen"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Home_Page"="http://go.microsoft..../?LinkId=69157"
"Help_Page"="http://go.microsoft..../?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\71UHBQPP will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IHPCWNXQ will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U97N8S3A will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z6WHXXKK will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=285 folders=35 4326150 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp will be emptied at reboot
C:\Documents and Settings\user\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\user\LOCALS~1\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\temp\Perflib_Perfdata_25c.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\71UHBQPP" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IHPCWNXQ" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U97N8S3A" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z6WHXXKK" not deleted

==== EOF on Thu 07/09/2015 at  9:48:15.00 ======================
 

Firefox reset and cache cleared.

 

And still getting the same result.  Try to log onto Facebook and get the following:

Your Computer Needs to Be Cleaned
1U2ftI0b2hV.png   It looks like your computer is being affected by malware. We’ll help you fix the problem to keep your account secure and prevent malware from spreading to friends.     Malware is software that tries to steal personal information and causes problems when you use Facebook. Clicking or sharing links that contain spam can give your computer malware.

 

Followed by a button to "get started" which I have left strictly alone.



#8 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 09 July 2015 - 10:13 AM

An additional issue.  I started Microsoft PowerPoint (work goes on even with the computer problem) and got a sequence of errors "Microsoft Visual Basic Component not correctly registered".  Got a bunch of those, then a "could not load an object because it is not available on this machine.  Then Powerpoint finally opens but when I close it there are a bunch more of the "Component not correctly registered" behind it.

 



#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 09 July 2015 - 12:46 PM

Download and reinstall the Service Pack 6 for Visual Basic 6.0: Run-Time Redistribution Pack

Select the proper language.
http://www.microsoft...s.aspx?id=24417
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 09 July 2015 - 12:54 PM

Got this:

 

Error registering the OCX C:\WINDOWS\System32\OLEAUT32.DLL

 

And the same result when I tried to open PowerPoint.



#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 09 July 2015 - 12:59 PM

Did you see my previous message?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 09 July 2015 - 01:03 PM

My last reply was the result of attempting to download and reinstall the VB6 run time redistribution pack.



#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 10 July 2015 - 07:18 AM

Click The Start button.
Click Run.
Type cmd or command and press enter.

At the DOS PROMPT type the following

Regsvr32 OLEAUT32.DLL Hit the Enter key.

To exist the DOS PROMPT type EXIT Hit the Enter key.

If successful try to reinstall the Service Pack 6 for Visual Basic 6.0

If you get an error please post the exact message and continue.



Please run the Farbar Recovery Scan Tool. Enter OLEAUT32.DLL in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 10 July 2015 - 08:26 AM

Attempted to run "regsvr 32 OLEAUT32.dll" and get the following error:

 

DLLRegisterServer in OLEAUT32.dll failed.  Return code was 0x80070005

 

To be clear, I was running in an account with Administrator privileges.  Indeed, it is the sole account on this computer.

 

Search.txt:

Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by user at 2015-07-10 09:21:25
Running from C:\Documents and Settings\user\Desktop
Boot Mode: Normal

================== Search Files: "OLEAUT32.DLL" =============

C:\WINDOWS\system32\oleaut32.dll
[2008-04-25 12:16][2013-01-25 23:55] 0552448 ____N (Microsoft Corporation) eff03460e542eea6b0abdec6bf19c897      [File is signed]

C:\WINDOWS\system32\dllcache\oleaut32.dll
[2008-04-25 12:16][2013-01-25 23:55] 0552448 ___AC (Microsoft Corporation) eff03460e542eea6b0abdec6bf19c897      [File is signed]

C:\WINDOWS\LastGood\system32\OLEAUT32.DLL
[2015-07-09 13:49][2013-01-25 23:55] 0552448 ____N (Microsoft Corporation) eff03460e542eea6b0abdec6bf19c897      [File is signed]

C:\WINDOWS\$NtUninstallKB2802968$\oleaut32.dll
[2013-02-13 04:06][2010-12-20 13:32] 0551936 ____C (Microsoft Corporation) 1b2be5777f69a71778f52ffee1c798d6      [File is signed]

C:\WINDOWS\$NtUninstallKB2476490$\oleaut32.dll
[2011-06-16 10:50][2008-04-14 08:00] 0551936 ____C (Microsoft Corporation) 387006cf9983000bab76dd250d424045      [File is signed]

C:\WINDOWS\$hf_mig$\KB2802968\SP3QFE\oleaut32.dll
[2013-01-25 23:55][2013-01-25 23:55] 0552448 ____A (Microsoft Corporation) 6874d2a757f06dc1d8b3c80a47755013      [File is signed]

C:\WINDOWS\$hf_mig$\KB2476490\SP3QFE\oleaut32.dll
[2010-12-20 13:30][2010-12-20 13:30] 0552448 ____A (Microsoft Corporation) 37fef4e75c47afdb6a7ef3294994504f      [File is signed]

C:\VCI\FORMONE5\Redist32\OLEAUT32.DLL
[2009-08-31 12:10][1997-05-19 09:08] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296     

C:\source\Disk1\WinNT40\Oleaut32.dll
[2009-08-31 16:21][2001-01-11 15:46] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\source\Disk1\Win95-98\Oleaut32.dll
[2009-08-31 16:21][2001-01-11 15:45] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\Program Files\Microsoft Visual Studio\VB98\Wizards\PDWizard\Redist\OLEAUT32.DLL
[2000-04-12 00:00][2000-04-12 00:00] 0598288 ____N (Microsoft Corporation) 7b156d230278b8c914ef3f4169fec1cc     

C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\Visual Basic Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll
[2009-08-31 17:03][1998-08-07 07:55] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296     

C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\PowerBuilder Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll
[2009-08-31 17:03][1998-08-24 17:39] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296     

C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\OLE DB Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll
[2009-08-31 17:03][1998-07-08 15:32] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296     

C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\ODBC-DAO-RDO Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll
[2009-08-31 17:03][1998-06-30 14:17] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296     

C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\ADO Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll
[2009-08-31 17:02][1998-07-06 11:53] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296     

C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\Access Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll
[2009-08-31 17:02][1998-07-28 13:57] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296     

C:\NSToolBox\Matrox\ActiveMIL\System\oleaut32.dll
[2009-08-31 16:02][1999-11-18 12:04] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DTP Explorer\Media\CD Rom\Disk Images\Disk1\OleAut32.dll
[2011-06-24 15:37][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus II\Media\CD Install\Disk Images\Disk1\WinNT40\Oleaut32.dll
[2011-06-24 15:38][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus II\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:39][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus Demo\Media\CD Install\Disk Images\Disk1\WinNT40\Oleaut32.dll
[2011-06-24 15:39][1998-10-15 13:04] 0598288 ____N (Microsoft Corporation) 8afb4c39ad28cf287b6c2a65003c2f97     

C:\My Installations\OLD\DiscTrack Plus Demo\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:40][1999-03-24 13:33] 0598288 ____N (Microsoft Corporation) 38461ada35229a5bcb53a33e516030d6     

C:\My Installations\OLD\DiscTrack Plus 2000 USB\Media\CD Install\Disk Images\Disk1\WinNT40\Oleaut32.dll
[2011-06-24 15:41][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus 2000 USB\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:41][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus 2000 IV\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:42][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\OLD\DiscTrack Plus 2000 IV\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:43][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus 2000 III\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:44][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\OLD\DiscTrack Plus 2000 III\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:44][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus 2000 II\Media\CD\Disk Images\Disk1\WinNT40\Oleaut32.dll
[2011-06-24 15:45][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus 2000 II\Media\CD\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:46][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus 2000\Media\CD Rom\Disk Images\Disk1\WinNT40\Oleaut32.dll
[2011-06-24 15:47][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus 2000\Media\CD Rom\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:47][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\OLD\DiscTrack Plus\Media\CD Install\Disk Images\disk1\Shared\Oleaut32.dll
[2011-06-24 15:48][1998-06-02 19:24] 0598288 ____N () 44bf5f06b3fa6e1943e5350b57f8b393     

C:\My Installations\OLD\DiscTrack Demo\Media\CD Install\Disk Images\disk1\Shared\Oleaut32.dll
[2011-06-24 15:49][1998-06-02 19:24] 0598288 ____N () dc6eb29b3673566932cc7e57ae2b6d3b     

C:\My Installations\MagneTrack II\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:32][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\MagneTrack II\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:32][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\DTP_AIP II-1\Media\DC Media\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 16:05][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\DTP_AIP II-1\Media\DC Media\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 16:05][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\DTP_AIP II\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:36][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\DTP_AIP II\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:36][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\DTP_AIP\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:30][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\DTP_AIP\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:31][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\DTP II-1\Media\CD Media\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:50][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\DTP II-1\Media\CD Media\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:51][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\DTP\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:52][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\DTP\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:52][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\DiscTrack Plus with AIP\Media\CD Media\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:54][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\DiscTrack Plus with AIP\Media\CD Media\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:54][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

C:\My Installations\AIP\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL
[2011-06-24 15:56][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5     

C:\My Installations\AIP\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll
[2011-06-24 15:56][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34     

====== End of Search ======



#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 10 July 2015 - 12:26 PM

You probably have to run the CMD.EXE as an Administrator.

https://social.techn...to-register-dll

Search for CMD.EXE and when found Right Click on it and select run as An Administrator.

At the DOS PROMPT type the following

Regsvr32 OLEAUT32.DLL Hit the Enter key.

To exist the DOS PROMPT type EXIT Hit the Enter key.

How is it now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 10 July 2015 - 12:38 PM

Same result.

 

Note that the login account is the only account on this computer.  I do a "run as" and unclick the "protect my computer from unauthorized..." in case that is the problem but still same result.



#17 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 10 July 2015 - 12:40 PM

Oh, and to be clear, I am running in Windows XP and the specific "run as administrator" does not appear as an option.



#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 11 July 2015 - 07:10 AM

May be we are barking at the wrong tree.
Read this.
https://www.facebook...150902333195766

Lets try this.

Remove Firefox using the instructions one this page.
https://support.mozi...m-your-computer

Before proceeding save your Bookmarks.
https://support.mozi...kup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozi...hange-passwords
<<<>>>

How is it now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 103 posts

Posted 13 July 2015 - 09:16 AM

Actually, the problem with Facebook seems to have cleared itself up.  That just leaves us with the problem with PowerPoint that something along the way appears to have broken.  I have tried other Office apps (Office 2000 to be exact)--Word, Excel, and Front Page with no problems.

 

It occurs to me that I have an add-in to PowerPoint, "Image Importer Wizard."  And checking that shows that it's not working.  This is very bad as that's an important part of what we do here. (We do analytical reports that generally have a lot of figures--we import them into PowerPoint to provide a convenient "container" for presentation to customers.)

 

Perhaps reinstalling Image Import Wizard? (Although the failure to register OLEAUT32.DLL concerns me.)



#20 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 13 July 2015 - 12:48 PM

Your Active oleaut32.dll file is good.
Check the review here.
 
===
 
I do not have an XP machine to check the version.
If still in doubt I suggest you check with the experts in the Windows XP forum.
 
 

Perhaps reinstalling Image Import Wizard? (Although the failure to register OLEAUT32.DLL concerns me.)
 
I would reinstasll it. If the OLEAUT32.DLL causes a problem then you can check with the XP forum.
 
You should have good restore points as new ones were created with the Farbar fix and the ZOEK TOOL.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Bing (1)
Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!