Jump to content


Photo

win 32 malware gen

avast

  • Please log in to reply
11 replies to this topic

#1 rl153

rl153

    Advanced Member

  • Full Member
  • PipPipPip
  • 133 posts

Posted 21 September 2016 - 07:30 PM

Avast detected this win 32 malware gen  in my d drive. I quarantined the file then deleted it . I scanned the d drive again and then there were about 17 files that said avast couldn't scan them they are password protected . I'm not sure what that means.  Here are my logs

 

malware bytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/21/2016
Scan Time: 7:36:33 PM
Logfile: malware bytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.21.14
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304856
Time Elapsed: 30 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

frst

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2016
Ran by Owner (administrator) on MITZI (21-09-2016 20:13:25)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\WINDOWS\zHotkey.exe
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CHotkey] => C:\WINDOWS\zHotkey.exe [543232 2005-05-03] ()
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2010-01-22] (Apple Computer, Inc.)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15] (ATI Technologies Inc.)
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-19] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AD29A29A-8BFB-471A-A54C-9175FB00E164}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> DefaultScope {581D6D8B-3055-4D20-81FE-B10272979761} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {581D6D8B-3055-4D20-81FE-B10272979761} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {77C3C071-4B61-4E6D-9719-FAC4804C6190} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {EC376F27-6DC3-468A-B11A-8B722F2F81F4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8MCDF&pc=B8MC&src=IE-SearchBox
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-14] (AVAST Software)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9lvdxna.default
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://us.my.yahoo.com/
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=mcafee&type=B110US0D20131111&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-19] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1192153782-1980124124-3360170330-1006: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-07-27]
FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9lvdxna.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-18] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-19]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-08-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-19] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-19] (Oracle Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2010-01-22] (New Boundary Technologies, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2005-04-19] (Realtek Semiconductor Corp.)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2010-01-22] (Windows ® 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-05-19] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-05-19] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-05-19] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-05-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-05-19] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-05-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-05-19] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-05-19] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-05-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S3 CAM1690; C:\WINDOWS\System32\Drivers\cam1690.sys [181888 2007-11-21] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2004-11-10] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24832 2004-11-10] (Roxio) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-14] (Realtek Semiconductor Corporation                           )
S3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
U4 intelppm; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-21 20:13 - 2016-09-21 20:13 - 00015423 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-09-21 20:13 - 2016-09-21 20:13 - 00000000 ____D C:\FRST
2016-09-21 20:11 - 2016-09-21 20:11 - 00001062 _____ C:\Documents and Settings\Owner\My Documents\malware bytes.txt
2016-09-21 19:15 - 2016-09-21 19:15 - 01753088 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-09-12 19:38 - 2016-09-12 20:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-12 19:29 - 2016-09-12 19:29 - 00245743 _____ C:\Documents and Settings\Owner\My Documents\RegCertificate  sunny 2016.pdf
2016-09-12 19:28 - 2016-09-12 19:28 - 00257585 _____ C:\Documents and Settings\Owner\My Documents\Receipt sunnys registration 2016.pdf
2016-09-01 10:57 - 2016-09-01 10:57 - 00000022 _____ C:\Documents and Settings\Owner\My Documents\sunny tracking.txt
2016-08-26 20:09 - 2016-08-26 20:09 - 00064388 _____ C:\Documents and Settings\Owner\My Documents\pams card id.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-21 20:13 - 2012-12-03 11:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2016-09-21 20:11 - 2010-01-22 13:51 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents
2016-09-21 19:59 - 2010-02-10 17:29 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-21 19:38 - 2015-10-24 20:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-21 19:38 - 2013-01-09 20:33 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006UA.job
2016-09-21 19:38 - 2013-01-09 20:33 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006Core.job
2016-09-21 19:36 - 2014-07-10 13:29 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-21 19:07 - 2012-12-04 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-09-21 18:45 - 2011-04-07 21:23 - 00000000 ____D C:\Program Files\Amazon
2016-09-21 18:45 - 2011-04-07 21:23 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Amazon
2016-09-21 17:54 - 2010-06-06 16:50 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-09-21 17:39 - 2010-01-22 13:52 - 00003854 _____ C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2016-09-21 16:38 - 2004-10-27 21:26 - 00032652 _____ C:\WINDOWS\SchedLgU.Txt
2016-09-21 16:34 - 2004-10-27 21:14 - 00000000 ____D C:\WINDOWS\Registration
2016-09-21 16:33 - 2016-04-14 22:28 - 00000460 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1460687301.job
2016-09-21 16:33 - 2013-08-15 15:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-09-21 16:33 - 2010-02-10 17:29 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-21 16:33 - 2004-10-27 21:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-21 13:42 - 2013-10-16 19:17 - 00364096 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-09-21 13:42 - 2010-01-22 13:51 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-09-20 19:08 - 2010-01-22 13:51 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Pictures
2016-09-20 17:16 - 2004-10-27 20:52 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-19 15:09 - 2007-08-23 16:02 - 00099276 _____ C:\Documents and Settings\Owner\My Documents\Wells fargo Wachovia.txt
2016-09-14 19:36 - 2011-02-17 22:57 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Skype
2016-09-14 18:58 - 2015-12-11 21:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-09-14 15:38 - 2016-07-14 14:38 - 06502080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-09-14 15:38 - 2012-04-01 19:44 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-14 15:38 - 2011-05-19 10:33 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-14 15:38 - 2004-10-27 21:16 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-12 22:41 - 2010-01-22 13:51 - 00000000 ____D C:\Documents and Settings\Owner
2016-09-12 22:04 - 2013-07-04 12:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-12 20:02 - 2016-07-22 14:45 - 00000981 _____ C:\Documents and Settings\Owner\My Documents\sunnys trip november twenty sixteen.txt
2016-09-07 21:00 - 2010-01-24 15:18 - 00000000 ____D C:\Program Files\FinePixViewer
2016-09-04 15:09 - 2014-05-17 17:06 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\shortcuts desktop
2016-08-30 11:03 - 2015-10-17 17:15 - 00000000 ___RD C:\Program Files\Skype
2016-08-30 11:02 - 2011-02-17 22:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-08-29 21:47 - 2015-08-29 09:53 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-08-27 19:33 - 2014-07-10 10:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-08-27 19:32 - 2015-03-07 18:16 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-27 19:32 - 2014-07-10 10:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-26 20:14 - 2012-11-20 16:31 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-26 14:38 - 2010-09-20 11:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\SRP
2016-08-23 18:47 - 2014-11-21 15:48 - 00000054 _____ C:\Documents and Settings\Owner\My Documents\Hallmark Card Studio 2009.txt

==================== Files in the root of some directories =======

2010-06-08 22:05 - 2014-11-04 15:12 - 0000438 ____C () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2010-01-22 21:00 - 2013-04-25 16:21 - 0012288 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-22 21:35 - 2010-01-22 21:35 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
2010-01-22 20:36 - 2010-01-24 16:24 - 0010977 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

 

 

addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016
Ran by Owner (21-09-2016 20:14:28)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-01-22 17:51:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================
 

 

 



#2 rl153

rl153

    Advanced Member

  • Full Member
  • PipPipPip
  • 133 posts

Posted 21 September 2016 - 07:36 PM

sal log

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 11th September, 2016
Running from:C:\Documents and Settings\Owner\Desktop (20:36:23 - 09/21/2016)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 3
*WARNING* Windows XP is no longer supported
Internet Explorer 8
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.EXE
***-----------------Anti-Virus - Firewall-------------------***
avast! Antivirus Disabled - up to Date!
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 23.0.0.162)
Java (version 1.71.14) is *out of Date*
Adobe Reader XI -- An older version than (11.0.17) is installed.
CCleaner (version 5.21)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Mozilla Firefox (version 48)
SpywareBlaster (version 5.5)
 



#3 rl153

rl153

    Advanced Member

  • Full Member
  • PipPipPip
  • 133 posts

Posted 21 September 2016 - 07:37 PM

In the avast scan log I have the exact files  that were deleted and are password protected



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 22 September 2016 - 08:09 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-12] [not signed]
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
U4 intelppm; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

p.s.
I need to see the complete Addition.txt log.
Your current post is not complete, please post again.

Let me know what issues you are having with this computer.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 rl153

rl153

    Advanced Member

  • Full Member
  • PipPipPip
  • 133 posts

Posted 22 September 2016 - 09:19 AM

Hi Nasdaq, I ran the fix you suggested,   and below is the fixlog . As far as the addition log goes , when I first

ran FRST there was an error at the end and possible cut the log short , Do you want me to try to run it again? Here's the fixlog  

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016
Ran by Owner (22-09-2016 10:10:26) Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-12] [not signed]
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
U4 intelppm; no ImagePath

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => value removed successfully.
HKCR\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => key not found.
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value removed successfully.
HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => key not found.
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => value removed successfully.
HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => key not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully
catchme => service removed successfully.
intelppm => service removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 16956 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 305241 B
Java, Flash, Steam htmlcache => 124749 B
Windows/system/dllcache/drivers => 31471082 B
Edge => 0 B
Chrome => 0 B
Firefox => 419965396 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default User => 33208 B
All Users => 0 B
systemprofile => 198286 B
LocalService => 33608 B
NetworkService => 164197 B
Owner => 127378 B
Administrator => 32918 B

RecycleBin => 0 B
EmptyTemp: => 431.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:14:00 ====



#6 rl153

rl153

    Advanced Member

  • Full Member
  • PipPipPip
  • 133 posts

Posted 22 September 2016 - 09:54 AM

I ran avast again , still files say password protected.Here is the file I deleted that had the virus

 

i386\apps\\app00398\recovery_guide_em_eng_9532288.exe        Was this possibly a false positive,and something I shouldn't have deleted?



#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 23 September 2016 - 08:23 AM

I ran avast again , still files say password protected.Here is the file I deleted that had the virus

i386\apps\\app00398\recovery_guide_em_eng_9532288.exe Was this possibly a false positive,and something I shouldn't have deleted?

The deleted file is possibly in your recycle bin and Avast is flagging it.

Empty your Recycle bin.
===

Run the Farbar tool one more time.
Ensure that the box to create is checked. This will create a new Addition.txt.

Post both the FRST and Addition.txt files for my review.

Is the notice from Avast still persisting?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 rl153

rl153

    Advanced Member

  • Full Member
  • PipPipPip
  • 133 posts

Posted 23 September 2016 - 08:47 AM

nasdaq, avast no longer detects a virus, the file I posted was the original one I deleted . Sorry if I'm unclear. At the end of the avast scan now it states some file couldn't be scanned ,and it lists them and says they are password protected .There are about 17 of them . I will run FRST again as soon as I get a chance ,and post the results. Thanks!

#9 rl153

rl153

    Advanced Member

  • Full Member
  • PipPipPip
  • 133 posts

Posted 23 September 2016 - 10:26 AM

NNasdaq  , FRST successfully  created both logs this time. I don't know if there is a reason for this , but the computer seems to be running a bit better . Would that fix you had me do have something to do with it? Heres the addition log.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016
Ran by Owner (23-09-2016 11:22:04)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-01-22 17:51:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1192153782-1980124124-3360170330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1192153782-1980124124-3360170330-1004 - Limited - Enabled)
Guest (S-1-5-21-1192153782-1980124124-3360170330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1192153782-1980124124-3360170330-1005 - Limited - Disabled)
Owner (S-1-5-21-1192153782-1980124124-3360170330-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1192153782-1980124124-3360170330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AIOMinimal (Version: 40.0.105.000 - Hewlett-Packard) Hidden
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5145 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.12-050317m-022739C - )
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 11.2.2262 - AVAST Software)
BigFix (HKLM\...\BigFix) (Version:  - ) <==== ATTENTION
Business Card Workshop 2 (HKLM\...\InstallShield_{83457075-C6D0-4A09-9E90-27027C383A1A}) (Version: 2.00.0000 - ValuSoft)
Business Card Workshop 2 (Version: 2.00.0000 - ValuSoft) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FinePix Studio (HKLM\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version:  - )
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.4 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.4 - FUJIFILM Corporation)
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Hallmark Card Studio 2009 Deluxe (HKLM\...\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}) (Version: 10.0.0.28 - Creative Home)
HP PSC & OfficeJet 3.5 (HKLM\...\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}) (Version: 3.5 - HP)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Keyboard Driver (HKLM\...\{FF262740-C85A-11D5-BBEC-00D0B740900A}) (Version:  - )
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.0.3.7 - Napster)
Napster Burn Engine (Version: 2.5.0000 - Roxio) Hidden
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Overland (Version: 2.1.4 - Hewlett-Packard) Hidden
PHOTOfunSTUDIO -viewer- (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 2.00.000 - Panasonic)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - ) <==== ATTENTION
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Scan (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 7.27 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Snippy 1.0 (HKLM\...\{2A4A9714-0E9D-4E42-8448-AC96CD2EDF18}_is1) (Version:  - CodePackage)
SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version:  - )
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version:  - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Media Center Edition 2005 KB890629 (HKLM\...\KB890629) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB890760 (HKLM\...\KB890760) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB895198 (HKLM\...\KB895198) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB895678 (HKLM\...\KB895678) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{013F891C-58A8-42F1-BA17-A3954DDED562}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{073258F7-8BC6-4a64-A4E7-919E4D32DC63}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACWMA.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{12897008-A82D-4267-92A3-04D22450D565}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXAudioCodec.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{1C6E0E46-4E5F-492D-B946-44291B931361}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{2000AA1D-2E7C-4EBA-9893-DAE4EF5E1FE5}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{403BD5FD-724C-4D96-86ED-B9E3A2ACBD8E}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{616A7D2A-A222-4083-8FF2-363141AFBC56}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{8917825A-AFBC-40C1-BC8A-CD0DC7F7A6E2}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{A0A0888B-8977-45b5-B884-57CC3A164650}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACMP3CTD.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{AF7C0A6A-3D7C-46DC-AF54-BF1E1C2DDD50}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{C955DD8E-0167-440B-BE27-DAC0A2E03233}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{D07DC324-55D5-4DBE-8A41-1F2E13E8D933}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{D48915E5-268D-4C2A-9146-EE042C6A7CCE}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{D806C170-3B96-4A54-AD9F-B546E3C21408}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{DF525519-639E-47AF-9576-330DF39B29FE}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{FB07A580-07A7-46EE-82A1-EDE5C3AEEC68}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{FF866659-937C-4EFF-9416-BD79B72C7BA1}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1460687301.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-19 18:23 - 2016-05-19 12:01 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-19 18:23 - 2016-05-19 12:01 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-22 13:40 - 2016-09-22 13:40 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092201\algo.dll
2015-11-16 11:27 - 2016-05-19 12:01 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-09-23 11:17 - 2016-09-23 11:17 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092300\algo.dll
2015-11-16 11:27 - 2016-05-19 12:01 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2010-01-22 14:24 - 2004-09-28 05:54 - 00269824 _____ () C:\WINDOWS\system32\sbe.dll
2010-01-22 14:24 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2010-01-22 14:19 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2010-01-22 14:22 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2010-01-22 15:30 - 2005-05-03 18:02 - 00543232 _____ () C:\WINDOWS\zHotkey.exe
2010-01-22 15:30 - 2001-07-02 11:36 - 00024576 _____ () C:\WINDOWS\HKNTDLL.dll
2015-03-14 11:32 - 2015-12-11 15:09 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2010-01-22 14:20 - 2012-12-03 11:05 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk => C:\WINDOWS\pss\BigFix.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2009.lnk => C:\WINDOWS\pss\Event Planner Reminder 2009.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk => C:\WINDOWS\pss\ExifLauncher2.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
MSCONFIG\startupreg: ATIPTA => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: MCAgentExe => c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeExp.exe] => Enabled:LifeExp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeCam.exe] => Enabled:LifeCam.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeEnC2.exe] => Enabled:LifeEnC2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeTray.exe] => Enabled:LifeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

21-09-2016 20:59:06 System Checkpoint
22-09-2016 10:10:34 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2016 08:14:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 21.9.2016.0, faulting module frst.exe, version 21.9.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]

Error: (09/08/2016 02:54:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.1.6018, faulting module mozglue.dll, version 47.0.1.6018, fault address 0x0000f02b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/07/2016 09:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application finepixviewer.exe, version 5.4.1.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [finepixviewer.exe!ws!]

Error: (08/26/2016 10:35:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.1.6018, faulting module mozglue.dll, version 47.0.1.6018, fault address 0x0000f02b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/05/2016 01:10:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application finepixviewer.exe, version 5.4.1.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [finepixviewer.exe!ws!]

Error: (07/01/2016 05:08:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/28/2016 07:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application finepixviewer.exe, version 5.4.1.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [finepixviewer.exe!ws!]

Error: (06/21/2016 02:15:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2016 12:21:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/14/2016 01:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 43.0.4.5848, faulting module mozglue.dll, version 43.0.4.5848, fault address 0x0000ed44.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PrismXL service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSCamSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Media Center Scheduler Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2016 09:50:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3500+
Percentage of memory in use: 47%
Total physical RAM: 894.48 MB
Available physical RAM: 471.8 MB
Total Virtual: 2166.13 MB
Available Virtual: 1741.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:182.19 GB) (Free:154.56 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.11 GB) (Free:1.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 52DF0FB1)
Partition 1: (Active) - (Size=182.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.1 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

 

Here's the other Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2016
Ran by Owner (administrator) on MITZI (23-09-2016 11:20:37)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\WINDOWS\zHotkey.exe
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CHotkey] => C:\WINDOWS\zHotkey.exe [543232 2005-05-03] ()
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2010-01-22] (Apple Computer, Inc.)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15] (ATI Technologies Inc.)
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-19] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AD29A29A-8BFB-471A-A54C-9175FB00E164}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> DefaultScope {581D6D8B-3055-4D20-81FE-B10272979761} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {581D6D8B-3055-4D20-81FE-B10272979761} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {77C3C071-4B61-4E6D-9719-FAC4804C6190} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {EC376F27-6DC3-468A-B11A-8B722F2F81F4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8MCDF&pc=B8MC&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-14] (AVAST Software)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9lvdxna.default
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://us.my.yahoo.com/
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=mcafee&type=B110US0D20131111&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-19] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1192153782-1980124124-3360170330-1006: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-07-27]
FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9lvdxna.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-18] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-19]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-08-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-19] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-19] (Oracle Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2010-01-22] (New Boundary Technologies, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2005-04-19] (Realtek Semiconductor Corp.)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2010-01-22] (Windows ® 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-05-19] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-05-19] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-05-19] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-05-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-05-19] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-05-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-05-19] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-05-19] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-05-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S3 CAM1690; C:\WINDOWS\System32\Drivers\cam1690.sys [181888 2007-11-21] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2004-11-10] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24832 2004-11-10] (Roxio) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-14] (Realtek Semiconductor Corporation                           )
S3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 11:20 - 2016-09-23 11:21 - 00014322 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-09-22 10:10 - 2016-09-22 10:14 - 00004393 _____ C:\Documents and Settings\Owner\Desktop\Fixlog.txt
2016-09-21 20:36 - 2016-09-21 20:36 - 00001098 _____ C:\Documents and Settings\Owner\Desktop\SALog.txt
2016-09-21 20:35 - 2016-09-21 20:35 - 00898560 _____ C:\Documents and Settings\Owner\Desktop\RGSA.exe
2016-09-21 20:14 - 2016-09-21 20:14 - 00000394 _____ C:\Documents and Settings\Owner\My Documents\Addition.txt
2016-09-21 20:13 - 2016-09-23 11:20 - 00000000 ____D C:\FRST
2016-09-21 20:13 - 2016-09-21 20:14 - 00022594 _____ C:\Documents and Settings\Owner\My Documents\FRST.txt
2016-09-21 20:11 - 2016-09-21 20:11 - 00001062 _____ C:\Documents and Settings\Owner\My Documents\malware bytes.txt
2016-09-21 19:15 - 2016-09-21 19:15 - 01753088 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-09-12 19:38 - 2016-09-12 20:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-12 19:29 - 2016-09-12 19:29 - 00245743 _____ C:\Documents and Settings\Owner\My Documents\RegCertificate  sunny 2016.pdf
2016-09-12 19:28 - 2016-09-12 19:28 - 00257585 _____ C:\Documents and Settings\Owner\My Documents\Receipt sunnys registration 2016.pdf
2016-09-01 10:57 - 2016-09-01 10:57 - 00000022 _____ C:\Documents and Settings\Owner\My Documents\sunny tracking.txt
2016-08-26 20:09 - 2016-08-26 20:09 - 00064388 _____ C:\Documents and Settings\Owner\My Documents\pams card id.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 11:21 - 2012-12-03 11:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2016-09-23 11:19 - 2012-12-04 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-09-23 11:18 - 2014-07-10 13:29 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-23 11:17 - 2010-01-22 13:51 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents
2016-09-23 11:15 - 2016-04-14 22:28 - 00000460 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1460687301.job
2016-09-23 11:15 - 2010-01-22 13:52 - 00004576 _____ C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2016-09-23 11:15 - 2004-10-27 21:14 - 00000000 ____D C:\WINDOWS\Registration
2016-09-23 11:14 - 2013-08-15 15:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-09-23 11:14 - 2010-02-10 17:29 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-23 11:14 - 2004-10-27 21:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-22 15:00 - 2010-01-22 13:51 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-09-22 15:00 - 2004-10-27 21:26 - 00032652 _____ C:\WINDOWS\SchedLgU.Txt
2016-09-22 14:59 - 2010-02-10 17:29 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 14:40 - 2007-08-23 16:02 - 00099375 _____ C:\Documents and Settings\Owner\My Documents\Wells fargo Wachovia.txt
2016-09-22 14:38 - 2015-10-24 20:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-22 11:40 - 2013-10-16 19:17 - 00364096 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-09-22 11:40 - 2010-01-22 13:51 - 00000000 ____D C:\Documents and Settings\Owner
2016-09-22 10:40 - 2010-06-06 16:50 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-09-22 10:38 - 2013-01-09 20:33 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006UA.job
2016-09-21 19:38 - 2013-01-09 20:33 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006Core.job
2016-09-21 18:45 - 2011-04-07 21:23 - 00000000 ____D C:\Program Files\Amazon
2016-09-21 18:45 - 2011-04-07 21:23 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Amazon
2016-09-20 19:08 - 2010-01-22 13:51 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Pictures
2016-09-20 17:16 - 2004-10-27 20:52 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-14 19:36 - 2011-02-17 22:57 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Skype
2016-09-14 18:58 - 2015-12-11 21:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-09-14 15:38 - 2016-07-14 14:38 - 06502080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-09-14 15:38 - 2012-04-01 19:44 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-14 15:38 - 2011-05-19 10:33 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-14 15:38 - 2004-10-27 21:16 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-12 22:04 - 2013-07-04 12:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-12 20:02 - 2016-07-22 14:45 - 00000981 _____ C:\Documents and Settings\Owner\My Documents\sunnys trip november twenty sixteen.txt
2016-09-07 21:00 - 2010-01-24 15:18 - 00000000 ____D C:\Program Files\FinePixViewer
2016-09-04 15:09 - 2014-05-17 17:06 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\shortcuts desktop
2016-08-30 11:03 - 2015-10-17 17:15 - 00000000 ___RD C:\Program Files\Skype
2016-08-30 11:02 - 2011-02-17 22:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-08-29 21:47 - 2015-08-29 09:53 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-08-27 19:33 - 2014-07-10 10:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-08-27 19:32 - 2015-03-07 18:16 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-27 19:32 - 2014-07-10 10:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-26 20:14 - 2012-11-20 16:31 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-26 14:38 - 2010-09-20 11:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\SRP

==================== Files in the root of some directories =======

2010-06-08 22:05 - 2014-11-04 15:12 - 0000438 ____C () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2010-01-22 21:00 - 2013-04-25 16:21 - 0012288 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-22 21:35 - 2010-01-22 21:35 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
2010-01-22 20:36 - 2010-01-24 16:24 - 0010977 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 24 September 2016 - 08:16 AM

Your logs are clean.

The protected files found by Avast are probably protected by the Operating systems. Nothing to worry about.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 rl153

rl153

    Advanced Member

  • Full Member
  • PipPipPip
  • 133 posts

Posted 24 September 2016 - 12:15 PM

Thanks so much for your help! Did that fix we ran help in some way,because the computer seems to run better, or maybee its my imagination. Please let me know what that was about.Another thing, did you recognize that infected file I deleted as anything familiar, or was it a false positive?  Also how do I delete those two programs I downloaded? I'll make a small donation.I appreciate your help!


Edited by rl153, 24 September 2016 - 09:57 PM.


#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 25 September 2016 - 08:27 AM


If you search Google with recovery_guide_em_eng_9532288.exe you will get only 2 hits.
I o not know what it did/was.

===

I only cleaned what was not required.
Possibly remove the restrictions helped.

I would create a folder name it Removal_tools and move the Farbar tool in it.
If needed in the future you can use it to report other problems.

Delete the FRST and Addition.txt logs.

Just delete the Program and the log from the Security Analysis by Rocket Grannie

===

Thank you for your support
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760





Also tagged with one or more of these keywords: avast

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!