Jump to content


Photo

Spywareblaster found using over 40% of CPU resources in hidden window


  • This topic is locked This topic is locked
53 replies to this topic

#1 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 05 October 2014 - 04:25 PM

Spywareblaster found using over 40% of CPU resources in hidden window, used Process Explorer to shut it down manually.  Am worried that my computer may be compromised. 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/5/2014
Scan Time: 1:37:19 PM
Logfile: MalwareBytes AntiMalware Scan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.05.08
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Francis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361235
Time Elapsed: 24 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21376  BrowserJavaVersion: 11.20.2
Run by Francis at 14:56:03 on 2014-10-05
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3322.1798 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\EMET 4.1\EMET_agent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\PROGRA~1\Webshots\315~1.76~\Webshots.scr
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.bankofamerica.com/index.jsp
dURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_20\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_20\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - <orphaned>
uRun: [cdloader] "c:\documents and settings\francis\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\francis\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [EMET 4.1 Update 1 Agent] "c:\program files\emet 4.1\EMET_agent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex
StartupFolder: c:\docume~1\francis\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareblaster\spywareblaster.exe
StartupFolder: c:\docume~1\francis\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7620\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pandau~1.lnk - c:\program files\panda usb vaccine\USBVaccine.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/wired/bin/sysreqlab_srlx.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3540AD61-7266-4DB8-AFEC-965424FAB09F} : DHCPNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\francis\application data\mozilla\firefox\profiles\lme39tzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tvguide.com/Listings/|https://calendar.yah...m/en/#autostart
FF - plugin: c:\documents and settings\francis\application data\mozilla\firefox\profiles\lme39tzn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\francis\application data\mozilla\firefox\profiles\lme39tzn.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\francis\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\francis\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\francis\local settings\application data\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32(2).dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-18 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-18 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-4-18 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-4-18 414520]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2013-2-5 210360]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2013-2-5 44984]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2013-2-5 34856]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2013-2-5 31912]
R1 RapportCerberus_80049;RapportCerberus_80049;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_80049.sys [2014-8-20 433240]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-8-21 251928]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-18 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-18 50344]
R2 AWService;Admin Works Agent X8;c:\program files\intel\idu\awServ.exe [2006-12-27 74520]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-4-18 1593632]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\OAcat.exe [2013-2-5 584864]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-8-21 1919256]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\OAsrv.exe [2013-2-5 4457688]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2011-6-17 28256]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AGCoreService;AG Core Services; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-30 1684736]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2011-6-17 28256]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-22 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-22 8456]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-8-21 206520]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-10-5 25088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-10-05 21:07:04    --------    d-----w-    c:\program files\ESET
.
==================== Find3M  ====================
.
2014-10-05 20:33:58    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-11 23:40:29    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-11 23:40:29    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-27 20:11:29    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-08-27 20:11:23    146432    ----a-w-    c:\windows\system32\javacpl.cpl
2014-08-21 23:03:38    206520    ----a-w-    c:\windows\system32\drivers\RapportKELL.sys
2014-07-12 07:55:42    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-07-12 07:55:42    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-12 07:55:42    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-12 07:55:42    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-12 07:55:42    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-12 07:55:42    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2012-09-16 13:30:18    4096000    ----a-w-    c:\program files\GUT4C47.tmp
2012-07-16 01:41:49    4024320    ----a-w-    c:\program files\GUTC4D.tmp
2012-04-11 06:24:47    3993600    ----a-w-    c:\program files\GUT30C.tmp
.
============= FINISH: 15:00:31.92 ===============
 

 

 Results of screen317's Security Check version 0.99.88  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 CCleaner     
 TweakNow RegCleaner 2011   
 Java 7 Update 67  
 Java 8 Update 20  
 Adobe Flash Player     15.0.0.152  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````  
 Tall Emu Online Armor OAcat.exe
 Tall Emu Online Armor oasrv.exe
 Tall Emu Online Armor oaui.exe
 Tall Emu Online Armor OAhlp.exe
 ESET ESET Online Scanner OnlineScannerApp.exe  
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

QuickScan 32-bitv0.9.9.140
--------------------------
Scan date:  Sun Oct 05 14:28:33 2014
Machine ID: C07B0D7



No infection found.
-------------------



Processes
---------
(unsigned)  Enhanced Mitigation Experience Toolkit   1864    C:\Program Files\EMET 4.1\EMET_Agent.exe
(unsigned)  UTSCSI Application                       3768    C:\WINDOWS\system32\UTSCSI.EXE

(verified)  AdminWorks                                208    C:\Program Files\Intel\IDU\awServ.exe
(verified)  avast! Antivirus                          180    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(verified)  avast! Antivirus                         1728    C:\Program Files\AVAST Software\Avast\avastui.exe
(verified)  COCIManager.exe                          2560    C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(verified)  Emsisoft Online Armor                    1604    C:\Program Files\Online Armor\OAcat.exe
(verified)  Emsisoft Online Armor                    3232    C:\Program Files\Online Armor\OAhlp.exe
(verified)  Emsisoft Online Armor                    1632    C:\Program Files\Online Armor\OAsrv.exe
(verified)  Emsisoft Online Armor                    1860    C:\Program Files\Online Armor\OAui.exe
(verified)  ESET Online Scanner container            5624    C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(verified)  Firefox                                  2508    C:\Program Files\Mozilla Firefox\firefox.exe
(verified)  Firefox                                   304    C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified)  IncrediMail                              2396    C:\Program Files\IncrediMail\Bin\ImApp.exe
(verified)  IncrediMail                              4048    C:\Program Files\IncrediMail\Bin\IncMail.exe
(verified)  Java Platform SE Auto Updater            3648    C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified)  Java™ Platform SE 7 U67                588    C:\Program Files\Java\jre7\bin\jqs.exe
(verified)  Logitech Webcam Software                 1724    C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(verified)  LWS.exe                                  1596    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(verified)  Microsoft® Windows® Operating System     1792    C:\WINDOWS\explorer.exe
(verified)  Microsoft® Windows® Operating System     3684    C:\WINDOWS\system32\alg.exe
(verified)  Microsoft® Windows® Operating System      756    C:\WINDOWS\system32\csrss.exe
(verified)  Microsoft® Windows® Operating System     3612    C:\WINDOWS\system32\ctfmon.exe
(verified)  Microsoft® Windows® Operating System      840    C:\WINDOWS\system32\lsass.exe
(verified)  Microsoft® Windows® Operating System     3292    C:\WINDOWS\system32\regsvr32.exe
(verified)  Microsoft® Windows® Operating System     4332    C:\WINDOWS\system32\rundll32.exe
(verified)  Microsoft® Windows® Operating System     3584    C:\WINDOWS\system32\rundll32.exe
(verified)  Microsoft® Windows® Operating System      828    C:\WINDOWS\system32\services.exe
(verified)  Microsoft® Windows® Operating System      680    C:\WINDOWS\system32\smss.exe
(verified)  Microsoft® Windows® Operating System      520    C:\WINDOWS\system32\spoolsv.exe
(verified)  Microsoft® Windows® Operating System     3132    C:\WINDOWS\system32\spupdsvc.exe
(verified)  Microsoft® Windows® Operating System     1368    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     3500    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1276    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1032    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     3808    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1100    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1828    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1524    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2940    C:\WINDOWS\system32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1960    C:\WINDOWS\system32\wbem\unsecapp.exe
(verified)  Microsoft® Windows® Operating System     2848    C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified)  Microsoft® Windows® Operating System      784    C:\WINDOWS\system32\winlogon.exe
(verified)  NVIDIA Driver Helper Service, Version 3  2236    C:\WINDOWS\system32\nvsvc32.exe
(verified)  NVIDIA GeForce Experience                3008    C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(verified)  NVIDIA Network Service                    736    C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(verified)  OnlineCmdLineScanner.exe                 6124    C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(verified)  PnkBstrA.exe                             2416    C:\WINDOWS\system32\PnkBstrA.exe
(verified)  PnkBstrB.exe                             2516    C:\WINDOWS\system32\PnkBstrB.exe
(verified)  Rapport                                  1196    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(verified)  Rapport                                  1140    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(verified)  Realtek HD Audio Sound Effect Manager     908    C:\WINDOWS\RTHDCPL.EXE
(verified)  Skype                                    2880    C:\Program Files\Skype\Phone\Skype.exe
(verified)  StarWind Alcohol Edition                 3284    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(verified)  The Webshots Desktop                     2776    C:\PROGRA~1\Webshots\315~1.76~\Webshots.scr
(verified)  Trillian                                 3716    C:\Program Files\Trillian\trillian.exe
(verified)  USB Vaccine                              1400    C:\Program Files\Panda USB Vaccine\USBVaccine.exe


Network activity
----------------
Process AvastSvc.exe (180) connected on port 80 (HTTP) --> 23.72.180.179
Process AvastSvc.exe (180) connected on port 80 (HTTP) --> 64.233.185.138
Process AvastSvc.exe (180) connected on port 80 (HTTP) --> 77.73.177.243
Process AvastSvc.exe (180) connected on port 80 (HTTP) --> 77.234.43.65
Process svchost.exe (1276) connected on port 5678 --> 192.168.0.1
Process avastui.exe (1728) connected on port 80 (HTTP) --> 23.72.196.212
Process firefox.exe (2508) connected on port 443 (HTTP over SSL) --> 64.233.185.113
Process firefox.exe (2508) connected on port 443 (HTTP over SSL) --> 74.125.137.93
Process Skype.exe (2880) connected on port 40025 --> 65.55.223.22
Process Skype.exe (2880) connected on port 443 (HTTP over SSL) --> 134.170.25.80
Process Skype.exe (2880) connected on port 12350 --> 65.54.167.18
Process trillian.exe (3716) connected on port 3158 --> 74.201.34.2
Process trillian.exe (3716) connected on port 5222 (XMPP/Jabber) --> 64.233.176.125
Process trillian.exe (3716) connected on port 5050 (Yahoo Messenger) --> 66.196.120.77
Process trillian.exe (3716) connected on port 5050 (Yahoo Messenger) --> 66.196.121.61
Process trillian.exe (3716) connected on port 5190 (AIM/ICQ) --> 178.237.18.236

Process awServ.exe (208) listens on ports: 2804
Process svchost.exe (1100) listens on ports: 135 (RPC)
Process svchost.exe (1524) listens on ports: 2869 (SSDP event notification, UPNP)
Process Skype.exe (2880) listens on ports: 80 (HTTP), 63451
Process StarWindServiceAE.exe (3284) listens on ports: 3260 (iSCSI Target), 3261


Autoruns and critical files
---------------------------
(verified)  Adobe Reader and Acrobat Manager         C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified)  Adobe® Flash® Player Update Service      C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(verified)  Alcohol Virtual Drive Auto-mount Servic  C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
(verified)  avast! Antivirus                         C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(verified)  avast! Antivirus                         C:\Program Files\AVAST Software\Avast\avastui.exe
(verified)  cdloader2                                C:\Documents and Settings\Francis\Application Data\mjusbsp\cdloader2.exe
(unsigned)  EASEUS Partition Master Loader           C:\Program Files\EASEUS\EASEUS Partition Master 5.5.1 Home Edition\bin\epm0.exe
(verified)  Emsisoft Online Armor                    C:\Program Files\Online Armor\oaevent.dll
(verified)  Emsisoft Online Armor                    C:\Program Files\Online Armor\OAui.exe
(unsigned)  Enhanced Mitigation Experience Toolkit   C:\Program Files\EMET 4.1\EMET_Agent.exe
(verified)  IncrediMail                              C:\Program Files\IncrediMail\Bin\IncMail.exe
(verified)  Java Platform SE Auto Updater            C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified)  LWS.exe                                  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\crypt32.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\shell32.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\xp_eos.exe
(verified)  NVIDIA GeForce Experience                C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(verified)  NVIDIA Media Center Library              C:\WINDOWS\system32\nvmctray.dll
(verified)  NVIDIA Windows Display driver, Version   C:\WINDOWS\system32\nvcpl.dll
(verified)  nwiz.exe                                 C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
(unsigned)  QuickTime                                C:\Program Files\QuickTime\QTTask.exe
(verified)  Realtek HD Audio Sound Effect Manager    C:\WINDOWS\RTHDCPL.EXE
(verified)  RunInteractiveWin.exe                    C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe
(verified)  Skype                                    C:\Program Files\Skype\Phone\Skype.exe
(verified)  USB Vaccine                              C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(verified)  Windows® Internet Explorer               C:\WINDOWS\system32\webcheck.dll
(verified)  Google Update                            C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified)  Microsoft Genuine Advantage              C:\WINDOWS\system32\WgaLogon.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\browseui.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\cryptnet.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\cscdll.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\ctfmon.exe
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\dimsntfy.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\logonui.exe
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\sclgntfy.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\ssbezier.scr
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\stobject.dll
(verified)  Microsoft® Windows® Operating System     c:\WINDOWS\system32\userinit.exe
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\wlnotify.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\WPDShServiceObj.dll


Browser plugins
---------------
(verified)  Adobe Acrobat                            C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
(verified)  Adobe Acrobat                            C:\Program Files\Internet Explorer\Plugins\nppdf32.dll
(verified)  Adobe Acrobat                            C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified)  Bitdefender QuickScan                    C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified)  BitDefender QuickScan                    C:\WINDOWS\Downloaded Program Files\qsax.dll
(unsigned)  frozen.dll                               C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
(verified)  Google Talk Plugin                       C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npgoogletalk.dll
(verified)  Google Talk Plugin Video Renderer        C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npo1d.dll
(verified)  Google Update                            C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll
(unsigned)  googletoolbar-ff3.dll                    C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
(unsigned)  googletoolbar-ff4.dll                    C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll
(verified)  IE Webrep plugin                         c:\program files\avast software\Avast\aswwebrepie.dll
(verified)  Java Deployment Toolkit 8.0.200.26       C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll
(verified)  Java™ Platform SE 8 U20               c:\program files\Java\jre1.8.0_20\bin\jp2ssv.dll
(verified)  Java™ Platform SE 8 U20               C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
(verified)  Java™ Platform SE 8 U20               c:\program files\Java\jre1.8.0_20\bin\ssv.dll
(verified)  Logitech Device Detection                C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
(verified)  NPSWF32_15_0_0_152.dll                   C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
(unsigned)  QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned)  QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned)  QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned)  QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned)  QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned)  QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
(unsigned)  QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
(unsigned)  QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
(unsigned)  QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
(unsigned)  QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
(unsigned)  Shockwave for Director                   C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
(verified)  Silverlight Plug-In                      c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
(verified)  System Requirements Lab                  C:\WINDOWS\Downloaded Program Files\sysreqlab_srlx.dll
(unsigned)  VLC Web Plugin                           C:\Program Files\VideoLAN\VLC\npvlc.dll
(verified)  Windows Presentation Foundation          c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified)  Windows® Internet Explorer               C:\WINDOWS\system32\ieframe.dll
(verified)  Adobe® Flash® Player ActiveX             C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified)  Logitech Device Detection                C:\WINDOWS\Downloaded Program Files\LogitechDeviceDetection32.ocx
(verified)  Messenger                                C:\Program Files\Messenger\msmsgs.exe
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\mswsock.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\rsvpsp.dll
(verified)  Microsoft® Windows® Operating System     C:\WINDOWS\system32\winrnr.dll


Scan
----
MD5: 9919c63e9150af648c42d28b5d72a32f  C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys
MD5: 4921a4f58e0ab3e1cff29132e9fe3d73  C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll
MD5: 33fc774ad3ab2805b7d8f31cb3ef3ecb  C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys
MD5: a2615ebaab4f9dfc1cf3ccd843d2fc4f  C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
MD5: bc783fed2e7da53823f33e076ba1e171  C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MD5: 7c0aa66e6352337ef923ba8b3aeb099d  C:\Documents and Settings\Francis\Application Data\mjusbsp\cdloader2.exe
MD5: dfd5a8c94118c4e85b33245c2ddb553a  C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
MD5: 8c3de46457b62e82035bfb1cba29fd7d  C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MD5: 182bc06b8cddb225f1d9444e0af88003  C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MD5: eb28fe2670c1670cd077c3976f6a68f7  C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll
MD5: 4e7d4a67e774addd7fd68b20692a0af5  C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: dd31f0c436e4f5e6fa9783ff8a80adc1  C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npgoogletalk.dll
MD5: 5cb01cf141e021daae96991a5ba57944  C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npo1d.dll
MD5: fb5621842fdabf9f8359775573498fbc  C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll
MD5: e96b7ed87f8cccfdbfc59cbcfa54604e  C:\Program Files\Adobe\Photoshop Elements 2\psicon.dll
MD5: 005ebe4a4e6e9c9a7967f6c3f413c1df  C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
MD5: af365a1251fefbe0bd55886d1d0acf17  C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
MD5: 9ea93673394601db13cf5519cf7f5de7  C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: 38c2dffaf625f42ead1b79f6b3c80ea8  C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
MD5: 39d931c0ce95706e3951f0a097039301  C:\Program Files\AVAST Software\Avast\aavm4h.dll
MD5: 2d44ebd52ec34e25dda0eee07032c418  C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 351116d622ba080071a1cf6ed6af1e99  C:\Program Files\AVAST Software\Avast\AhAScr.dll
MD5: e693a3ac10f2fc6aa0db865a04108022  C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 33edf6ccc9deb9e6efd8d7fc423d6123  C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 0acfc95ee2af5c5e568621d097cc4fa2  C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: 2122feef03bcb6cfe5c67483666b2a62  C:\Program Files\AVAST Software\Avast\AhResWS2.dll
MD5: 38fc1d28b0e1ea74f98bb3f743db101a  C:\Program Files\AVAST Software\Avast\ashbase.dll
MD5: 8074fb74d7e599bafea3691dc1381e2f  C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: be37d90fa0349b08b036bd33e85141c9  C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: 0aa25a2f866fe94747b3ede7fe9faa77  C:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: e4b7e7985cb75de4e48e96d35a0dbf97  C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 95884e0e8eae21f7df7a8916a7e058cf  C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: e67f6199a9ae98ab4a53150a6eb6dac3  C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: c5164f0e10aaa9f38e90036fe9f3e99f  C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: 12b437cad5fc07b3b33ce1c1355bbcc6  C:\Program Files\AVAST Software\Avast\aswAra.dll
MD5: 3211e20da6c5ebe28cf7e4c3a55278e4  C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 1ba6666ed0c7b576088a36e911199033  C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: b57fd7dd0faf85f737dc3d483a9d63bb  C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 3ced666bc61431dcd928e03ed4abcaea  C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: 8d113c7490621ff50f9ba46c7d8c423e  C:\Program Files\AVAST Software\Avast\aswCommChannel.dll
MD5: 7ebd87a09658779205891d08f37ab234  C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: 77f8c2f976899f7656c5e34d145b13f2  C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: d5862c49cb0128de426b9a6d815fd9ea  C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: 847854c4c4332dc00665380dabc06c41  C:\Program Files\AVAST Software\Avast\aswjsscan.dll
MD5: 44574eafcdda003a22e4df3ea73840af  C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: 8e8d82756f3ddc86d53651e3fb432b9d  C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
MD5: 29fe98d9412388243e41869143d1805b  C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: 1c9279122415243f236d337a09bf5360  C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MD5: 6c636f85ae27b1b2c789599bb1136f9d  C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
MD5: c30beb2365677974efa19b791e1aad85  C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 5a9bd26d965f1e4dac668c8f0c738fb7  C:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: b60ff0cc532b9d3e28610f614cdedb64  C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 18774b66edf003f338a0802ff2b122e0  c:\program files\avast software\Avast\aswwebrepie.dll
MD5: 1ad8512a5c40ad1a0558498d8e0ac2aa  C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
MD5: 7486ba75019d8c3a13eba7867faabe7d  C:\Program Files\AVAST Software\Avast\avastIP.dll
MD5: 73f5c13b431915bae35254b4e95dfb71  C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: 26b558b2d31c7425b455b00e562ead93  C:\Program Files\AVAST Software\Avast\avastui.exe
MD5: 59fd0296e32362cd7a3e66a028b56b9a  C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 5c5e3afd499e5146fef1da5ef8a23205  C:\Program Files\AVAST Software\Avast\dbghelp.dll
MD5: 1242797f1836c7f6e1b10294366a0af4  C:\Program Files\AVAST Software\Avast\defs\14100501\algo.dll
MD5: 8ece9daff97569945ec3a4cd857b8677  C:\Program Files\AVAST Software\Avast\defs\14100501\aswCleanerDLL.dll
MD5: 4b9975a4b6165a40d057763343b511e0  C:\Program Files\AVAST Software\Avast\defs\14100501\aswCmnBS.dll
MD5: 547aa2a17c792c10e9cf8804ce145eee  C:\Program Files\AVAST Software\Avast\defs\14100501\aswCmnIS.dll
MD5: f4fae7b7bf5d841e112c75190931b36c  C:\Program Files\AVAST Software\Avast\defs\14100501\aswCmnOS.dll
MD5: 84d1cfe07334957aabc0eeaa56f8adb1  C:\Program Files\AVAST Software\Avast\defs\14100501\aswEngin.dll
MD5: 5e32e7c5542d95e04e8abe8b3f676d11  C:\Program Files\AVAST Software\Avast\defs\14100501\aswFiDb.dll
MD5: e111a956689011c0ab482bf282157e25  C:\Program Files\AVAST Software\Avast\defs\14100501\aswRep.dll
MD5: a21579bc188faf7f7cd69c0e5bdfef81  C:\Program Files\AVAST Software\Avast\defs\14100501\aswScan.dll
MD5: 845409bfe18045cf6e6ba4f7778a494a  C:\Program Files\AVAST Software\Avast\defs\14100501\swhealthex.dll
MD5: bf05d5abc938a6fc04e193bc50954dc6  C:\Program Files\AVAST Software\Avast\defs\14100501\uiext.dll
MD5: a9ff57ec69f8c593aa3712b3c8f02002  C:\Program Files\AVAST Software\Avast\HTMLayout.dll
MD5: 5be1cd443e2d6495e22cbb40d532e1f0  C:\Program Files\AVAST Software\Avast\icudt.dll
MD5: 0e3dbab333b4dab6e423b21df63ee963  C:\Program Files\AVAST Software\Avast\libcef.dll
MD5: 62cc8c657affea3d06fe2ca98883b5d8  C:\Program Files\AVAST Software\Avast\libeay32.dll
MD5: e1ddc372856277744bd6ea9dbbb60198  C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: 10505f2b5a89b60971192505824a5ef3  C:\Program Files\AVAST Software\Avast\ssleay32.dll
MD5: edfa163fdbd7051cd9148410e4b56af0  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
MD5: 048ea4b978851788e9f5e8e4f081df7a  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 4e534a59198d80ffc824f7ffe58d6658  C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 98d472ecfbc0e8ed25a0483e765f42b6  C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MD5: c11ec54689f776c1731e084e1649974c  C:\Program Files\Common Files\logishrd\LQCVFX\COCIManagerPS.dll
MD5: 3b5017bb8032f79f84fe7d42e112c2d6  C:\Program Files\EASEUS\EASEUS Partition Master 5.5.1 Home Edition\bin\epm0.exe
MD5: 0899d798c9a6e00e2b0d0718d33a52f1  C:\Program Files\EMET 4.1\DevExpress.Data.v12.2.dll
MD5: 77ad68d3c2108b6a25c26ff6e700d6c2  C:\Program Files\EMET 4.1\DevExpress.UserSkins.HighContrast.DLL
MD5: 4199cd82ff6f731dbf1f365f56ae9980  C:\Program Files\EMET 4.1\DevExpress.Utils.v12.2.dll
MD5: f19ca39e344672f1888b24d53e90ab47  C:\Program Files\EMET 4.1\DevExpress.XtraBars.v12.2.dll
MD5: 69e7a7f5837e69e642ffde6fa1e24b2c  C:\Program Files\EMET 4.1\DevExpress.XtraEditors.v12.2.dll
MD5: 9a6902aa5c3f47987b0b5018ae3dcfd7  C:\Program Files\EMET 4.1\EMET_Agent.exe
MD5: 04f4c6b2dea5aed172c11991acfd5cf8  C:\Program Files\EMET 4.1\EMET_CE.dll
MD5: 576a12b5613972ae1caa756a819468da  C:\Program Files\EMET 4.1\HelperLib.DLL
MD5: c6b89ed3f1b5438f3319784d7b99816b  C:\Program Files\EMET 4.1\MitigationInterface.DLL
MD5: 1e7dec0ea7e802566eb01350eb295d94  C:\Program Files\EMET 4.1\PKIPinningSubsystem.DLL
MD5: 5a9e8904a709ed01404c2d64b1a80ac4  C:\Program Files\EMET 4.1\ReportingSubsystem.DLL
MD5: 103925205724030358a827086a0bd1dd  C:\Program Files\EMET 4.1\TrayIconSubsystem.DLL
MD5: 56244d941c56d2fe9c0b063254526a14  C:\Program Files\ESET\ESET Online Scanner\esets_apiW_a.dll
MD5: 3c3f35c91f230493b088b334e39d1f7a  C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MD5: 2201015797989afc0d90df00bc9f5e39  C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: e273331224005c5a8a504164373de1dc  C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
MD5: f7350b698c6411b9b7441c4746c20d19  C:\Program Files\IncrediMail\Bin\dten600.dll
MD5: fef159195d0d3af650f58fccea6fe9f8  C:\Program Files\IncrediMail\Bin\ImABU.dll
MD5: 59a409bab55e72d33409a8a99f50db17  C:\Program Files\IncrediMail\Bin\ImApp.exe
MD5: 043dcf69ab739bed731cca8cb016870b  C:\Program Files\IncrediMail\Bin\ImAppRU.dll
MD5: 4a7193cde187e524991e26e55425d8ba  C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
MD5: bbe4b4070dd83339da35f9bc71d4046d  C:\Program Files\IncrediMail\Bin\ImDbU.dll
MD5: 4a40822479123cc846984ffc1675c16c  C:\Program Files\IncrediMail\Bin\ImFeatRU.dll
MD5: b756b0aa5d0a7d35ffd2c54855ddf19a  C:\Program Files\IncrediMail\Bin\ImFeatU.dll
MD5: c9715a36dc8083b4183c678bc8f44a2b  C:\Program Files\IncrediMail\Bin\ImFoldrsU.dll
MD5: 5c072cd90e3bdd3c6de1c18c05a8261f  C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
MD5: 55c830b18ae14f4fe45e1af292dd8f6e  C:\Program Files\IncrediMail\Bin\ImJunkU.dll
MD5: 5dc4c9020326882a863d864efda85cdd  C:\Program Files\IncrediMail\Bin\ImLookExU.dll
MD5: e15c31482534b7844d8d745de368db89  C:\Program Files\IncrediMail\Bin\ImLookU.dll
MD5: c9e41a49b51388017754e764fe161542  C:\Program Files\IncrediMail\Bin\ImMangrRU.dll
MD5: 1b582d1c28cea5f996a5bb0205ef964a  C:\Program Files\IncrediMail\Bin\ImMangrU.dll
MD5: dda07663f5deaba6da8286335e1df0e2  C:\Program Files\IncrediMail\Bin\ImMapiU.dll
MD5: 52b223b01abfc33c5c8908ef7937931c  C:\Program Files\IncrediMail\Bin\ImNotfyU.dll
MD5: f87e543458197def9f4766a15cd49d9f  C:\Program Files\IncrediMail\Bin\ImNtUtilU.dll
MD5: f55106ce7fa65f70eef30d84b221e8f3  C:\Program Files\IncrediMail\Bin\ImParserU.dll
MD5: 334b0c2dc33fc972441982769e7f1284  C:\Program Files\IncrediMail\Bin\ImSearchU.dll
MD5: bc645075375dc09798e377f91b12ad20  C:\Program Files\IncrediMail\Bin\ImServU.dll
MD5: ff2b4b7d501c449759be82d326a1e353  C:\Program Files\IncrediMail\Bin\ImShExtU.dll
MD5: 6d52efc1a69e40705e39de12790ce8cf  C:\Program Files\IncrediMail\Bin\ImSpoolU.dll
MD5: b642e347bbed1c1fa257888a56f4163e  C:\Program Files\IncrediMail\Bin\ImSuppRU.dll
MD5: cba44593a4f8546e4faf7588eae51f10  C:\Program Files\IncrediMail\Bin\ImSuppU.dll
MD5: bcacdb08f6c7a688a9e7f0c4c25997cf  C:\Program Files\IncrediMail\Bin\ImToolsU.dll
MD5: 7c1ce252b5eaf668d4232bd00db4456f  C:\Program Files\IncrediMail\Bin\ImUtilsU.dll
MD5: 1af07af7ab7e47077f9183d12aa762b9  C:\Program Files\IncrediMail\Bin\ImViewRU.dll
MD5: a202270bd6cc5159308228928720dcb5  C:\Program Files\IncrediMail\Bin\ImViewU.dll
MD5: 9a1816812faefa9692c690d6e29e53d4  C:\Program Files\IncrediMail\Bin\ImWrappU.dll
MD5: d645b082e49f8655f14c61db4eebba1d  C:\Program Files\IncrediMail\Bin\IncMail.exe
MD5: 75f0850d3f6532d39f6ce3cf0b0f1566  C:\Program Files\IncrediMail\Bin\IncMailRU.dll
MD5: 3c2baa4b0b3d1b606398ed39d81012d2  C:\Program Files\IncrediMail\Bin\PMC.dll
MD5: d0e96e6617fc4f7c5ad5f2ce71d3b1a4  C:\Program Files\IncrediMail\Bin\SftTree_IX86_U_60.dll
MD5: e40583ff024f5ad26e533e28bd31f15b  C:\Program Files\IncrediMail\Bin\sqlite3.dll
MD5: fbcfac06ac0856355d8aa0c510cee0b2  C:\Program Files\IncrediMail\Bin\ssce5432.dll
MD5: 6e6f0f2504fa2d8c8fe2ea05b2105850  C:\Program Files\IncrediMail\Bin\wflash3.dll
MD5: 1f8af353bccee3873f09956009df0d5b  C:\Program Files\IncrediMail\Bin\wlessfp1.dll
MD5: 8582c97889c224082578ee02aa00b2e6  C:\Program Files\Intel\IDU\awServ.exe
MD5: 06c8338adce8ffcd98970566eb02b094  C:\Program Files\Intel\IDU\cpuid_dll.dll
MD5: 4e03579975d79dd1fc16d349ab80c283  C:\Program Files\Intel\IDU\Provider\ISensorPlug.dll
MD5: d4bd91fc083bf16dbdcc20dc857d9719  C:\Program Files\Intel\IDU\Provider\ISystemPlug.dll
MD5: 2a36422335b6d31bd047d66f12828200  C:\Program Files\Intel\IDU\Provider\SmbiosPlug.dll
MD5: 47d0878522d2aa03d6488d11812fc79f  C:\Program Files\Intel\IDU\sysapi.dll
MD5: 421cb2c1010522b3bf7c00725520b844  C:\Program Files\Internet Explorer\Plugins\nppdf32.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6  C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6  C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6  C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6  C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6  C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
MD5: a505b03de9372a2de9f65f198d82354b  C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll
MD5: f6bd3c66e7ef6002b0c003e6fee158bc  c:\program files\Java\jre1.8.0_20\bin\jp2ssv.dll
MD5: 08b9f4ddd03925ab803f0cdc256ec5b4  C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
MD5: a5f21b1b18bbdb8101c35063bfb341eb  c:\program files\Java\jre1.8.0_20\bin\ssv.dll
MD5: bf918c9473d64bbd53c22c47045883f5


#2 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 05 October 2014 - 09:39 PM

ESET Online Scan did not generate a log but did find 2 items



#3 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 07 October 2014 - 03:56 AM

Hello oneeyedfranc.

 

We are currently studying your logs and will be back to you as soon as possible. Thank you for your patience.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#4 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 08 October 2014 - 10:40 PM

ty, let me know if there is anything else u need...



#5 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 09 October 2014 - 07:17 AM

Hello oneeyedfranc and welcome to SWI.

I’m Android 8888 and I’ll be helping you.

 

Once again thank you for your time and patience.


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

=====

 

First of all some important considerations:

 

1. I see that your antivírus protection is disabled. It is really dangerous to go online without your antivírus protection enabled as you are extremely likely to get infected. Please enable your antivírus protection shields and update it.

 

2. Let me know if the 2 items detected by ESET Online Scan were quarantined or deleted.

 

3. Your Operating System (Windows XP) is no longer supported by Microsoft since April 2014. That means your computer has become more vulnerable to infections. I strongly suggest you to upgrade it to a current, supported Operating System. 

 

Internet Explorer 7 is out of date. As it is an integral part of the Operating System it is highly recommended to be updated and it is a security risk to not do so. The most recent version of Windows XP is Internet Explorer 8. However do not update it yet until the cleaning process has been concluded.

 

4. If present remove Adobe Reader 9 using the Add/Remove Programs applet as old versions will still vulnerable to malware.

 

5. Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance. 


There are a number of them available and some are more safe than others. Keep in mind that no two Registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the Registry entry selected for deletion is, a Registry cleaner can end up being an automated method to cause problems with the Registry.

For routine use by those not familiar with the Registry, the benefits to your computer are negligible while the potential risks are great.


Further reading: XP Fixes Myth #1: Registry Cleaners

 

 

Now I will need to check your System with another tools.


Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it.
  • If you are using Windows Vista or Windows 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download FRST and save it to a folder on your computer's Desktop.
Farbar Recovery Scan Tool (32 bit)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

=====

 

In your next reply:

 

Please post the logs from AdwCleaner and Junkware Removal Tool, and then each in their own replies (due to length) the two logs from Farbar Recovery Scan Tool (FRST.txt and Addition.txt), and note any errors encountered. If any log was cut off, please check to see where it was cut off and post the remainder in an additional reply.

 

Please let me know if the 2 items detected by ESET Online Scan were quarantined or deleted.

 

How is your computer running?
Does your problem remain?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#6 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 18 October 2014 - 07:17 PM

the 2 items detected by ESET Online Scan were deleted.  AdwCleaner keeps hanging at the "Cleaning browsers" stage.  i'm a little frustrated at this point, i'm going to try it again tomorrow.  computer seems to be running ok but even after re-installing a clean version of Spywareblaster i still see 2 copies listed in the "Processes" section of the Windows Task Manager.  Is that normal?  It's only using 1 or 2% of CPU but isn't it supposed to be dormant?  Ending one of the processes ends the program.  should i just uninstall?  will run JRT tomorrow and post the results... 



#7 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 18 October 2014 - 07:22 PM

couldn't find Adobe Reader 9 listed in the Add/Remove Programs



#8 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 18 October 2014 - 11:58 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Microsoft Windows XP x86
Ran by Francis on Sat 10/18/2014 at 22:39:00.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Francis\Application Data\getrighttogo"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Francis\Application Data\mozilla\firefox\profiles\lme39tzn.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/18/2014 at 22:57:03.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 20 October 2014 - 05:15 AM

Hello oneeyedfranc.

 

 

the 2 items detected by ESET Online Scan were deleted.

That is a good sign.

 

 

but even after re-installing a clean version of Spywareblaster i still see 2 copies listed in the "Processes" section of the Windows Task Manager.  Is that normal? It's only using 1 or 2% of CPU but isn't it supposed to be dormant?

The two Processes listed in "Processes" section are normal when the program is open. However SpywareBlaster doesn't have real-time protection (it's passive protection), its Processes should not appear in Task Manager when the program is closed.

You do not have to start up SpywareBlaster each time you start your computer either. Your protection remains in place until you disable it whether SpywareBlaster is running or not.

 

 

should i just uninstall?

SpywareBlaster provides additional protection, I recommend you keep it installed and periodically check for updates (monthly).

 

 

couldn't find Adobe Reader 9 listed in the Add/Remove Programs

Okay no problem. I need to see the logs from FRST and treat this part later.

 

 

If you're still having trouble running AdwCleaner in Normal Mode please try to run it in Safe Mode.

 

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

 

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • If prompted, follow the prompts to reboot the computer in Normal mode. If not prompted, restart in Normal mode and continue with the rest of the instructions. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download FRST and save it to a folder on your computer's Desktop.
Farbar Recovery Scan Tool (32 bit)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

In your next reply:

 

Please post the log from AdwCleaner and then each in their own replies (due to length) the two logs from Farbar Recovery Scan Tool (FRST.txt and Addition.txt), and note any errors encountered. If any log was cut off, please check to see where it was cut off and post the remainder in an additional reply.

 

How is your computer running?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#10 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 20 October 2014 - 12:17 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014
Ran by Francis (administrator) on FRANC-E0B09C9DC on 20-10-2014 11:06:37
Running from C:\Documents and Settings\Francis\Desktop
Loaded Profile: Francis (Available profiles: Francis)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAsrv.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(OSA Technologies Inc., An Avocent Company) C:\Program Files\Intel\IDU\awServ.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\WINDOWS\system32\PnkBstrA.exe
() C:\WINDOWS\system32\PnkBstrB.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\WINDOWS\system32\UTSCSI.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAui.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAhlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\EMET 4.1\EMET_Agent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe
(Webshots.com) C:\PROGRA~1\Webshots\315~1.76~\Webshots.scr
(magicJack L.P.) C:\Documents and Settings\Francis\Application Data\mjusbsp\magicJack.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\SpywareBlaster\spywareblaster.exe
() C:\Program Files\SpywareBlaster\spywareblaster.exe
(Cerulean Studios) C:\Program Files\Trillian\trillian.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18702336 2009-08-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-03-09] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [EMET 4.1 Update 1 Agent] => C:\Program Files\EMET 4.1\EMET_agent.exe [81416 2014-04-29] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] ( (Microsoft Corporation))
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-823518204-484763869-1801674531-1003\...\Run: [cdloader] => C:\Documents and Settings\Francis\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-823518204-484763869-1801674531-1003\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\S-1-5-21-823518204-484763869-1801674531-1003\...\Run: [IncrediMail] => C:\Program Files\IncrediMail\bin\IncMail.exe [367016 2013-03-26] (IncrediMail, Ltd.)
HKU\S-1-5-21-823518204-484763869-1801674531-1003\...\Run: [Google Update] => C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-823518204-484763869-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-823518204-484763869-1801674531-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-11] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Panda USB Vaccine.lnk
ShortcutTarget: Panda USB Vaccine.lnk -> C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
Startup: C:\Documents and Settings\Francis\Start Menu\Programs\Startup\SpywareBlaster.lnk
ShortcutTarget: SpywareBlaster.lnk -> C:\Program Files\SpywareBlaster\spywareblaster.exe ()
Startup: C:\Documents and Settings\Francis\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\3.1.5.7620\Launcher.exe (Webshots.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bankofam...a.com/index.jsp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default
FF Homepage: hxxp://www.tvguide.com/Listings/|https://calendar.yah...www.att.com:443
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.1.18\ma\bin\npMotive.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Francis\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Francis\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: Add to Amazon Wish List Button - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\amznUWL2@amazon(2).com [2011-06-27]
FF Extension: Add-on Compatibility Reporter - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\compatibility@addons.mozilla(2).org [2011-06-27]
FF Extension: Разпознаване на устройство Logitech - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\DeviceDetection@logitech.com [2011-08-09]
FF Extension: Xmarks - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\foxmarks@kei(2).com [2012-03-13]
FF Extension: TinEye Reverse Image Search - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\tineye@ideeinc(2).com [2010-07-01]
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-02]
FF Extension: No Name - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}-trash [2011-03-11]
FF Extension: NoScript - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2011-06-27]
FF Extension: WOT - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Adblock Plus - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2011-06-27]
FF Extension: Bitdefender QuickScan - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-10-05]
FF Extension: Add-on Compatibility Reporter - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-06-27]
FF Extension: TinEye Reverse Image Search - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\tineye@ideeinc.com.xpi [2011-07-01]
FF Extension: Password Exporter - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013-01-25]
FF Extension: Adblock Plus - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-27]
FF Extension: Download Statusbar - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-10-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-25]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-18]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
CHR HKLM\...\Chrome\Extension: [hjakmojkcnhgipgkkbiempkfdndcnlah] - C:\Documents and Settings\All Users\Application Data\Codec-C\hjakmojkcnhgipgkkbiempkfdndcnlah.crx [2014-07-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
R2 AWService; C:\Program Files\Intel\IDU\awServ.exe [74520 2006-12-27] (OSA Technologies Inc., An Avocent Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-08] (Oracle Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2010-08-28] ()
R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [189480 2010-10-09] ()
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-01] (IBM Corp.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [45056 2011-06-12] () [File not signed]
S2 AGCoreService; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 appliand; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2011-06-01] (Applian Technologies Inc.)
R3 appliandMP; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2011-06-01] (Applian Technologies Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-12] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-12] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-12] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-12] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2010-02-23] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2010-02-23] () [File not signed]
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30880 2009-06-24] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 OADevice; C:\WINDOWS\system32\drivers\OADriver.sys [210360 2013-10-15] ()
R1 oahlpXX; C:\WINDOWS\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\WINDOWS\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R1 OAnet; C:\WINDOWS\system32\drivers\OAnet.sys [31912 2013-10-15] (Emsisoft)
R2 osaio; C:\WINDOWS\system32\drivers\osaio.sys [6784 2009-08-27] (OSA Technologies, An Avocent Company) [File not signed]
R3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
R3 PID_PEPI; C:\WINDOWS\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [137544 2010-10-09] ()
R1 RapportCerberus_80055; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys [430264 2014-10-16] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251288 2014-10-01] (IBM Corp.)
S3 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [208888 2014-10-01] (IBM Corp.)
R3 smbusp; C:\WINDOWS\System32\DRIVERS\intelsmb.sys [45184 2006-12-27] (Intel Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [428088 2012-01-05] () [File not signed]
S3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2010-09-23] (TeamViewer GmbH)
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
R3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
U3 ak0zdtlq; C:\WINDOWS\system32\Drivers\ak0zdtlq.sys [0 ] (Microsoft Corporation)
U3 ako1l1rc; C:\WINDOWS\system32\Drivers\ako1l1rc.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 11:06 - 2014-10-20 11:07 - 00023911 _____ () C:\Documents and Settings\Francis\Desktop\FRST.txt
2014-10-20 11:04 - 2014-10-20 11:04 - 00000000 ____D () C:\Documents and Settings\Francis\Desktop\FRST-OlderVersion
2014-10-19 14:53 - 2014-10-19 14:54 - 31679168 _____ (Microsoft Corporation) C:\Documents and Settings\Francis\Desktop\Windows-KB890830-V5.17.exe
2014-10-18 23:02 - 2014-10-20 11:04 - 01102848 _____ (Farbar) C:\Documents and Settings\Francis\Desktop\FRST.exe
2014-10-18 22:43 - 2014-10-18 22:44 - 00000773 _____ () C:\WINDOWS\wmsetup.log
2014-10-18 10:18 - 2014-10-18 10:46 - 00000000 ____D () C:\AdwCleaner
2014-10-17 19:16 - 2014-10-17 19:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-15 00:12 - 2014-10-15 00:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-12 20:02 - 2014-10-12 20:02 - 00000000 ____D () C:\Documents and Settings\Francis\Desktop\Process Explorer
2014-10-05 14:07 - 2014-10-05 14:07 - 00000000 ____D () C:\Program Files\ESET
2014-10-05 12:33 - 2014-10-05 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2014-10-01 12:42 - 2014-10-01 12:42 - 00208888 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-09-26 21:23 - 2014-09-26 21:23 - 00000439 _____ () C:\Documents and Settings\Francis\Desktop\ATntT Chat Logs.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 11:07 - 2013-08-22 11:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-10-20 11:07 - 2013-08-20 18:37 - 00000000 ____D () C:\Documents and Settings\Francis\Local Settings\temp
2014-10-20 11:06 - 2014-04-19 17:19 - 00000000 ____D () C:\FRST
2014-10-20 11:05 - 2011-05-11 01:24 - 00000000 ____D () C:\Documents and Settings\Francis\Application Data\Skype
2014-10-20 11:00 - 2010-06-23 19:20 - 00000320 _____ () C:\WINDOWS\Tasks\EASEUS Partition Master 5.5.1 Home Edition.job
2014-10-20 10:40 - 2012-10-11 02:22 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-20 10:36 - 2010-08-26 16:49 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-1801674531-1003UA.job
2014-10-20 08:09 - 2009-08-26 18:17 - 01914779 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-20 05:05 - 2011-05-19 05:06 - 00000260 _____ () C:\WINDOWS\Tasks\Malwarebytes' Anti-Malware.job
2014-10-20 02:13 - 2013-10-13 13:37 - 00004204 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-10-20 00:56 - 2014-04-18 11:28 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-19 22:35 - 2010-08-26 16:49 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-1801674531-1003Core.job
2014-10-19 21:40 - 2009-08-26 18:21 - 00031942 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-19 17:28 - 2012-09-08 22:49 - 00000000 ____D () C:\Games
2014-10-19 17:25 - 2012-12-31 03:07 - 00000000 ____D () C:\Documents and Settings\Francis\Application Data\Wargaming.net
2014-10-19 15:39 - 2011-05-13 17:31 - 00000000 ____D () C:\Documents and Settings\Francis\Desktop\Spyware Tools & Reports
2014-10-18 23:09 - 2013-08-22 11:38 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-10-18 22:44 - 2010-01-25 02:59 - 00172730 _____ () C:\WINDOWS\spupdsvc.log
2014-10-18 22:43 - 2009-08-26 18:18 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-10-18 22:43 - 2009-08-26 18:18 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-10-18 11:15 - 2011-06-12 21:38 - 00000000 ____D () C:\Documents and Settings\Francis\Application Data\mjusbsp
2014-10-18 11:15 - 2010-12-11 17:09 - 00001002 _____ () C:\Documents and Settings\Francis\Start Menu\Programs\magicJack.lnk
2014-10-18 11:15 - 2010-01-25 21:22 - 00000996 _____ () C:\Documents and Settings\Francis\Desktop\magicJack.lnk
2014-10-18 11:02 - 2008-04-14 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-18 11:01 - 2014-07-15 20:39 - 00000528 _____ () C:\WINDOWS\Tasks\PandaUSBVaccine.job
2014-10-18 11:01 - 2009-08-26 18:21 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-18 11:01 - 2009-08-26 11:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-18 11:01 - 2009-08-26 11:10 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-18 10:30 - 2012-08-17 22:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-17 19:17 - 2010-02-07 04:11 - 00000000 ____D () C:\Program Files\Java
2014-10-17 19:14 - 2014-08-08 23:35 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-17 19:14 - 2014-08-08 23:34 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-17 09:43 - 2010-02-12 19:00 - 00000000 ____D () C:\Documents and Settings\Francis\My Documents\Receipts
2014-10-16 23:48 - 2013-08-15 09:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 23:32 - 2014-04-18 23:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-10-16 23:30 - 2010-01-28 21:53 - 00000000 ____D () C:\Program Files\Trillian
2014-10-16 23:25 - 2009-08-26 18:22 - 00000178 ___SH () C:\Documents and Settings\Francis\ntuser.ini
2014-10-09 14:29 - 2009-08-30 15:07 - 00000000 ____D () C:\Documents and Settings\Francis\Application Data\Mozilla
2014-10-08 15:00 - 2014-04-02 17:58 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-05 14:47 - 2010-01-29 19:27 - 00000000 ____D () C:\Documents and Settings\Francis\Application Data\QuickScan
2014-10-05 13:33 - 2014-06-19 00:11 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 11:28 - 2014-05-27 22:16 - 00022483 _____ () C:\WINDOWS\setupapi.log
2014-10-03 12:16 - 2011-06-17 22:02 - 00000000 ____D () C:\Documents and Settings\Francis\Application Data\vlc
2014-10-03 10:03 - 2010-01-25 03:00 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-28 16:13 - 2010-02-03 15:05 - 00000000 ____D () C:\Documents and Settings\Francis\Application Data\wsInspector
2014-09-26 11:50 - 2011-04-05 02:36 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-26 11:50 - 2011-04-05 02:36 - 00000000 ____D () C:\Documents and Settings\Francis\Start Menu\Programs\WinRAR
2014-09-26 11:50 - 2011-04-05 02:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2014-09-25 00:13 - 2013-07-26 09:30 - 00622714 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-484763869-1801674531-1003-0.dat
2014-09-25 00:13 - 2013-07-26 09:30 - 00186142 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

Some content of TEMP:
====================
C:\Documents and Settings\Francis\Local Settings\temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Francis\Local Settings\temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Francis\Local Settings\temp\jre-8u25-windows-au.exe
C:\Documents and Settings\Francis\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Francis\Local Settings\temp\SkypeSetup.exe
C:\Documents and Settings\Francis\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014
Ran by Francis at 2014-10-20 11:08:18
Running from C:\Documents and Settings\Francis\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall (Disabled) {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Camera Window (Version: 4.5.2 - Canon) Hidden
Canon Camera WIA Driver (Version: 5.1 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}) (Version: 4.5.2 - Canon)
Canon EOS 10D WIA Driver (HKLM\...\InstallShield_{095659A2-739F-4D9A-A916-66C7CAD16F9E}) (Version: 5.1 - Canon)
Canon EOS Kiss REBEL 300D WIA Driver (HKLM\...\InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}) (Version: 5.1 - Canon)
Canon PhotoRecord (HKLM\...\{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}) (Version: 02.00.00029 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}) (Version: 0.9.0 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}) (Version: 0.9.0 - Canon)
Canon Utilities File Viewer Utility 1.3 (HKLM\...\InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}) (Version: 1.3.2 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}) (Version: 3.1.10 - Canon)
Canon Utilities RemoteCapture 2.7 (HKLM\...\InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}) (Version: 2.7.5 - Canon)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.05.01148 - CISRA)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
ConvertXtoDVD 4.1.2.336 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.2.336 - )
Darwinia (HKLM\...\Steam App 1500) (Version:  - Introversion Software)
Deathmatch Classic (HKLM\...\Steam App 40) (Version:  - Valve)
Doom 3 (HKLM\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (Version: 1.00.0000 - Activision) Hidden
EASEUS Partition Master 5.5.1 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
EMET 4.1 Update 1 (HKLM\...\{6A09FEB2-691C-456B-B982-2F6D21B19602}) (Version: 4.1.1 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
File Viewer Utility 1.3.2 (Version: 1.3.2 - Canon) Hidden
Google Talk Plugin (HKLM\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Half-Life 2: Deathmatch (HKLM\...\Steam App 320) (Version:  - Valve)
I-Fluid (HKLM\...\Steam App 23200) (Version:  - Exkee)
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
IncrediMail (Version: 6.3.9.5260 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM\...\IncrediMail) (Version: 6.3.9.5260 - IncrediMail Ltd.)
Intel® Desktop Utilities (HKLM\...\InstallShield_{F5982296-84CC-4D5B-B791-B03650F3380E}) (Version: 3.0.12.17 - OSA Technologies Inc., An Avocent Company)
Intel® Desktop Utilities (Version: 3.0.12.17 - OSA Technologies Inc., An Avocent Company) Hidden
Intel® Network Connections 14.2.100.0 (HKLM\...\{EEEFE7A9-293E-4F5F-A114-81731A9C3826}) (Version: 14.2.100.0 - Intel)
Intel® SMBus (HKLM\...\SMBus) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
K-Lite Codec Pack 5.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Logitech Gaming Software 5.09 (HKLM\...\{4EDD761B-5253-4CD1-A309-9DFEE960E344}) (Version: 5.09.131 - Logitech)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Machinarium Demo (HKLM\...\Steam App 40710) (Version:  - Amanita Design)
magicJack (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
magicJack Recovery Tool 1.0 (HKLM\...\magicJack Recovery Tool_is1) (Version:  - magicJack, L.P.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Lite (HKLM\...\{dde385a2-0452-4add-bbf2-91443cb9c7d6}) (Version:  - Nero AG)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.31.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Control Panel 335.28 (Version: 335.28 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.28 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA nView 141.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.00 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
Online Armor 6.0 (HKLM\...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Panda USB Vaccine 1.0.0.50a (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (Version: 1.0.0.1009 - IncrediMail) Hidden
PhotoStitch (Version: 3.1.10 - Canon) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1404.19 - Trusteer) Hidden
RAW Image Task (Version: 0.9.0 - Canon) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5911 - Realtek Semiconductor Corp.)
RemoteCapture 2.7.5 (Version: 2.7.5 - Canon) Hidden
RemoteCapture Task (Version: 0.9.0 - Canon) Hidden
Replay Media Catcher 4 (4.4.5) (HKLM\...\Replay Media Catcher 4) (Version: 4.4.5 - Applian Technologies)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.19 - Trusteer)
TweakNow RegCleaner 2011 (HKLM\...\TweakNow RegCleaner 2011_is1) (Version: 6.2.1 - TweakNow.com)
Uninstall Startup Inspector (HKLM\...\{DE114695-AE58-4B66-8E0F-2505188602FB}_is1) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Pool 3 (HKLM\...\Virtual Pool 3) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{6F1DC701-9891-11d5-B8C6-444553540001}\InprocServer32 -> C:\Program Files\Trillian\buddy.dll (Cerulean Studios)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{B7125B4E-CA73-47f1-AEAA-6B3EFA553F5A}\InprocServer32 -> C:\Program Files\Trillian\events.dll (Cerulean Studios)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-823518204-484763869-1801674531-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll  (the data entry has 7 more characters).

==================== Restore Points  =========================

22-07-2014 14:45:41 System Checkpoint
23-07-2014 19:03:13 System Checkpoint
24-07-2014 21:35:25 System Checkpoint
25-07-2014 21:40:45 System Checkpoint
26-07-2014 22:03:10 System Checkpoint
27-07-2014 22:24:58 System Checkpoint
29-07-2014 08:11:40 System Checkpoint
01-08-2014 00:39:24 System Checkpoint
02-08-2014 07:03:11 System Checkpoint
03-08-2014 07:48:32 System Checkpoint
04-08-2014 09:50:47 System Checkpoint
05-08-2014 15:39:01 System Checkpoint
06-08-2014 20:52:28 System Checkpoint
08-08-2014 06:49:37 System Checkpoint
09-08-2014 06:33:33 Removed Java 7 Update 25
09-08-2014 06:34:26 Installed Java 7 Update 67
10-08-2014 06:45:54 System Checkpoint
11-08-2014 08:34:48 System Checkpoint
13-08-2014 04:00:19 System Checkpoint
14-08-2014 05:21:06 System Checkpoint
15-08-2014 08:14:04 System Checkpoint
16-08-2014 20:34:45 System Checkpoint
17-08-2014 22:31:24 System Checkpoint
19-08-2014 06:35:39 System Checkpoint
20-08-2014 07:52:52 System Checkpoint
21-08-2014 02:53:26 Installed Rapport
22-08-2014 08:09:55 System Checkpoint
23-08-2014 08:29:39 System Checkpoint
24-08-2014 16:25:46 System Checkpoint
25-08-2014 18:58:59 System Checkpoint
26-08-2014 20:41:37 System Checkpoint
27-08-2014 21:13:23 System Checkpoint
30-08-2014 23:45:33 System Checkpoint
01-09-2014 03:10:15 System Checkpoint
02-09-2014 03:16:04 System Checkpoint
03-09-2014 06:17:49 System Checkpoint
04-09-2014 09:16:41 System Checkpoint
05-09-2014 20:51:22 System Checkpoint
06-09-2014 20:56:34 System Checkpoint
07-09-2014 21:49:47 System Checkpoint
09-09-2014 00:35:16 System Checkpoint
09-09-2014 19:08:11 Installed Rapport
10-09-2014 00:13:36 Software Distribution Service 3.0
11-09-2014 02:15:25 System Checkpoint
12-09-2014 03:46:18 System Checkpoint
13-09-2014 06:16:50 System Checkpoint
14-09-2014 08:15:42 System Checkpoint
15-09-2014 15:46:18 System Checkpoint
16-09-2014 19:46:12 System Checkpoint
17-09-2014 19:46:58 System Checkpoint
18-09-2014 20:39:14 System Checkpoint
19-09-2014 22:58:25 System Checkpoint
21-09-2014 00:17:17 System Checkpoint
22-09-2014 01:25:29 System Checkpoint
23-09-2014 01:46:39 System Checkpoint
25-09-2014 08:36:07 System Checkpoint
26-09-2014 16:06:38 System Checkpoint
27-09-2014 20:06:52 System Checkpoint
28-09-2014 23:43:22 System Checkpoint
30-09-2014 07:12:09 System Checkpoint
01-10-2014 07:22:02 System Checkpoint
02-10-2014 08:35:12 System Checkpoint
03-10-2014 10:52:15 System Checkpoint
04-10-2014 12:19:41 System Checkpoint
05-10-2014 18:12:45 System Checkpoint
06-10-2014 21:27:15 System Checkpoint
08-10-2014 07:06:34 System Checkpoint
09-10-2014 14:11:11 System Checkpoint
10-10-2014 20:06:05 System Checkpoint
14-10-2014 20:46:59 System Checkpoint
16-10-2014 06:19:55 System Checkpoint
17-10-2014 06:31:56 Installed Rapport
17-10-2014 06:35:10 Software Distribution Service 3.0
18-10-2014 18:34:57 System Checkpoint
20-10-2014 00:50:00 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 05:00 - 2013-08-20 18:28 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\EASEUS Partition Master 5.5.1 Home Edition.job => C:\PROGRA~1\EASEUS\EASEUS~1.1H~\bin\epm0.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-1801674531-1003Core.job => C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-1801674531-1003UA.job => C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Malwarebytes' Anti-Malware.job => C:\PROGRA~1\MALWAR~1\mbam.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PandaUSBVaccine.job => C:\Program Files\Panda USB Vaccine\USBVaccine.exe

==================== Loaded Modules (whitelisted) =============

2014-04-29 10:28 - 2014-04-29 10:28 - 00082952 _____ () C:\Program Files\EMET 4.1\EMET_CE.DLL
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2014-04-18 11:28 - 2014-07-12 00:55 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-20 02:59 - 2014-10-20 02:59 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102000\algo.dll
2005-07-05 11:12 - 2005-07-05 11:12 - 01013248 _____ () C:\WINDOWS\system32\indy70.bpl
2006-07-31 17:09 - 2006-07-31 17:09 - 06394880 _____ () C:\WINDOWS\system32\TMSD7.bpl
2010-03-04 17:14 - 2010-08-28 20:22 - 00075064 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2010-03-04 17:14 - 2010-10-09 12:43 - 00189480 _____ () C:\WINDOWS\system32\PnkBstrB.exe
2011-06-12 21:10 - 2011-06-12 21:10 - 00045056 _____ () C:\WINDOWS\system32\UTSCSI.EXE
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2014-04-18 11:28 - 2014-07-12 00:55 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2008-04-14 05:00 - 2008-04-14 05:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 05:00 - 2008-04-14 05:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-03-26 09:51 - 2013-03-26 09:51 - 00033128 _____ () C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
2013-03-26 09:52 - 2013-03-26 09:52 - 00072104 _____ () C:\Program Files\IncrediMail\Bin\wlessfp1.dll
2013-03-26 09:51 - 2013-03-26 09:51 - 00268712 _____ () C:\Program Files\IncrediMail\Bin\ImLookExU.dll
2013-03-26 09:51 - 2013-03-26 09:51 - 00080296 _____ () C:\Program Files\IncrediMail\bin\ImAppRU.dll
2013-03-26 09:51 - 2013-03-26 09:51 - 00133544 _____ () C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
2014-07-04 10:00 - 2014-07-04 10:00 - 00084344 _____ () C:\Documents and Settings\Francis\Application Data\mjusbsp\octvqem_apiw.DLL
2012-07-27 00:00 - 2012-07-27 00:00 - 00059904 _____ () C:\Program Files\Trillian\zlib1.dll
2014-10-15 00:12 - 2014-10-15 00:13 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-10-05 12:33 - 2013-03-01 14:29 - 02557544 _____ () C:\Program Files\SpywareBlaster\spywareblaster.exe
2014-10-05 12:33 - 2010-01-28 19:34 - 00417792 _____ () C:\Program Files\SpywareBlaster\SQLite3SB.dll
2012-07-27 00:00 - 2012-07-27 00:00 - 00065536 _____ () C:\Program Files\Trillian\libungif.dll
2012-07-27 00:00 - 2012-07-27 00:00 - 00007168 _____ () c:\program files\trillian\languages\en\trillian.dll
2012-07-27 00:00 - 2012-07-27 00:00 - 00193024 _____ () C:\Program Files\Trillian\libspeex.dll
2012-07-27 00:00 - 2012-07-27 00:00 - 00003584 _____ () c:\program files\trillian\languages\en\toolkit.dll
2012-07-27 00:00 - 2012-07-27 00:00 - 00006656 _____ () c:\program files\trillian\languages\en\events.dll
2012-07-27 00:00 - 2012-07-27 00:00 - 00011264 _____ () c:\program files\trillian\languages\en\buddy.dll
2012-07-27 00:00 - 2012-07-27 00:00 - 00008704 _____ () c:\program files\trillian\languages\en\talk.dll
2012-12-27 17:40 - 2012-12-27 17:40 - 00109040 _____ () C:\Program Files\IncrediMail\Bin\pmc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\STAR WARS REBELS: SPARK OF REBELLION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-823518204-484763869-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-823518204-484763869-1801674531-1004 - Limited - Enabled)
Francis (S-1-5-21-823518204-484763869-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Francis
Guest (S-1-5-21-823518204-484763869-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-823518204-484763869-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-823518204-484763869-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2014 10:41:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.0.5397, faulting module mozalloc.dll, version 33.0.0.5397, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/18/2014 10:10:33 PM) (Source: EME


#11 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 20 October 2014 - 04:20 PM

finally got AdwCleaner to run to conclusion in safemode and found 11 reports were generated, i'm assuming one for each attempt.  do u want all the reports or just AdwCleaner[S1].txt?



#12 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 20 October 2014 - 04:37 PM

jftr, my reboot takes less time and my programs load faster now



#13 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 22 October 2014 - 09:57 AM

attempted to uninstall adobe reader using add/remove programs and got the following error msg:  "this patch package could not be opened.  verify that the patch package exists and that u can access it or contact the application vendor to verify that this is a valid windows installer patch package."  i'm currently using foxit to access my .pdf files, any idea on how to get rid of adobe reader X (10.4.1)?



#14 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 24 October 2014 - 07:16 AM

Hello oneeyedfranc.

 

Thank you for your time and patience.

 

finally got AdwCleaner to run to conclusion in safemode and found 11 reports were generated, i'm assuming one for each attempt.  do u want all the reports or just AdwCleaner[S1].txt?

Good work. Please post two reports: AdwCleaner[S1].txt and the most recent one, AdwCleaner[Sx].txt, where x is the largest number.

 

Totally uninstall the programs listed below, using the Revo Uninstaller.

  • Chinese Simplified Fonts Support For Adobe Reader 9
  • Adobe Reader X (10.1.4)
  • Adobe Reader XI (11.0.08)

Download and run the free version of Revo Uninstaller.

Find and select, one at a time, each of the programs listed above and click Uninstall.
Set it to 'Advanced' and click Scan.
Revo will do this:
Step 1. Create restore point.
Step 2. Run the official listed programs uninstaller.
Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants.  Delete everything found (Select All, Delete All).
Reboot if asked to.

 

 

If you still want to continue using Adobe Reader, please install the latest version from here.

Note: Pay attention to uncheck the optional offer box (McAfee Security Scan Plus).

 

 

Please tell me if you know this folder and what is its content? It is located in your Desktop.

Spyware Tools & Reports

 

Next:

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

Note: Do not include the word "Quote"

 

start

 
HKLM\...\Policies\Explorer: [NoCDBurning] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.1.18\ma\bin\npMotive.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}-trash [2011-03-11]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-10-15]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]
CHR HKLM\...\Chrome\Extension: [hjakmojkcnhgipgkkbiempkfdndcnlah] - C:\Documents and Settings\All Users\Application Data\Codec-C\hjakmojkcnhgipgkkbiempkfdndcnlah.crx [2014-07-12]
S2 AGCoreService; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
AlternateDataStreams: C:\WINDOWS\system32\STAR WARS REBELS: SPARK OF REBELLION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
[EmptyTemp]
 
end

 

Save the file as fixlist.txt in to the same folder as FRST.

Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

 

Note: I see you previously either ran ComboFix. It's not designed to be run except under supervision (if that was the case), and it also needs to be properly uninstalled with final instructions closing a help topic, or something to that effect.

 

Now please download ComboFix.exe and save it to your Desktop. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

 

 

Please don't forget to re-enable your AntiVirus and Firewall as well. It is really dangerous to go online without these protections.

 

 

Please post the following in your next reply:

 

Tell me if you were sucessfull uninstalling the three programs above.

FRST fixlog.

ComboFix log.

 

How is your computer running? Is it still seems to be running faster?

Do you have any other issues with your computer?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#15 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 24 October 2014 - 10:07 AM

# AdwCleaner v4.000 - Report created 18/10/2014 at 10:46:15
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Francis - FRANC-E0B09C9DC
# Running from : C:\Documents and Settings\Francis\Desktop\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21376


-\\ Mozilla Firefox v33.0 (x86 en-US)
 



#16 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 24 October 2014 - 10:08 AM

# AdwCleaner v4.000 - Report created 20/10/2014 at 14:59:45
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Francis - FRANC-E0B09C9DC
# Running from : C:\Documents and Settings\Francis\Desktop\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21376


-\\ Mozilla Firefox v33.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1346 octets] - [18/10/2014 10:18:38]
AdwCleaner[R1].txt - [882 octets] - [18/10/2014 10:43:09]
AdwCleaner[R2].txt - [1237 octets] - [20/10/2014 14:06:33]
AdwCleaner[R3].txt - [1298 octets] - [20/10/2014 14:12:51]
AdwCleaner[R4].txt - [1180 octets] - [20/10/2014 14:27:43]
AdwCleaner[R5].txt - [1299 octets] - [20/10/2014 14:57:59]
AdwCleaner[S0].txt - [1181 octets] - [18/10/2014 10:23:12]
AdwCleaner[S1].txt - [587 octets] - [18/10/2014 10:46:15]
AdwCleaner[S2].txt - [825 octets] - [20/10/2014 14:15:47]
AdwCleaner[S3].txt - [587 octets] - [20/10/2014 14:30:52]
AdwCleaner[S4].txt - [1214 octets] - [20/10/2014 14:59:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1274 octets] ##########
 



#17 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 24 October 2014 - 12:12 PM

was able to succesfully uninstall all 3 adobe items and hopefully all of the associated registry crap but i did get the "this patch could not be opened..." error msg during the uninstall of ARX (10.1.4).  fortunately it did not prevent the uninstall.



#18 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 24 October 2014 - 01:11 PM

Spyware Tools & Reports is the folder where i store the programs and reports that u recommend for me to use.  the contents of that folder r as follows:

 

Scan Logs (folder)

adwcleaner_4.000.exe
Aswmbr.exe
Ccleaner.lnk
Dds.scr
EMET Setup.msi
esetsmartinstaller_enu.exe
Jrt.exe
revosetup.exe
SecurityCheck.exe
SpywareBlaster.lnk
spywareblastersetup50.exe
USBVaccineSetup50a.zip
Windows-KB890830-V5.17.exe
Frst.exe



#19 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 24 October 2014 - 01:33 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2014
Ran by Francis at 2014-10-24 12:29:18 Run:1
Running from C:\Documents and Settings\Francis\Desktop\Spyware Tools & Reports
Loaded Profile: Francis (Available profiles: Francis)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Policies\Explorer: [NoCDBurning] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.1.18\ma\bin\npMotive.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}-trash [2011-03-11]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-10-15]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]
CHR HKLM\...\Chrome\Extension: [hjakmojkcnhgipgkkbiempkfdndcnlah] - C:\Documents and Settings\All Users\Application Data\Codec-C\hjakmojkcnhgipgkkbiempkfdndcnlah.crx [2014-07-12]
S2 AGCoreService; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
AlternateDataStreams: C:\WINDOWS\system32\STAR WARS REBELS: SPARK OF REBELLION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
[EmptyTemp]
end


*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\Extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}-trash => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Moved successfully.
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found] => not found.
FF Extension: No Name - wrc@avast.com [Not Found] => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah" => Key deleted successfully.
"C:\Documents and Settings\All Users\Application Data\Codec-C\hjakmojkcnhgipgkkbiempkfdndcnlah.crx" => File/Directory not found.
AGCoreService => Service deleted successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
MREMP50 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50 => Service deleted successfully.
PxHelp20 => Service deleted successfully.
SBRE => Service deleted successfully.
C:\WINDOWS\system32\STAR WARS REBELS => ": SPARK OF REBELLION" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
[EmptyTemp] => Error: No automatic fix found for this entry.

==== End of Fixlog ====



#20 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 24 October 2014 - 02:14 PM

do i need to be connected to the internet when running ComboFix?  if not then i was planning to disconnect since all of my protection will be disabled...



#21 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 25 October 2014 - 12:45 PM

Hi oneeyedfranc.
 

Spyware Tools & Reports is the folder where i store the programs and reports that u recommend for me to use.

Please note that if the instructions say to run the tools from a specific location, generally the Desktop, that's where the tool needs to be run from.
 
Please from now on download and run any suggested tool from the location specified in the instructions.
 
 

do i need to be connected to the internet when running ComboFix?  if not then i was planning to disconnect since all of my protection will be disabled...

Yes you need to be connected to the internet because ComboFix will try to establish a connection in order to check whether there are updates to do. You do not need to worry as long as you follow the instructions step by step.
 

Now please follow the instructions to run ComboFix and post its log as asked before.

 

Please ask if you have more questions.

How is your computer running now?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#22 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 30 October 2014 - 12:19 PM

started ComboFix after 9am and it's been at "completed stage 47" for the last hour, what do I do?



#23 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 30 October 2014 - 02:45 PM

ComboFix hung at "Completed Stage_47" until I manually shutdown at 12:40pm.  Restarted holding F8 to reboot in safe mode with command prompt.  typed in "%system%\system32\restore\rstui.exe" and hit enter.  'C:\WINDOWS\system32\restore\rstui.exe' is not recognized asa an internal or external command, operable program or batch file'  exit - manual shutdown - restart - ran system restore from 3:48am restore point.  system restart - shutdown avast and panda - ran ComboFix at 1:18pm.  scan is currently running will post when (or if) scan completes...



#24 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 30 October 2014 - 04:35 PM

ComboFix hung at Stage_41 at approx. 1:50pm.  at 2:48pm manually shutdown.  restarted computer and inserted FixMeStick.  FixMeStick rebooted at 3pm, scan is running, would u like to see the results when it's finished?



#25 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 30 October 2014 - 06:22 PM

Hello oneeyedfranc.

 

FixMeStick rebooted at 3pm, scan is running, would u like to see the results when it's finished?

Only if it deleted any entries or made any changes to the computer.

However, please do not use any tools apart from the tools that I ask you to use. This is very important.

 

If you are having problems running ComboFix, please try the following:

 

Please download TFC to your Desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job.
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean.

 

Download Rkill by Grinler from one of these links:

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Save Rkill to your Desktop.
Double-click on Rkill to run it.

Note: If the first one does not run successfully, download and try the other copies (with a different file extensions) and see if one of them will run.

Once Rkill has successfully run do not reboot the computer.

 

 

Next: Delete your current version of ComboFix.

 

Temporarily disable all anti virus and anti malware programs and then download ComboFix from here

 

I want you to rename ComboFix.exe as you download it to winlogon.exe and save it to your Desktop. <--- Very important

 

Close any open browsers and programs.

  • Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on winlogon.exe icon
  • If ComboFix asks to update, please allow it to do so.
  • When ComboFix finished, will open a window with the generated report.

 

Please include the content of this report in your next reply. You can find it in C:\ComboFix.txt

 

How is your computer running?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#26 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 30 October 2014 - 10:46 PM

FixMeStick scans FRANC-E0B09C9DC (Windows XP sp3, 32 bit) Scan Files Scanned Result   Oct. 30, 2014, 6:14 p.m. 282768 30 threats found and cleaned
  :\Program Files\USArmy\America's Army 3\Binaries\pb\pbcls.dll App/Punkbust-B - Sophos Quarantined   :\Program Files\USArmy\America's Army 3\Binaries\pb\pbcl.dll App/Punkbust-B - Sophos Quarantined   :\Program Files\USArmy\America's Army 3\Binaries\pb\dll\wc002184.dll App/Punkbust-B - Sophos Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP536\A0329421.exe Trojan.Win32.Generic!BT - Vipre Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP528\A0310999.exe not-a-virus:WebToolbar.Win32.Agent.avw - Kaspersky
Conduit (fs) - Vipre Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP528\A0311000.exe Cnet AdInstaller (fs) - Vipre Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP553\A0357727.exe App/NirCmd-Gen - Sophos Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP552\A0353375.exe App/NirCmd-Gen - Sophos Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP553\A0357696.exe App/NirCmd-Gen - Sophos Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP553\A0357710.exe App/NirCmd-Gen - Sophos Quarantined   :\WINDOWS\NIRCMD.exe App/NirCmd-Gen - Sophos Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP553\A0357786.exe App/NirCmd-Gen - Sophos Quarantined   :\System Volume Information\_restore{00FA3D1D-11AB-4BF9-B6B7-3CE0B0881C18}\RP553\A0360045.exe App/NirCmd-Gen - Sophos Quarantined   :\Documents and Settings\Francis\Application Data\Sun\Java\Deployment\cache\6.0\60\3948f97c-3c2357f3 Troj/JavaMal-H - Sophos
Trojan.Java.Jobfus.gen (v) - Vipre
HEUR:Exploit.Java.Generic - Kaspersky Quarantined   :\Documents and Settings\Francis\Desktop\ComboFix.exe App/NirCmd-Gen - Sophos Quarantined   :\ComboFix\NirCmd.3XE App/NirCmd-Gen - Sophos Quarantined   :\Documents and Settings\Francis\Desktop\Spyware Tools & Reports\SecurityCheck.exe App/NirCmd-Gen - Sophos Quarantined   :\ComboFix\NirCmdC.3XE App/NirCmd-Gen - Sophos Quarantined   :\ComboFix\iexplore.exe App/NirCmd-Gen - Sophos Quarantined   :\Documents and Settings\Francis\Desktop\tools\del_run.exe Trojan.Win32.Generic!BT - Vipre Quarantined   :\ComboFix\NIRKMD.3XE App/NirCmd-Gen - Sophos Quarantined   :\Documents and Settings\Francis\Desktop\tools\leaktest.exe App/LeakTest-D - Sophos Quarantined   :\Documents and Settings\Francis\Desktop\tools\SecurityCheck.exe App/NirCmd-Gen - Sophos Quarantined   :\Documents and Settings\Francis\Desktop\Spyware Tools & Reports\adwcleaner_4.000.exe Trojan.Win32.Generic!BT - Vipre Quarantined   :\ComboFix\NircmdB.exe App/NirCmd-Gen - Sophos Quarantined   :\Documents and Settings\Francis\My Documents\FrostWire\Incomplete\T-11652823-dad loves my pussy incest 15yr, 9yo pedo.mov Exploit.Win32.QuickLoad.f - Kaspersky Quarantined   :\Documents and Settings\Francis\Local Settings\temp\Av-test.txt EICAR-Test-File - Kaspersky
EICAR-AV-Test - Sophos Quarantined   :\Download Archive\3d_magic_install.exe BehavesLike.Win32.Malware.sfm (mx-v) - Vipre Quarantined   :\Download Archive\photomail_install.exe BehavesLike.Win32.Malware.sfm (mx-v) - Vipre Quarantined   :\Download Archive\Google Updater.exe Trojan.Win32.Generic!SB.0 - Vipre Quarantined
 

#27 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 31 October 2014 - 05:58 PM

Hello oneeyedfranc.

 

According to the log that you have posted, it seems that some of the tools that I suggested you to use so far, such as ComboFix, AdwCleaner and Security Check, were detected as threats by FixMeStick. However these are legitimate files, not malware. For some reason FixMeStick considered them to be a threat.

This is why it is very important that you do not use any other tools on the machine except the tools that I ask you to run.

 

 

Please delete your current version of ComboFix.

 

Temporarily disable all anti virus and anti malware programs and then download ComboFix from here

 

I want you to rename ComboFix.exe as you download it to winlogon.exe and save it to your Desktop. <--- Very important

 

Close any open browsers and programs.

  • Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on winlogon.exe icon
  • If ComboFix asks to update, please allow it to do so.
  • When ComboFix finished, will open a window with the generated report.

 

Please include the content of this report in your next reply. You can find it in C:\ComboFix.txt

 

How is your computer running?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#28 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 31 October 2014 - 06:19 PM

do u still want me to run TFC and Rkill?



#29 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 31 October 2014 - 06:20 PM

should i run TFC and Rkill before or after i run the renamed ComboFix?



#30 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 31 October 2014 - 06:22 PM

Not for now. Follow my instructions to run only the ComboFix.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#31 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 01 November 2014 - 12:36 PM


 

  • Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

does that include EMET?  if so, how do i shut it down?



#32 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 02 November 2014 - 04:21 PM

Hello oneeyedfranc.

 

  • Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

does that include EMET?  if so, how do i shut it down?

Since EMET provides only mitigation measures to prevent exploits of the vulnerabilities in programs and Windows but isn't exactly an antivirus or anti malware program, you do not need to disable it to run ComboFix.

 

Please rename ComboFix and run it.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#33 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 03 November 2014 - 05:25 PM

ComboFix 14-10-29.01 - Francis 11/03/2014  14:36:01.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3322.2386 [GMT -8:00]
Running from: c:\documents and settings\Francis\Desktop\winlogon.exe.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\msdownld.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-03 to 2014-11-03  )))))))))))))))))))))))))))))))
.
.
2014-11-02 23:57 . 2014-11-02 23:57    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-10-31 22:55 . 2014-10-31 22:55    234752    ----a-w-    c:\windows\system32\drivers\afcdp.sys
2014-10-31 22:54 . 2014-10-31 22:54    130488    ----a-w-    c:\windows\system32\drivers\tib_mounter.sys
2014-10-31 22:53 . 2014-10-31 22:53    736192    ----a-w-    c:\windows\system32\drivers\tib.sys
2014-10-31 22:53 . 2014-10-31 22:53    888640    ----a-w-    c:\windows\system32\drivers\tdrpman.sys
2014-10-31 22:52 . 2014-10-31 22:52    116000    ----a-w-    c:\windows\system32\drivers\vididr.sys
2014-10-31 22:51 . 2014-10-31 22:51    85280    ----a-w-    c:\windows\system32\drivers\vidsflt.sys
2014-10-31 22:51 . 2014-10-31 22:51    158496    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-10-31 22:50 . 2014-10-31 22:50    81184    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
2014-10-31 22:49 . 2014-10-31 22:49    --------    d-----w-    c:\program files\Acronis
2014-10-31 22:49 . 2014-10-31 22:55    --------    d-----w-    c:\program files\Common Files\Acronis
2014-10-30 21:57 . 2014-10-30 21:58    --------    d-----w-    C:\FixMeStick
2014-10-30 20:22 . 2014-11-03 22:33    --------    d-----w-    C:\ComboFix
2014-10-30 19:45 . 2014-10-30 19:45    --------    d---a-w-    C:\FixMeStick Quarantine
2014-10-21 07:45 . 2014-10-21 07:45    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\Foxit Software
2014-10-21 04:53 . 2014-10-28 05:57    --------    d-----w-    c:\documents and settings\Francis\Application Data\Foxit Software
2014-10-21 04:52 . 2014-10-21 04:52    --------    d-----w-    c:\documents and settings\All Users\Foxit Software
2014-10-21 04:52 . 2014-10-21 04:52    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Foxit Software
2014-10-21 04:51 . 2014-10-21 04:51    --------    d-----w-    c:\program files\Foxit Software
2014-10-18 17:18 . 2014-10-20 22:24    --------    d-----w-    C:\AdwCleaner
2014-10-18 02:16 . 2014-10-18 02:16    --------    d-----w-    c:\program files\Common Files\Java
2014-10-05 21:07 . 2014-10-05 21:07    --------    d-----w-    c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-23 05:50 . 2012-11-13 18:58    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-23 05:50 . 2011-05-24 22:18    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-18 02:14 . 2014-08-09 06:34    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-18 02:14 . 2014-08-09 06:35    146432    ----a-w-    c:\windows\system32\javacpl.cpl
2014-10-05 20:33 . 2014-06-19 07:11    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-01 19:42 . 2014-10-01 19:42    208888    ----a-w-    c:\windows\system32\drivers\RapportKELL.sys
2012-09-16 13:30 . 2012-09-16 13:30    4096000    ----a-w-    c:\program files\GUT4C47.tmp
2012-07-16 01:41 . 2012-07-14 21:30    4024320    ----a-w-    c:\program files\GUTC4D.tmp
2012-04-11 06:24 . 2012-03-25 07:30    3993600    ----a-w-    c:\program files\GUT30C.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-12 07:55    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Francis\Application Data\mjusbsp\cdloader2.exe" [2014-07-04 51592]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2013-03-26 367016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2013-10-15 7558464]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2014-03-09 15714592]
"NvMediaCenter"="NvMCTray.dll" [2014-03-09 377288]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2014-03-09 2593056]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"EMET 4.1 Update 1 Agent"="c:\program files\EMET 4.1\EMET_agent.exe" [2014-04-29 81416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2014-03-06 6382144]
"AcronisTibMounterMonitor"="c:\program files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 412480]
.
c:\documents and settings\Francis\Start Menu\Programs\Startup\
SpywareBlaster.lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2014-10-5 2557544]
Webshots.lnk - c:\program files\Webshots\3.1.5.7620\Launcher.exe  /t [2012-10-11 157128]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Panda USB Vaccine.lnk - c:\program files\Panda USB Vaccine\USBVaccine.exe /resident /autovaccinate /experimentalntfs  /shownow [2014-7-15 412416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2013-10-15 1033968]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Francis\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\darwinia\\darwinia.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\i-fluid\\I-Fluid.exe"=
"c:\\Program Files\\Steam\\steamapps\\oneeyedfranc\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe"=
"c:\\Documents and Settings\\Francis\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/18/2014 10:28 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/18/2014 10:28 AM 192352]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [10/31/2014 2:50 PM 81184]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 tib;Acronis TIB Manager;c:\windows\system32\drivers\tib.sys [10/31/2014 2:53 PM 736192]
R0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [10/31/2014 2:54 PM 130488]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [10/31/2014 2:52 PM 116000]
R0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\drivers\vidsflt.sys [10/31/2014 2:51 PM 85280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [4/18/2014 10:28 AM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [4/18/2014 10:28 AM 414520]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/5/2013 11:57 AM 210360]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/5/2013 11:57 AM 34856]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/5/2013 11:57 AM 31912]
R1 RapportCerberus_80055;RapportCerberus_80055;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys [10/16/2014 10:35 PM 430264]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/1/2014 11:42 AM 251288]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [10/31/2014 2:55 PM 3783672]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [4/18/2014 10:28 AM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/18/2014 10:28 AM 67824]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [10/20/2014 8:52 PM 242912]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [4/18/2014 10:56 PM 1593632]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2/5/2013 11:56 AM 584864]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/1/2014 11:42 AM 1919256]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [3/26/2013 5:23 PM 7084672]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [10/31/2014 2:55 PM 234752]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [6/16/2011 11:12 PM 28256]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2/5/2013 11:57 AM 44984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [4/3/2014 7:21 PM 315008]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\OAsrv.exe [2/5/2013 11:56 AM 4457688]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/30/2009 1:40 PM 1684736]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [6/16/2011 11:12 PM 28256]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4/22/2010 8:27 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4/22/2010 8:27 PM 8456]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/1/2014 11:42 AM 208888]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 2:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 2:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 2:21 AM 136808]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [10/5/2010 7:30 AM 25088]
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-13 05:50]
.
2014-11-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-12 07:55]
.
2014-11-03 c:\windows\Tasks\EASEUS Partition Master 5.5.1 Home Edition.job
- c:\progra~1\EASEUS\EASEUS~1.1H~\bin\epm0.exe [2010-04-23 00:14]
.
2014-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-1801674531-1003Core.job
- c:\documents and settings\Francis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 05:30]
.
2014-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-1801674531-1003UA.job
- c:\documents and settings\Francis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 05:30]
.
2014-10-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2014-11-03 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2014-07-16 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.bankofam...a.com/index.jsp
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
Trusted Zone: magicjack.com\data
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tvguide.com/Listings/|https://calendar.yah...e?fromdlom=true
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
AddRemove-Virtual Pool 3 - j:\virtual pool 3\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-03 15:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-484763869-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,ad,5e,ab,e2,ab,8b,00,1d,e3,70,6f,7f,23,ff,f6,a1,a4,06,67,e2,
   89,42,52,21,28,81,45,44,dd,de,a1,5d,33,e0,06,85,b3,d3,ea,a2,73,23,df,36,00,\
"rkeysecu"=hex:9f,67,d6,25,95,99,43,15,61,a2,20,d6,58,54,87,68
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(7792)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Intel\IDU\awServ.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\IncrediMail\Bin\ImApp.exe
c:\progra~1\Webshots\315~1.76~\Webshots.scr
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-11-03  15:09:41 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-03 23:09
ComboFix2.txt  2013-08-21 01:37
.
Pre-Run: 869,570,482,176 bytes free
Post-Run: 870,491,111,424 bytes free
.
- - End Of File - - 174BDED70F3D92E7BE21BD5825877D08
8F558EB6672622401DA993E1E865C861
 



#34 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 03 November 2014 - 05:26 PM

uninstall renamed ComboFix? 



#35 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 04 November 2014 - 05:39 PM

Hi oneeyedfranc.

 

Your ComboFix log appear to be clean. However there is still some work to do.

 

Please delete your old version of SecurityCheck.

 

Download a new version of Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt;

Please post the contents of the SecurityCheck log.

 

How is your computer running? Any further problems?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#36 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 05 November 2014 - 12:40 AM

 Results of screen317's Security Check version 0.99.89  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 CCleaner     
 TweakNow RegCleaner 2011   
 Java 7 Update 67  
 Java 8 Update 25  
 Adobe Flash Player     15.0.0.189  
 Mozilla Firefox (33.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Tall Emu Online Armor OAcat.exe
 Tall Emu Online Armor oasrv.exe
 Tall Emu Online Armor oaui.exe
 Tall Emu Online Armor OAhlp.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#37 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 05 November 2014 - 12:40 AM

computer seems to be running ok...



#38 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 05 November 2014 - 12:45 AM

should i delete SecurityCheck and winlogon.exe



#39 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 06 November 2014 - 04:09 PM

Hello oneeyedfranc.

 

 

should i delete SecurityCheck and winlogon.exe

No.

 

Can you tell me how long ago was FrostWire uninstalled? Frostwire is a P2P (Peer-to-Peer) program.

 

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks.
 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#40 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 06 November 2014 - 04:41 PM

it's been years



#41 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 09 November 2014 - 01:46 AM

now what?



#42 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 09 November 2014 - 09:36 AM

Hello oneeyedfranc.

 

Please wait for further instructions.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#43 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 09 November 2014 - 12:40 PM

standing by...



#44 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 09 November 2014 - 05:11 PM

Hello oneeyedfranc.

 

Your computer appear to be clean. However we still have a few steps to go until the process is completed.

 

STEP 1 - Updates

 

Firewall:

Please enable your Online Armor Firewall.

 

Antivirus:

Please enable your Avast Antivirus and update it.

 

Updating Internet Explorer:

Internet Explorer 7 is out of date. As it is an integral part of the Operating System it is highly recommended to be updated and it is a security risk to not do so. The most recent version of Windows XP is Internet Explorer 8. Please uptate it here.

 

Updating Java:

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable. Please uninstall Java 7 Update 67.

 

If you still want to continue using Adobe Reader, please install the latest version from here.

Note: Pay attention to uncheck the optional offer box (McAfee Security Scan Plus).

 

 

STEP 2 - Disk Defragmentation
Your Drive C: is 22% fragmented. Defragmenting is one of the large reasons for system slowdowns.
Defragment your hard disk every so often. The defrag that comes with Windows XP is fine, or you may prefer O&O Defrag 2000 Freeware which has more interesting graphics. For defragmenting your pagefile and registry hives, I recommend (free) PageDefrag. You may also want to read The Importance of Disk Defragmentation for instructions.

 

Note: As your Drive is very fragmented this operation may take some time.

 

In your next reply please post let me know if all the updates went well. Some problem with the updates may indicate that the computer may still be infected.

 

How is your computer performing now?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#45 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 09 November 2014 - 06:37 PM

IE8 is not compatible with my system.  Java 7 Update 67 uninstalled.  Uninstalled Adobe Reader and replaced it with Foxit.  Drive has been defragged.  Computer seems to be running ok...



#46 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 09 November 2014 - 06:43 PM

firewall and antivirus were re-enabled at the end of the last Combofix scan



#47 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 10 November 2014 - 02:18 AM

any idea why my screensaver craps out on me every so often?



#48 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,100 posts

Posted 12 November 2014 - 05:24 PM

Hello oneeyedfranc.

 

any idea why my screensaver craps out on me every so often?

Please can you give me more information on what's really going on with your Screen Saver? Can you describe it more detail?

Let me tell you that to troubleshoot it would require a never ending series of trial and error solutions.

 

 

IE8 is not compatible with my system.

IE8 is perfectly compatible with your operating system. In fact is the latest version of Internet Explorer that Microsoft produced for Windows XP.

 

Let's try the next step to download and install Internet Explorer 8.

 

Please download Internet Explorer 8 to your Desktop from here

Double click on the file and follow the instructions to install it.

If that doesn't work please click the "Fix it" in Step 2 - Method A from here

 

 

Please let me know if you were able to update Internet Explorer, and explain the problem with your screensaver.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#49 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 12 November 2014 - 06:33 PM

"Please download Internet Explorer 8 to your Desktop from here"

 

Internet Explorer 8 download:
clicking this link takes me to http://windows.microsoft.com/en-us/internet-explorer/download-ie but no download is triggered or available on this page

 

screensaver simply fails to function occasionally.  sometimes switching screensavers re-enables it but when it doesn't, i have a manually triggered screensaver from my webshots program that i use.  since it's not a critical function and i have a workaround, let's not spend alot of time on this...



#50 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 12 November 2014 - 11:55 PM

i'm planning to install fix-it utilities pro 15, any thoughts?






Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!