Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Baseline - HJT - for Malware www.safehomepage.com [Solved]


  • This topic is locked This topic is locked
61 replies to this topic

#1 dconant1

dconant1

    Silver Member

  • Authentic Member
  • PipPipPip
  • 281 posts

Posted 03 November 2014 - 02:47 PM

I have run HJT for help deleting safehomepage.com.  I have lots of unwanted ads pop up on every page and slowed computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:55 PM, on 11/3/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Netsmart\Helper\Helper.exe
C:\program files\Internet Explorer\iexplore.exe
C:\program files\Internet Explorer\iexplore.exe
C:\program files\Internet Explorer\iexplore.exe
C:\program files\Internet Explorer\iexplore.exe
C:\program files\Internet Explorer\iexplore.exe
C:\program files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.roadrunner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14189;https=127.0.0.1:14189
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: FineDealSoft - {89087395-9944-4742-bb31-d8c65afc6049} - C:\Documents and Settings\All Users\Application Data\FineDealSoft\FyugZjFhteiDyn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN31I9QJ9305RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [DriverUpdate] "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: Monitor Ink Alerts - .lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1364233578453
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: c:\progra~1\suppor~1\suppor~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8103 bytes


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 November 2014 - 01:19 PM

:welcome:

 

Your operating system is very out of date, XP has gone the way of windows 95 and 98, no more windows updates to help keep you secure, I would recommend upgrading the system to Windows 7 or start thinking about purchasing a new computer, some other forums wont even help removing malware on a XP machine because they know its vulnerable to attacks. When you go online I would not do any online banking or purchases using a credit card

 

 

You have a lot more going on then just SafeHomePage, also Hijackthis is not used much any more so let me see some logs from our current scanners and we can go from there

 

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
    You will need the 32 bit version of FRST
     

    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 06 November 2014 - 09:23 AM

    Still with me ??



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #4 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 06 November 2014 - 12:51 PM

    I have to "fight" through screen after screen of malware to even get back to you.  I think it's going to be extremely difficult to complete everything I would need to do. I .. reluctantly ... will purchase a new computer.  I thank you very much.



    #5 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 06 November 2014 - 08:21 PM

    Open Hijackthis and do a System Scan Only, checkmark these items and and select Remove Selected

     

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14189;https=127.0.0.1:14189
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
    O4 - HKCU\..\Run: [DriverUpdate] "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot
    O20 - AppInit_DLLs: c:\progra~1\suppor~1\suppor~1.dll
     
     
    Lets see if this calms your system down so you can run the tools I posted


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 09 November 2014 - 02:56 PM

    Did you get my notification that i posted, look at the above post and see if it will calm things down a bit so we can proceed with the cleaning



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 09 November 2014 - 03:52 PM

    I finally got through once again and see you've given me some simple actions to try.  I'll try them and re-post later.  Thank you.



    #8 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 09:41 AM

    I ran the HJT scan and deleted the various items (4) that you suggested above.  It doesn't appear to have calmed my machine down but I'll start in on trying to go through your instructions from Nov 4th given above this post. 



    #9 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 09:48 AM

    Here is the logfile:

    aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
    Run date: 2014-11-10 10:43:32
    -----------------------------
    10:43:32.984    OS Version: Windows 5.1.2600 Service Pack 3
    10:43:32.984    Number of processors: 2 586 0xF0D
    10:43:32.984    ComputerName: DCXPLAPTOP  UserName: Dick
    10:43:33.812    Initialize success
    10:43:34.781    VM: initialized successfully
    10:43:34.796    VM: Intel CPU virtualization not supported
    10:46:44.984    AVAST engine defs: 14111001
    10:47:02.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
    10:47:02.656    Disk 0 Vendor: TOSHIBA_MK8037GSX DL240D Size: 76319MB BusType: 3
    10:47:02.843    Disk 0 MBR read successfully
    10:47:02.843    Disk 0 MBR scan
    10:47:02.937    Disk 0 Windows XP default MBR code
    10:47:02.937    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63
    10:47:02.937    Disk 0 unknown boot code
    10:47:02.953    Disk 0 statistics 269/0/0 @ 0.76 MB/s
    10:47:02.953    Scan finished successfully
    10:47:28.953    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dick\Desktop\MBR.dat"
    10:47:28.953    The log file has been saved successfully to "C:\Documents and Settings\Dick\Desktop\aswMBR logfile1.txt"
     



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 November 2014 - 10:07 AM

    Good, aswMBR checks for a rootkit and no rootkit was found



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 10:22 AM

    • Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
      Ran by Dick (administrator) on DCXPLAPTOP on 10-11-2014 11:15:26
      Running from C:\Documents and Settings\Dick\Desktop
      Loaded Profile: Dick (Available profiles: Dick)
      Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
      Internet Explorer Version 8
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      () C:\Program Files\Canon\IJPLM\ijplmsvc.exe
      (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
      (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      () C:\WINDOWS\system32\WLTRYSVC.EXE
      (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
      (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
      (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
      (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
      (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Microsoft Corporation) C:\WINDOWS\vVX3000.exe
      (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
      (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
      (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
      (j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
      (j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GTray.exe
      (Wisdom Software Inc. ) C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe

      ==================== Registry (Whitelisted) ==================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2007-10-26] (Synaptics, Inc.)
      HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\System32\WLTRAY.exe [2220032 2008-06-02] (Dell Inc.)
      HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
      HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
      HKLM\...\Run: [] => [X]
      HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [757248 2009-06-26] (Microsoft Corporation)
      HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
      HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
      HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
      HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [eFax 4.4] => C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
      Startup: C:\Documents and Settings\Dick\Start Menu\Programs\Startup\eFax 4.4.lnk
      ShortcutTarget: eFax 4.4.lnk -> C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
      Startup: C:\Documents and Settings\Dick\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
      ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
      CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189
      HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.roadrunner.com/
      SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
      BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
      BHO: FineDealSoft -> {89087395-9944-4742-bb31-d8c65afc6049} -> C:\Documents and Settings\All Users\Application Data\FineDealSoft\FyugZjFhteiDyn.dll ()
      BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
      BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
      Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
      Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
      Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
      Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
      DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1363811102093
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1364233578453
      Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

      FireFox:
      ========
      FF ProfilePath: C:\Documents and Settings\Dick\Application Data\Mozilla\Firefox\Profiles\vhocdbrb.default-1398966883750
      FF DefaultSearchEngine: istart123
      FF SelectedSearchEngine: istart123
      FF Homepage: https://www.oanda.com
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
      FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
      FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
      FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
      FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
      FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dick\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
      FF Extension: RankChecker - C:\Documents and Settings\Dick\Application Data\Mozilla\Firefox\Profiles\vhocdbrb.default-1398966883750\Extensions\rankchecker@seobook.com.xpi [2014-05-01]
      FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-18]
      FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-18]
      FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-25]

      Chrome:
      =======
      CHR dev: Chrome dev build detected! <======= ATTENTION
      CHR Profile: C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default
      CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-29]
      CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

      ========================== Services (Whitelisted) =================

      (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

      S2 035d80ae; c:\Documents and Settings\All Users\Application Data\Performance Optimizer\PerformanceOptimizerSvc.dll [186192 2014-10-13] () [File not signed]
      R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
      R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-18] (Oracle Corporation)
      R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
      R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
      R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1961984 2008-06-02] (Dell Inc.) [File not signed]

      ==================== Drivers (Whitelisted) ====================

      (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

      R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2008-06-02] (Broadcom Corporation)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
      S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [38400 2009-10-12] (Samsung Electronics Co., Ltd.) [File not signed]
      R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
      R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
      R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
      R1 MpKslf8d3b8a3; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8157D37D-24EA-41FD-9D08-2E3AC71ABDBD}\MpKslf8d3b8a3.sys [39464 2014-11-10] (Microsoft Corporation)
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
      R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
      S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-11-05] ()
      S4 IntelIde; No ImagePath
      U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
      S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
      U3 aswMBR; \??\C:\DOCUME~1\Dick\LOCALS~1\Temp\aswMBR.sys [X]
      U3 aswVmm; \??\C:\DOCUME~1\Dick\LOCALS~1\Temp\aswVmm.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

      ==================== One Month Created Files and Folders ========

      (If an entry is included in the fixlist, the file\folder will be moved.)

      2014-11-10 11:12 - 2014-11-10 11:14 - 00016218 _____ () C:\Documents and Settings\Dick\Desktop\Addition.txt
      2014-11-10 11:10 - 2014-11-10 11:16 - 00013084 _____ () C:\Documents and Settings\Dick\Desktop\FRST.txt
      2014-11-10 11:07 - 2014-11-10 11:15 - 00000000 ____D () C:\FRST
      2014-11-10 11:06 - 2014-11-10 11:07 - 01107968 _____ (Farbar) C:\Documents and Settings\Dick\Desktop\FRST.exe
      2014-11-10 10:47 - 2014-11-10 10:47 - 00000512 _____ () C:\Documents and Settings\Dick\Desktop\MBR.dat
      2014-11-10 10:43 - 2014-11-10 10:43 - 05194752 _____ (AVAST Software) C:\Documents and Settings\Dick\Desktop\aswMBR.exe
      2014-11-05 16:49 - 2014-11-05 16:49 - 00000000 ____D () C:\WINDOWS\LastGood
      2014-11-03 15:42 - 2014-11-03 15:42 - 00812344 _____ (Trend Micro Inc.) C:\Documents and Settings\Dick\Desktop\HJTInstall.exe
      2014-11-03 15:42 - 2014-11-03 15:42 - 00001734 _____ () C:\Documents and Settings\Dick\Desktop\HijackThis.lnk
      2014-11-03 15:42 - 2014-11-03 15:42 - 00000000 ____D () C:\Program Files\Trend Micro
      2014-11-03 15:42 - 2014-11-03 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
      2014-10-27 12:58 - 2014-10-27 12:58 - 00000004 _____ () C:\Documents and Settings\Dick\Application Data\appdataFr2.bin
      2014-10-27 11:05 - 2014-10-27 11:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FineDealSoft
      2014-10-27 10:50 - 2014-10-27 11:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\saveron
      2014-10-20 07:43 - 2014-10-20 07:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SaveItCoupons
      2014-10-20 07:35 - 2014-10-20 07:35 - 00000075 _____ () C:\WINDOWS\setupact.log
      2014-10-20 07:35 - 2014-10-20 07:35 - 00000000 _____ () C:\WINDOWS\setuperr.log
      2014-10-16 11:42 - 2014-10-16 11:42 - 00001695 _____ () C:\Documents and Settings\Dick\My Documents\TempDatazz01.tmp
      2014-10-15 12:47 - 2014-10-15 12:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
      2014-10-13 17:44 - 2014-10-15 12:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\websavvEr
      2014-10-13 09:32 - 2014-10-27 11:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Performance Optimizer

      ==================== One Month Modified Files and Folders =======

      (If an entry is included in the fixlist, the file\folder will be moved.)

      2014-11-10 11:16 - 2013-03-20 05:49 - 00000000 ____D () C:\Documents and Settings\Dick\Local Settings\Temp
      2014-11-10 11:05 - 2013-07-17 07:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
      2014-11-10 10:35 - 2013-04-18 09:45 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
      2014-11-10 10:12 - 2013-03-26 15:25 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
      2014-11-10 10:10 - 2013-03-27 10:58 - 00000784 _____ () C:\WINDOWS\QUICKEN.INI
      2014-11-10 10:10 - 2013-03-27 10:58 - 00000000 ____D () C:\QUICKENW
      2014-11-10 09:49 - 2014-02-16 15:28 - 01852500 _____ () C:\WINDOWS\WindowsUpdate.log
      2014-11-10 09:43 - 2013-03-20 05:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
      2014-11-10 09:33 - 2013-03-20 20:37 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{88655CA4-56D8-4316-878D-4654ACF85231}.job
      2014-11-06 17:14 - 2014-09-11 09:53 - 00042496 _____ () C:\Documents and Settings\Dick\My Documents\Contractor Draws.xls
      2014-11-06 15:48 - 2013-03-26 15:25 - 00002477 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
      2014-11-06 15:21 - 2014-02-16 21:51 - 00000341 _____ () C:\WINDOWS\wiadebug.log
      2014-11-06 11:35 - 2013-04-18 09:45 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
      2014-11-05 16:50 - 2013-03-19 16:42 - 00559994 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
      2014-11-05 16:49 - 2014-10-08 13:32 - 00019629 _____ () C:\WINDOWS\setupapi.log
      2014-11-05 16:49 - 2014-05-05 13:16 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
      2014-11-05 16:49 - 2014-04-07 09:29 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
      2014-11-05 16:49 - 2014-03-13 09:01 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2014-11-05 16:42 - 2013-10-10 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
      2014-11-05 16:39 - 2014-02-16 21:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
      2014-11-05 16:39 - 2013-03-20 05:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
      2014-11-05 16:39 - 2002-09-03 12:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
      2014-11-03 20:05 - 2014-02-16 21:51 - 00032438 _____ () C:\WINDOWS\SchedLgU.Txt
      2014-11-03 20:05 - 2013-03-20 05:49 - 00000178 ___SH () C:\Documents and Settings\Dick\ntuser.ini
      2014-11-03 20:05 - 2013-03-20 05:49 - 00000000 ____D () C:\Documents and Settings\Dick
      2014-11-03 14:10 - 2014-02-17 11:22 - 00000000 ____D () C:\Documents and Settings\Dick\My Documents\eFax Messenger 4.4
      2014-10-30 09:50 - 2014-10-09 18:09 - 00007720 _____ () C:\WINDOWS\KB2964358-IE8.log
      2014-10-30 09:50 - 2014-10-09 18:08 - 00007371 _____ () C:\WINDOWS\KB2936068-IE8.log
      2014-10-30 06:24 - 2013-03-26 15:44 - 00229000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
      2014-10-27 13:34 - 2013-03-20 05:49 - 00001599 _____ () C:\Documents and Settings\Dick\Start Menu\Programs\Remote Assistance.lnk
      2014-10-27 13:29 - 2013-03-20 05:43 - 00001599 ____C () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
      2014-10-27 13:29 - 2013-03-20 05:43 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
      2014-10-27 13:29 - 2013-03-20 05:43 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
      2014-10-27 11:40 - 2013-03-27 12:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
      2014-10-27 11:40 - 2013-03-27 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
      2014-10-27 11:39 - 2014-08-20 09:24 - 00000000 ____D () C:\Documents and Settings\Dick\Local Settings\Application Data\Adobe
      2014-10-27 11:33 - 2013-03-25 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958470$
      2014-10-27 11:11 - 2014-10-08 13:21 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
      2014-10-27 11:05 - 2014-07-21 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\9905c60754384a29
      2014-10-27 10:57 - 2014-07-23 16:19 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
      2014-10-27 10:57 - 2014-07-23 16:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
      2014-10-27 10:57 - 2014-07-23 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
      2014-10-27 10:57 - 2014-07-23 14:21 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
      2014-10-27 10:45 - 2013-04-15 13:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
      2014-10-23 19:09 - 2013-10-10 18:18 - 00237318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-920026266-839522115-1004-0.dat
      2014-10-23 19:09 - 2013-10-10 18:18 - 00128478 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
      2014-10-16 17:26 - 2013-07-20 13:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
      2014-10-16 17:18 - 2013-03-25 13:35 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2014-10-15 16:33 - 2013-12-16 14:39 - 00000000 ____D () C:\Program Files\MetaTrader - AxiTrader
      2014-10-15 12:48 - 2014-08-18 09:55 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
      2014-10-15 12:48 - 2014-08-18 09:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
      2014-10-15 12:47 - 2013-06-24 10:44 - 00000000 ____D () C:\Program Files\Java
      2014-10-15 12:42 - 2014-03-30 17:07 - 03155304 _____ (MetaQuotes Software Corp.) C:\WINDOWS\system32\MetaViewer.dll

      Some content of TEMP:
      ====================
      C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a606ae01.exe

      ==================== Bamital & volsnap Check =================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      ==================== End Of Log ============================



    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 November 2014 - 10:37 AM

    Dont forget the additions log, its important that I see that.  While I am looking over your logs run this quick program

     

    Download MiniToolBox and save it to your desktop,  right click on it and select RUN AS ADMINISTRATOR
     
    Checkmark the following boxes:
  • Flush DNS 
  • Reset IE Proxy Settings 
  •  
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 10:40 AM

    I don't believe the addition.txt file is included in the above log file.  I couldn't find it so I went back to FRST deselected everything except the addtion.txt and ran another scan.  Do you want to see that log?



    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 November 2014 - 10:44 AM

    Run MiniToolBox so we can reset your proxy, then look at this picture and checkmark accordingly and post both logs please

     

     
    FRST_zps5d956a1a.jpg


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 10:49 AM

    MiniToolBox by Farbar  Version: 21-07-2014
    Ran by Dick (administrator) on 10-11-2014 at 11:49:15
    Running from "C:\Documents and Settings\Dick\Desktop"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

     

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189

    **** End of log ****


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users