WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Log FIle Look OK [Solved]

Started by Lewg , Mar 01 2014 09:10 AM

Page 5 of 7
3
4
5
6
7

This topic is locked

91 replies to this topic

#61 Lewg

Silver Member

Authentic Member
393 posts

Posted 25 March 2014 - 02:42 PM

Correction......I want to chat with you about what directorys are NOW in my root directory. Some I have never seen.

Advertisements

Register to Remove

#62 Lewg

Silver Member

Authentic Member
393 posts

Posted 25 March 2014 - 02:53 PM

What about this. ADW deleted it......Don't know anyone with ignitials JS......Remember I asked if someone is connecting to my PC....I don't us Mozilla Firefox. I have in the past but not anymore.....It loads a ton of cookies on your machine.

File Deleted : C:\Program Files\Mozilla Firefox\user.js

#63 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 25 March 2014 - 04:44 PM

I'm not seeing anything in your install log that looks like a driver updating program to me. What is it called? Is it called Driver Update?

What folders are you seeing in your root directory that you are questioning?

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#64 Lewg

Silver Member

Authentic Member
393 posts

Posted 26 March 2014 - 07:21 AM

It's called "Driver Update" and it pops up a window often for me to update. I don't of course....I plan on dumping it......Also I see in the root directory the text logs like combofix.txt and other text like Delfix. txt, Trace.txt, etc., I can dump those. Not sure about this Avenger directory....Some search protector program that was added some way while I was following you directions. I am dumping it also. Machine seems to be doing much better now....I got back my multi media keys on my keyboard. I had to d/load a new driver that was corrupted or erased some way.

#65 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 March 2014 - 08:18 AM

Please run me a new set of DDS logs just like you did clear back in post #3.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#66 Lewg

Silver Member

Authentic Member
393 posts

Posted 26 March 2014 - 08:49 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Lew at 10:48:29 on 2014-03-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.544 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe
C:\Program Files\Mega Browse\updateMegaBrowse.exe
C:\Program Files\Mega Browse\bin\FilterApp_C.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://%20msn.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Mega Browse: {4e6cd411-ce62-4584-97ff-6afbcf6900af} - c:\program files\mega browse\MegaBrowsebho.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KBD] c:\hp\kbd\KBD.EXE
StartupFolder: c:\docume~1\lew\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347465718176
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347978180406
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2E5072BA-3DCD-43F1-A347-7B3E0450AF88} : DHCPNameServer = 192.168.1.254
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
AppInit_DLLs= c:\progra~1\optimi~1\optpro~1.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-7-10 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-7-10 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-10 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-10 410784]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-3-25 55232]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-7-10 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-10 50344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-11-24 1103392]
R2 Update Mega Browse;Update Mega Browse;c:\program files\mega browse\updateMegaBrowse.exe [2014-3-24 348448]
R2 Util Mega Browse;Util Mega Browse;c:\program files\mega browse\bin\utilMegaBrowse.exe [2014-3-25 348448]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-24 168384]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-24 1369624]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2014-3-25 13464]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-12-29 11520]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
.
=============== Created Last 30 ================
.
2014-03-25 20:28:15 -------- d-----w- C:\AdwCleaner
2014-03-25 16:38:57 55232 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-03-25 15:13:31 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-25 15:13:26 -------- d-----w- c:\program files\common files\Symantec Shared
2014-03-25 15:13:23 -------- d-----w- c:\documents and settings\lew\local settings\application data\SlimWare Utilities Inc
2014-03-25 15:13:08 -------- d-----w- c:\windows\system32\drivers\nss\0400010.010
2014-03-25 15:13:08 -------- d-----w- c:\windows\system32\drivers\NSS
2014-03-25 15:13:08 -------- d-----w- c:\program files\Norton Security Scan
2014-03-25 15:13:06 -------- d-----w- c:\documents and settings\all users\application data\Norton
2014-03-25 15:13:04 -------- d-----w- c:\documents and settings\lew\local settings\application data\Downloaded Installers
2014-03-25 15:13:03 -------- d-----w- c:\program files\NortonInstaller
2014-03-25 15:13:03 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2014-03-25 15:11:51 -------- d-----w- c:\program files\Mega Browse
2014-03-25 00:37:26 128000 ----a-w- c:\program files\uninstall information\79\3683\uninstall.exe
2014-03-23 15:51:30 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-23 15:51:30 13312 ------w- c:\windows\system32\xp_eos.exe
.
==================== Find3M ====================
.
2014-03-11 18:27:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 18:27:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ------w- c:\windows\system32\html.iec
2014-02-07 21:36:14 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-07 21:35:48 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 21:35:47 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-07 11:40:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-07 11:40:49 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-04 15:50:34 231048 ----a-w- c:\windows\system32\SigCheck.exe
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 10:48:53.31 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2012 6:15:23 PM
System Uptime: 3/25/2014 5:48:24 PM (17 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon™ 64 Processor 3800+ | Socket 939 | 2405/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 451.193 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Service: NVENETFD
.
==== System Restore Points ===================
.
RP19: 3/23/2014 12:35:35 PM - System Checkpoint
RP20: 3/24/2014 12:42:06 PM - System Checkpoint
RP21: 3/25/2014 1:05:27 PM - System Checkpoint
RP22: 3/26/2014 9:38:12 AM - Removed DriverUpdate
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Apple Application Support
Apple Software Update
avast! Ad Blocker
avast! Free Antivirus
Bing Bar
Bing Rewards Client Installer
CCleaner
Chinese Traditional Fonts Support For Adobe Reader X
Compatibility Pack for the 2007 Office system
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
DIRECTV Player
Enhanced Multimedia Keyboard Solution
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
Internet Explorer (Enable DEP)
iSEEK AnswerWorks English Runtime
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Mega Browse
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
NVIDIA Drivers
Quicken 2012
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SketchUp 8
Spell Checker For OE 2.1
Spotify
Spybot - Search & Destroy
TaxACT 2012 - 1040 Edition
TaxACT 2012 Georgia
TaxACT 2013 - 1040 Edition
TaxACT 2013 Georgia
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WD SES Driver Setup
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
3/26/2014 9:38:15 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/25/2014 4:30:59 PM, error: Service Control Manager [7031] - The Util Mega Browse service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/25/2014 4:30:58 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:58 PM, error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/25/2014 4:30:57 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:57 PM, error: Service Control Manager [7034] - The Optimizer Pro Crash Monitor service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:57 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:57 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:57 PM, error: Service Control Manager [7031] - The Update Mega Browse service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/23/2014 9:39:15 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/22/2014 9:22:04 AM, error: Service Control Manager [7034] - The SAS Core Service service terminated unexpectedly. It has done this 2 time(s).
3/22/2014 9:15:56 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/19/2014 6:15:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
3/19/2014 6:15:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
3/19/2014 6:15:43 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#67 Lewg

Silver Member

Authentic Member
393 posts

Posted 26 March 2014 - 08:53 AM

I forgot to mention there is a Norton Scan software on my machine now......Since I use Avast virus program, I guess I should dump it also...Not sure when it was added. Sometime during your instructions.....

#68 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 March 2014 - 11:31 AM

I see Norton on there. It was installed yesterday along with some program called Slimware Utilities that appears to be some sort of a driver updater. It may be what you are seeing as Driver Update. Also installed yesterday was some adware laced program called Mega Browse and another one called Optimizer Pro. Mega Browse seems to have hooked itself in several areas. All of these seem to have been installed between the time you ran JRT and the time you ran AdwCleaner. AdwCleaner got parts of them... but not all.

Not important, but it also appears that the last time your system updated, our friends at Microsoft put a little program on there that will tell you that Microsoft is ending support for XP on April 8. It appears that this will pop up a little window every time you restart your computer. There should be a little box in the popup that says "Don't show this message again". Hopefully, putting a check in that box will stop the nagging.

Oh... by the way, I missed a question you asked yesterday and didn't answer it. You asked about C:\Program Files\Mozilla Firefox\user.js. The .js stands for Javascript, not a users name. It is the file where user preferences are modified in FireFox. It was probably set by a rogue program because it was deleted for not being associated with a user profile. There is a good chance that it would have redirected searchs.

I believe you already ran Delfix so most of the tools have been removed. Please download ComboFix again, and then we will run a script to remove those programs.

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

DDS::BHO: Mega Browse: {4e6cd411-ce62-4584-97ff-6afbcf6900af} - c:\program files\mega browse\MegaBrowsebho.dll

AppInit_DLLs= c:\progra~1\optimi~1\optpro~1.dll

R2 Update Mega Browse;Update Mega Browse;c:\program files\mega browse\updateMegaBrowse.exe [2014-3-24 348448]

R2 Util Mega Browse;Util Mega Browse;c:\program files\mega browse\bin\utilMegaBrowse.exe [2014-3-25 348448]

2014-03-25 16:38:57 55232 ----a-w- c:\windows\system32\drivers\tStLibG.sys

2014-03-25 15:13:31 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2014-03-25 15:13:26 -------- d-----w- c:\program files\common files\Symantec Shared

2014-03-25 15:13:23 -------- d-----w- c:\documents and settings\lew\local settings\application data\SlimWare Utilities Inc

2014-03-25 15:13:08 -------- d-----w- c:\windows\system32\drivers\nss\0400010.010

2014-03-25 15:13:08 -------- d-----w- c:\windows\system32\drivers\NSS

2014-03-25 15:13:08 -------- d-----w- c:\program files\Norton Security Scan

2014-03-25 15:13:06 -------- d-----w- c:\documents and settings\all users\application data\Norton

2014-03-25 15:13:04 -------- d-----w- c:\documents and settings\lew\local settings\application data\Downloaded Installers

2014-03-25 15:13:03 -------- d-----w- c:\program files\NortonInstaller

2014-03-25 15:13:03 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2014-03-25 15:11:51 -------- d-----w- c:\program files\Mega Browse

File::

c:\windows\system32\drivers\tStLibG.sysc:\windows\system32\drivers\SWDUMon.sys

Folder::

c:\program files\mega browsec:\documents and settings\lew\local settings\application data\SlimWare Utilities Inc

Registry::



Driver::

Update Mega BrowseUtil Mega Browse

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#69 Lewg

Silver Member

Authentic Member
393 posts

Posted 26 March 2014 - 01:05 PM

I hope I did this right. I went back to a earlier post where you posted a site to d/load combofix....Not sure if that's Combofix Script.

With the CFScript.txt file on my desktop. I drug the text file into the Combofix icon and selected run....This is the log it created. I don't think what I did was correct.....

#70 Lewg

Silver Member

Authentic Member
393 posts

Posted 26 March 2014 - 01:06 PM

ComboFix 14-03-24.01 - Lew 03/26/2014 14:48:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.554 [GMT -4:00]
Running from: c:\documents and settings\Lew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lew\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\drivers\tStLibG.sysc:\windows\system32\drivers\SWDUMon.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-26 to 2014-03-26 )))))))))))))))))))))))))))))))
.
.
2014-03-25 21:51 . 2014-03-25 21:51 -------- d-----w- c:\windows\LastGood
2014-03-25 20:28 . 2014-03-25 20:31 -------- d-----w- C:\AdwCleaner
2014-03-25 16:38 . 2014-03-25 16:38 55232 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-03-25 15:13 . 2014-03-26 11:27 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-25 15:13 . 2014-03-25 15:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\windows\system32\drivers\NSS
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\program files\Norton Security Scan
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\documents and settings\Lew\Local Settings\Application Data\Downloaded Installers
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\program files\NortonInstaller
2014-03-25 15:11 . 2014-03-25 20:33 -------- d-----w- c:\program files\Mega Browse
2014-03-25 00:37 . 2014-03-25 00:37 128000 ----a-w- c:\program files\Uninstall Information\79\3683\uninstall.exe
2014-03-23 15:51 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-23 15:51 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 18:27 . 2012-09-12 18:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 18:27 . 2012-09-12 18:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-24 11:46 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-07 21:36 . 2013-07-10 14:57 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-07 21:35 . 2013-07-10 14:57 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-07 21:35 . 2013-07-10 14:57 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-07 21:35 . 2013-07-10 14:57 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 21:35 . 2013-07-10 14:57 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-07 21:35 . 2013-07-10 14:57 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-07 21:35 . 2013-07-10 14:56 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 02:01 . 2006-02-28 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-02-28 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-07 11:40 . 2013-07-10 14:57 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 11:40 . 2013-07-10 14:57 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-04 15:50 . 2014-01-04 15:50 231048 ----a-w- c:\windows\system32\SigCheck.exe
2014-01-04 03:13 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-07 21:35 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-07 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
.
c:\documents and settings\Lew\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2013-7-7 46432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-05-09 19:50 7311360 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-05-09 19:50 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-11-07 23:39 4752384 ----a-w- c:\documents and settings\Lew\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-11-07 23:39 1140736 ----a-w- c:\documents and settings\Lew\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 19:07 3713032 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-07 17:55 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PCShowServer"="c:\documents and settings\Lew\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"RTHDCPL"=RTHDCPL.EXE
"nwiz"=nwiz.exe /install
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Lew\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Lew\\Local Settings\\temp\\2eat48h\\CloudBackupSetup"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7/10/2013 10:57 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7/10/2013 10:57 AM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/10/2013 10:57 AM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/10/2013 10:57 AM 410784]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [3/25/2014 12:38 PM 55232]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [7/10/2013 10:57 AM 67824]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/24/2012 3:32 PM 1103392]
R2 Update Mega Browse;Update Mega Browse;c:\program files\Mega Browse\updateMegaBrowse.exe [3/24/2014 2:53 PM 348448]
R2 Util Mega Browse;Util Mega Browse;c:\program files\Mega Browse\bin\utilMegaBrowse.exe [3/25/2014 12:08 PM 348448]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [12/16/2013 8:34 PM 247968]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [12/16/2013 8:34 PM 193696]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/24/2012 3:32 PM 168384]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/24/2012 3:32 PM 1369624]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [3/25/2014 11:13 AM 13464]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/29/2012 12:50 PM 11520]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 15:04 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 18:27]
.
2014-03-26 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-10 21:35]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-10 14:57]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-10 14:57]
.
2014-03-26 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-23 01:59]
.
2014-03-23 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-23 01:59]
.
2014-03-26 c:\windows\Tasks\Norton Security Scan for Lew.job
- c:\progra~1\NORTON~2\Engine\401~1.16\Nss.exe [2014-03-25 12:59]
.
2014-03-26 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-26 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-24 19:07]
.
2014-03-24 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-24 19:07]
.
2014-03-26 c:\windows\Tasks\User_Feed_Synchronization-{90A41A15-AAF1-4707-8558-2318913D9F39}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://%20msn.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-26 14:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(9512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2014-03-26 14:54:29
ComboFix-quarantined-files.txt 2014-03-26 18:54
.
Pre-Run: 484,239,900,672 bytes free
Post-Run: 484,381,806,592 bytes free
.
- - End Of File - - 00D81F10081BC891B324599BD4FFF911
8F558EB6672622401DA993E1E865C861

Advertisements

Register to Remove

#71 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 March 2014 - 04:03 PM

It tried to work... but not quite. I missed that the forum software scrambled the script again. Let's try one more time:

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


DDS::
BHO: Mega Browse: {4e6cd411-ce62-4584-97ff-6afbcf6900af} - c:\program files\mega browse\MegaBrowsebho.dll
AppInit_DLLs= c:\progra~1\optimi~1\optpro~1.dll
R2 Update Mega Browse;Update Mega Browse;c:\program files\mega browse\updateMegaBrowse.exe [2014-3-24 348448]
R2 Util Mega Browse;Util Mega Browse;c:\program files\mega browse\bin\utilMegaBrowse.exe [2014-3-25 348448]
2014-03-25 16:38:57 55232 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-03-25 15:13:31 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-25 15:13:26 -------- d-----w- c:\program files\common files\Symantec Shared
2014-03-25 15:13:23 -------- d-----w- c:\documents and settings\lew\local settings\application data\SlimWare Utilities Inc
2014-03-25 15:13:08 -------- d-----w- c:\windows\system32\drivers\nss\0400010.010
2014-03-25 15:13:08 -------- d-----w- c:\windows\system32\drivers\NSS
2014-03-25 15:13:08 -------- d-----w- c:\program files\Norton Security Scan
2014-03-25 15:13:06 -------- d-----w- c:\documents and settings\all users\application data\Norton
2014-03-25 15:13:04 -------- d-----w- c:\documents and settings\lew\local settings\application data\Downloaded Installers
2014-03-25 15:13:03 -------- d-----w- c:\program files\NortonInstaller
2014-03-25 15:13:03 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2014-03-25 15:11:51 -------- d-----w- c:\program files\Mega Browse

File::
c:\windows\system32\drivers\tStLibG.sys
c:\windows\system32\drivers\SWDUMon.sys

Folder::
c:\program files\mega browsec:\documents and settings\lew\local settings\application data\SlimWare Utilities Inc

Registry::

Driver::
Update Mega Browse
Util Mega Browse

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#72 Lewg

Silver Member

Authentic Member
393 posts

Posted 26 March 2014 - 05:28 PM

I am smarter that the average Bear, however I don't think I am doing this right since I don't have the code box to paste in the script file.

#73 Lewg

Silver Member

Authentic Member
393 posts

Posted 26 March 2014 - 06:35 PM

ComboFix 14-03-24.01 - Lew 03/26/2014 20:06:38.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.358 [GMT -4:00]
Running from: c:\documents and settings\Lew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lew\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\drivers\SWDUMon.sys"
"c:\windows\system32\drivers\tStLibG.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\mega browse\MegaBrowsebho.dll
c:\windows\system32\drivers\SWDUMon.sys
c:\windows\system32\drivers\tStLibG.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UPDATE_MEGA_BROWSE
-------\Legacy_UTIL_MEGA_BROWSE
-------\Service_Update Mega Browse
-------\Service_Util Mega Browse
-------\Legacy_tStLibG
-------\Service_SWDUMon
-------\Service_tStLibG
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-27 to 2014-03-27 )))))))))))))))))))))))))))))))
.
.
2014-03-25 20:28 . 2014-03-25 20:31 -------- d-----w- C:\AdwCleaner
2014-03-25 15:13 . 2014-03-25 15:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\windows\system32\drivers\NSS
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\program files\Norton Security Scan
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\documents and settings\Lew\Local Settings\Application Data\Downloaded Installers
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\program files\NortonInstaller
2014-03-25 15:11 . 2014-03-27 00:11 -------- d-----w- c:\program files\Mega Browse
2014-03-25 00:37 . 2014-03-25 00:37 128000 ----a-w- c:\program files\Uninstall Information\79\3683\uninstall.exe
2014-03-23 15:51 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-23 15:51 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 18:27 . 2012-09-12 18:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 18:27 . 2012-09-12 18:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-24 11:46 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-07 21:36 . 2013-07-10 14:57 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-07 21:35 . 2013-07-10 14:57 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-07 21:35 . 2013-07-10 14:57 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-07 21:35 . 2013-07-10 14:57 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 21:35 . 2013-07-10 14:57 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-07 21:35 . 2013-07-10 14:57 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-07 21:35 . 2013-07-10 14:56 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 02:01 . 2006-02-28 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-02-28 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-07 11:40 . 2013-07-10 14:57 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 11:40 . 2013-07-10 14:57 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-04 15:50 . 2014-01-04 15:50 231048 ----a-w- c:\windows\system32\SigCheck.exe
2014-01-04 03:13 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-07 21:35 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-07 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
.
c:\documents and settings\Lew\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2013-7-7 46432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-05-09 19:50 7311360 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-05-09 19:50 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-11-07 23:39 4752384 ----a-w- c:\documents and settings\Lew\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-11-07 23:39 1140736 ----a-w- c:\documents and settings\Lew\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 19:07 3713032 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-07 17:55 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PCShowServer"="c:\documents and settings\Lew\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"RTHDCPL"=RTHDCPL.EXE
"nwiz"=nwiz.exe /install
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Lew\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Lew\\Local Settings\\temp\\2eat48h\\CloudBackupSetup"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7/10/2013 10:57 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7/10/2013 10:57 AM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/10/2013 10:57 AM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/10/2013 10:57 AM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [7/10/2013 10:57 AM 67824]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/24/2012 3:32 PM 1103392]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [3/11/2014 11:36 PM 193696]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/24/2012 3:32 PM 168384]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [3/11/2014 11:36 PM 247968]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/24/2012 3:32 PM 1369624]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/29/2012 12:50 PM 11520]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 15:04 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 18:27]
.
2014-03-26 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-10 21:35]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-10 14:57]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-10 14:57]
.
2014-03-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-23 01:59]
.
2014-03-23 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-23 01:59]
.
2014-03-26 c:\windows\Tasks\Norton Security Scan for Lew.job
- c:\progra~1\NORTON~2\Engine\401~1.16\Nss.exe [2014-03-25 12:59]
.
2014-03-27 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-27 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-24 19:07]
.
2014-03-24 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-24 19:07]
.
2014-03-26 c:\windows\Tasks\User_Feed_Synchronization-{90A41A15-AAF1-4707-8558-2318913D9F39}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://%20msn.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-26 20:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2014-03-26 20:32:27 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-27 00:32
ComboFix2.txt 2014-03-26 18:54
.
Pre-Run: 484,425,748,480 bytes free
Post-Run: 484,331,335,680 bytes free
.
- - End Of File - - 97B74DF1C1BFE3E652A1897005833D32
8F558EB6672622401DA993E1E865C861

#74 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 March 2014 - 07:16 PM

Hmm... that only partially worked... and I'm not sure why.

One more try and then we'll do it differently.

By the way... the code box is the box in the middle that start with File:: and ends with registry::

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::

Folder::
c:\program files\Common Files\Symantec Shared
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc
c:\windows\system32\drivers\NSS
c:\program files\Norton Security Scan
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\Lew\Local Settings\Application Data\Downloaded Installers
c:\program files\NortonInstaller
c:\program files\Mega Browse

registry::

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#75 Lewg

Silver Member

Authentic Member
393 posts

Posted 26 March 2014 - 09:52 PM

ComboFix 14-03-24.01 - Lew 03/26/2014 22:41:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.528 [GMT -4:00]
Running from: c:\documents and settings\Lew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lew\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\isolate.ini
c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Module9000.txt
c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_4.0.1.16\Connections\connectn.dat
c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_4.0.1.16\diMaster\eula.dat
c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_4.0.1.16\diMaster\service.dat
c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_4.0.1.16\itbLUReg\{65190544-26C3-43a4-A78A-694964901607}.dat
c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_4.0.1.16\itbLUReg\{6E3396BD-C6A6-4f0f-9254-267F9058FEC4}.dat
c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_4.0.1.16\itbLUReg\{D4F4CC32-7A41-4684-AE57-41E59E9B4503}.dat
c:\documents and settings\Lew\Local Settings\Application Data\Downloaded Installers
c:\documents and settings\Lew\Local Settings\Application Data\Downloaded Installers\{6BA22B54-13A0-4157-AB04-6F268237C08E}\setup.msi
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\ignores.dat
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\Images\acer.png
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\Logs\2014-03-25 11-13-29 0.log
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\Logs\2014-03-25 16-33-47 0.log
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\Logs\2014-03-25 17-09-33 0.log
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\Logs\2014-03-25 17-30-04 0.log
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\Logs\2014-03-25 17-51-29 0.log
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\Logs\2014-03-25 18-33-06 0.log
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\Logs\2014-03-26 07-27-01 0.log
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\rupdates.db
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\settings.db
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\supdates.db
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf
c:\documents and settings\Lew\Local Settings\Application Data\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\catalog.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\cceraser.dll
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\cur.scr
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\ecmsvr32.dll
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\ERASER.grd
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\ERASER.sig
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\ERASER.spm
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\eraser.sys
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\esrdef.bin
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\g_1_flt.idx
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\g_1_idx.idx
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\g_2_flt.idx
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\g_2_idx.idx
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\gcrc_nv.idx
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\gcrc_v.idx
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\hh
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\naveng.sys
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\naveng32.dll
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\navex15.sys
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\navex32a.dll
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\ncsacert.txt
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\scrauth.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\symaveng.cat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\symaveng.inf
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\SymErase.cat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\SymErase.inf
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tcdefs.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tcscan7.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tcscan8.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tcscan9.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\technote.txt
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tinf.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tinfidx.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tinfl.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\troj_nv.idx
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\troj_v.idx
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tscan1.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\tscan1hd.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\v.grd
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\v.sig
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan.inf
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan1.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan2.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan3.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan4.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan5.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan6.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan7.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan8.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscan9.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscana.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\virscant.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\whatsnew.TXT
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\20140325.001\zdone.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\definfo.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\newdefs-trigger\trigger.dat
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\umcat_01.db
c:\program files\Common Files\Symantec Shared\SymcData\VirusDefs-2.5-E\usage.dat
c:\program files\Mega Browse
c:\program files\Mega Browse\7za.exe
c:\program files\Mega Browse\bin\FilterApp_C.exe
c:\program files\Mega Browse\bin\plugins\MegaBrowse.Bromon.dll
c:\program files\Mega Browse\bin\plugins\MegaBrowse.BrowserAdapterS.dll
c:\program files\Mega Browse\bin\plugins\MegaBrowse.FFUpdate.dll
c:\program files\Mega Browse\bin\plugins\MegaBrowse.PurBrowseG.dll
c:\program files\Mega Browse\bin\utilMegaBrowse.exe
c:\program files\Mega Browse\bin\utilMegaBrowse.InstallState
c:\program files\Mega Browse\MegaBrowse.ico
c:\program files\Mega Browse\MegaBrowseUninstall.exe
c:\program files\Mega Browse\updateMegaBrowse.exe
c:\program files\Mega Browse\updateMegaBrowse.InstallState
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\Engine\4.0.1.16\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files\Norton Security Scan\Engine\4.0.1.16\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\program files\Norton Security Scan\Engine\4.0.1.16\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\program files\Norton Security Scan\Engine\4.0.1.16\BilBDRes.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\ccL120U.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\ccScanw.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\ccVrTrst.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\Config.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\DefUtDCD.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\diFVal.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\diLueCbk.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\ecmldr32.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\help.htm
c:\program files\Norton Security Scan\Engine\4.0.1.16\InstWrap.exe
c:\program files\Norton Security Scan\Engine\4.0.1.16\InstWRes.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\msl.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\msvcp100.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\msvcr100.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\NPIWrap.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\Nss.exe
c:\program files\Norton Security Scan\Engine\4.0.1.16\NssMetro.exe
c:\program files\Norton Security Scan\Engine\4.0.1.16\patch25d.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\pePIDyn.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\pePIRes.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\ReputationCacheDB.db
c:\program files\Norton Security Scan\Engine\4.0.1.16\RevList.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\SAUpdt.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\ScanCore.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\ScanRes.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\ScanText.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\SKU.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\SKURes.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\SymCCIS.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\SymCCISE.exe
c:\program files\Norton Security Scan\Engine\4.0.1.16\SymDltCl.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\SymHTML.dll
c:\program files\Norton Security Scan\Engine\4.0.1.16\SymInstallStub.exe
c:\program files\Norton Security Scan\isolate.ini
c:\program files\NortonInstaller
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\09\01\InsBrand.loc
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\09\01\InsMUI.loc
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\ccL120U.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\ccSet.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\Engine.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\extract.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\fallback.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\finalzed.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\Images\InsImage.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\install.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\Install.mft
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\InstStub.exe
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\InstUI.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\layout.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\msvcp100.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\msvcr100.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\ProdCbk.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1.16\SKU.dll
c:\windows\system32\drivers\NSS
c:\windows\system32\drivers\NSS\0400010.010\isolate.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-27 to 2014-03-27 )))))))))))))))))))))))))))))))
.
.
2014-03-25 20:28 . 2014-03-25 20:31 -------- d-----w- C:\AdwCleaner
2014-03-25 15:13 . 2014-03-25 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2014-03-25 00:37 . 2014-03-25 00:37 128000 ----a-w- c:\program files\Uninstall Information\79\3683\uninstall.exe
2014-03-23 15:51 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-23 15:51 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 18:27 . 2012-09-12 18:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 18:27 . 2012-09-12 18:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-24 11:46 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-07 21:36 . 2013-07-10 14:57 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-07 21:35 . 2013-07-10 14:57 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-07 21:35 . 2013-07-10 14:57 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-07 21:35 . 2013-07-10 14:57 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 21:35 . 2013-07-10 14:57 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-07 21:35 . 2013-07-10 14:57 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-07 21:35 . 2013-07-10 14:56 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 02:01 . 2006-02-28 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-02-28 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-07 11:40 . 2013-07-10 14:57 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 11:40 . 2013-07-10 14:57 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-04 15:50 . 2014-01-04 15:50 231048 ----a-w- c:\windows\system32\SigCheck.exe
2014-01-04 03:13 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-07 21:35 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-07 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
.
c:\documents and settings\Lew\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2013-7-7 46432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-05-09 19:50 7311360 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-05-09 19:50 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-11-07 23:39 4752384 ----a-w- c:\documents and settings\Lew\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-11-07 23:39 1140736 ----a-w- c:\documents and settings\Lew\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 19:07 3713032 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-07 17:55 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PCShowServer"="c:\documents and settings\Lew\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"RTHDCPL"=RTHDCPL.EXE
"nwiz"=nwiz.exe /install
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Lew\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Lew\\Local Settings\\temp\\2eat48h\\CloudBackupSetup"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7/10/2013 10:57 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7/10/2013 10:57 AM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/10/2013 10:57 AM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/10/2013 10:57 AM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [7/10/2013 10:57 AM 67824]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/24/2012 3:32 PM 1103392]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [3/11/2014 11:36 PM 193696]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/24/2012 3:32 PM 168384]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [3/11/2014 11:36 PM 247968]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/24/2012 3:32 PM 1369624]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/29/2012 12:50 PM 11520]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 15:04 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 18:27]
.
2014-03-26 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-27 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-26 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-10 21:35]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-10 14:57]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-10 14:57]
.
2014-03-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-23 01:59]
.
2014-03-23 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-23 01:59]
.
2014-03-27 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-27 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-24 19:07]
.
2014-03-24 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-24 19:07]
.
2014-03-26 c:\windows\Tasks\User_Feed_Synchronization-{90A41A15-AAF1-4707-8558-2318913D9F39}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://%20msn.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mega Browse - c:\program files\Mega Browse\MegaBrowseuninstall.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\4.0.1.16\InstWrap.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-26 22:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-26 22:48:49
ComboFix-quarantined-files.txt 2014-03-27 02:48
ComboFix2.txt 2014-03-27 00:32
ComboFix3.txt 2014-03-26 18:54
.
Pre-Run: 484,328,370,176 bytes free
Post-Run: 484,257,030,144 bytes free
.
- - End Of File - - 1D72148AEF377FA228DA7F691E3BDEB9
8F558EB6672622401DA993E1E865C861

Body Background

skin color theme

Log FIle Look OK [Solved]

#61 Lewg

Advertisements

Register to Remove

#62 Lewg

#63 Tomk

#64 Lewg

#65 Tomk

#66 Lewg

#67 Lewg

#68 Tomk

#69 Lewg

#70 Lewg

Advertisements

Register to Remove

#71 Tomk

#72 Lewg

#73 Lewg

#74 Tomk

#75 Lewg

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Log FIle Look OK [Solved]

#61 Lewg

Advertisements Register to Remove

#62 Lewg

#63 Tomk

#64 Lewg

#65 Tomk

#66 Lewg

#67 Lewg

#68 Tomk

#69 Lewg

#70 Lewg

Advertisements Register to Remove

#71 Tomk

#72 Lewg

#73 Lewg

#74 Tomk

#75 Lewg

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove