WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Baseline - HJT - for Malware www.safehomepage.com [Solved]

Started by dconant1 , Nov 03 2014 02:47 PM

This topic is locked

61 replies to this topic

#16 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 November 2014 - 10:57 AM

ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189 <-- Did you set and use this proxy ??

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#17 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 11:03 AM

here is the addition log:

dditional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Dick at 2014-11-10 11:52:16
Running from C:\Documents and Settings\Dick\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon MX450 series On-screen Manual (HKLM\...\Canon MX450 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX450 series User Registration (HKLM\...\Canon MX450 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Currency Strength Meter (HKLM\...\{70426F51-BA53-49FE-99B4-FC1EE138C4FF}) (Version: 3.0.6 - Newsprofiteer)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.)
DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
DTT (HKLM\...\DTT) (Version: - )
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
FineDealSoft (HKLM\...\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}) (Version: - finedeal) <==== ATTENTION
GetTheDiscount (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - GetTheDiscount) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Helper 7.6.3 (HKLM\...\Helper_is1) (Version: 7.6.3 - Netsmart Technologies)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MetaTrader - AxiTrader (HKLM\...\Nial Fuller NY Charts) (Version: 4.00 - MetaQuotes Software Corp.)
MetaTrader 4 (HKLM\...\MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OANDA - MetaTrader (HKLM\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
Performance Optimizer (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{35d80ae}) (Version: - Linker Ltd) <==== ATTENTION
Quicken 2001 Basic (HKLM\...\Quicken 2001 Basic) (Version: - )
S.A.R.A. (HKLM\...\S.A.R.A.) (Version: - )
saveron (HKLM\...\{66951628-3E5A-9C96-37EA-490E187974D5}) (Version: - "")
ScottradeELITE 2013 (HKLM\...\{10F03169-B313-4758-A0A2-E3A5CF2AB039}) (Version: 5.1.4.0 - Scottrader)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-220523388-920026266-839522115-1004_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points =========================

11-08-2014 14:38:49 System Checkpoint
11-08-2014 16:12:57 Software Distribution Service 3.0
11-08-2014 21:23:38 Restore Operation
13-08-2014 16:27:52 System Checkpoint
14-08-2014 21:17:25 System Checkpoint
18-08-2014 14:22:56 Software Distribution Service 3.0
18-08-2014 14:53:59 Removed Java 7 Update 25
18-08-2014 14:54:34 Installed Java 7 Update 67
18-08-2014 22:02:38 Software Distribution Service 3.0
20-08-2014 14:14:55 Software Distribution Service 3.0
20-08-2014 14:48:27 Installed Microsoft Office Word Viewer 2003
20-08-2014 14:52:30 Installed Compatibility Pack for the 2007 Office system
21-08-2014 20:30:32 Software Distribution Service 3.0
21-08-2014 21:24:36 Software Distribution Service 3.0
25-08-2014 14:27:19 Software Distribution Service 3.0
25-08-2014 23:54:01 Software Distribution Service 3.0
27-08-2014 15:04:32 Software Distribution Service 3.0
28-08-2014 18:02:12 Software Distribution Service 3.0
01-09-2014 15:12:59 System Checkpoint
01-09-2014 17:13:53 Software Distribution Service 3.0
01-09-2014 19:17:13 Software Distribution Service 3.0
03-09-2014 15:57:01 Software Distribution Service 3.0
04-09-2014 19:50:25 Software Distribution Service 3.0
08-09-2014 14:35:52 Software Distribution Service 3.0
10-09-2014 15:18:28 Software Distribution Service 3.0
11-09-2014 16:17:48 System Checkpoint
11-09-2014 23:05:19 Software Distribution Service 3.0
15-09-2014 13:41:03 Software Distribution Service 3.0
17-09-2014 15:40:36 Software Distribution Service 3.0
18-09-2014 18:55:18 Software Distribution Service 3.0
22-09-2014 14:36:44 Software Distribution Service 3.0
24-09-2014 14:24:39 Software Distribution Service 3.0
25-09-2014 15:23:49 Software Distribution Service 3.0
29-09-2014 14:42:24 Software Distribution Service 3.0
02-10-2014 14:25:43 Software Distribution Service 3.0
06-10-2014 14:09:20 Software Distribution Service 3.0
08-10-2014 14:28:16 Software Distribution Service 3.0
09-10-2014 17:31:50 Software Distribution Service 3.0
09-10-2014 23:08:27 Software Distribution Service 3.0
13-10-2014 14:42:25 Software Distribution Service 3.0
15-10-2014 14:32:08 Software Distribution Service 3.0
16-10-2014 19:26:53 System Checkpoint
16-10-2014 22:18:20 Software Distribution Service 3.0
20-10-2014 12:44:07 Software Distribution Service 3.0
22-10-2014 15:07:58 Software Distribution Service 3.0
23-10-2014 16:21:56 Software Distribution Service 3.0
27-10-2014 15:32:11 Software Distribution Service 3.0
29-10-2014 16:46:03 Software Distribution Service 3.0
30-10-2014 14:49:03 Software Distribution Service 3.0
03-11-2014 15:42:31 Software Distribution Service 3.0
05-11-2014 22:14:23 System Checkpoint
06-11-2014 15:52:34 Software Distribution Service 3.0
10-11-2014 14:41:51 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-10-27 13:19 - 2014-10-27 13:19 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => C:\WINDOWS\vVX3000.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{88655CA4-56D8-4316-878D-4654ACF85231}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 15:14 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-03-20 06:08 - 2008-06-02 11:42 - 00024064 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-03-20 06:08 - 2008-06-02 11:42 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2013-03-20 06:08 - 2008-06-02 11:42 - 00143360 _____ () C:\WINDOWS\System32\preflib.dll
2014-10-27 11:05 - 2014-10-27 11:05 - 00640512 _____ () C:\Documents and Settings\All Users\Application Data\FineDealSoft\FyugZjFhteiDyn.dll
2002-09-03 11:30 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2002-09-03 11:44 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss\Billminder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk => C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Administrator (S-1-5-21-220523388-920026266-839522115-500 - Administrator - Enabled)
Dick (S-1-5-21-220523388-920026266-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dick
Guest (S-1-5-21-220523388-920026266-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-220523388-920026266-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-220523388-920026266-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 11:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0004487f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/10/2014 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 9.11.2014.1, faulting module frst.exe, version 9.11.2014.1, fault address 0x0001f09e.
Processing media-specific event for [frst.exe!ws!]

Error: (11/10/2014 11:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/10/2014 10:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/06/2014 11:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/06/2014 10:43:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 37.0.2062.124, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/05/2014 04:49:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

Error: (11/03/2014 10:54:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/29/2014 01:41:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/29/2014 01:40:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (11/10/2014 09:43:07 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/10/2014 09:43:06 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/10/2014 09:38:34 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/06/2014 10:53:25 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/06/2014 10:53:24 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/06/2014 10:50:44 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/05/2014 04:50:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.187.1190.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/05/2014 04:49:31 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/05/2014 04:49:22 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/05/2014 04:39:24 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Microsoft Office Sessions:
=========================
Error: (11/10/2014 11:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.60550004487f

Error: (11/10/2014 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe9.11.2014.1frst.exe9.11.2014.10001f09e

Error: (11/10/2014 11:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/10/2014 10:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/06/2014 11:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/06/2014 10:43:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe37.0.2062.124hungapp0.0.0.000000000

Error: (11/05/2014 04:49:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (11/03/2014 10:54:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (10/29/2014 01:41:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (10/29/2014 01:40:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 30%
Total physical RAM: 3573.97 MB
Available physical RAM: 2496.64 MB
Total Pagefile: 5456.4 MB
Available Pagefile: 4557.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:58.33 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:3.76 GB) (Free:2.33 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================

#18 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 11:08 AM

I'm sorry ... I have no idea what you mean by did I set and use that proxy.

#19 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 11:12 AM

You asked me to run the Mini Tool Box and post the scan from that ... here it is:

MiniToolBox by Farbar Version: 21-07-2014
Ran by Dick (administrator) on 10-11-2014 at 11:49:15
Running from "C:\Documents and Settings\Dick\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189

**** End of log ****

#20 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 November 2014 - 11:33 AM

Lets run these programs in order and see how far we can get

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware to your desktop.

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#21 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 12:45 PM

# AdwCleaner v4.101 - Report created 10/11/2014 at 13:36:45
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dick - DCXPLAPTOP
# Running from : C:\Documents and Settings\Dick\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Performance Optimizer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SaveItCoupons
Folder Deleted : C:\Documents and Settings\All Users\Application Data\saveron
Folder Deleted : C:\Documents and Settings\All Users\Application Data\websavvEr
Folder Deleted : C:\Documents and Settings\All Users\Application Data\9905c60754384a29
Folder Deleted : C:\Program Files\focusbase
Folder Deleted : C:\Program Files\HELPER
Folder Deleted : C:\Program Files\supporter
Folder Deleted : C:\Documents and Settings\Dick\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Dick\My Documents\Optimizer Pro
[!] Folder Deleted : C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Dick\Application Data\Mozilla\Firefox\Profiles\o7l6dj0b.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Documents and Settings\Dick\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Documents and Settings\Dick\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Documents and Settings\Dick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Documents and Settings\Dick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{6379FCD0-09FD-BBB5-64BF-4FF436D5BF53}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{35d80ae}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpdateFiles
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66951628-3E5A-9C96-37EA-490E187974D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{66951628-3E5A-9C96-37EA-490E187974D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v31.0 (x86 en-US)

[vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "istart123");
[vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "istart123");
[vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("extensions.5VwZn5QA0NnB4DDa.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("extensions.JIgxtadJu.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumoro[...]
[vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("extensions.WKFv.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.ne[...]
[vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("extensions.xRnUR0ytr0KOkRhE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]

-\\ Google Chrome v37.0.2062.124

[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1405957103&from=amt&uid=TOSHIBAXMK8037GSX_X7UGT9VJTXXX7UGT9VJT&q={searchTerms}
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_34_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyB0Ezy0FtA0A0C0CyCtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0F0AtCyEyB0DyBtGzztA0D0AtGtAzztDyCtG0A0E0AzztGyE0B0EyDtBzyyC0C0BzzzztA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0DzzyCzztA0D0AtGtBtD0F0DtGyEyEyE0AtG0AzzyBtCtGzztB0BtAyEtAtA0C0E0B0D0B2Q&cr=1548125825&ir=
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1405957103&from=amt&uid=TOSHIBAXMK8037GSX_X7UGT9VJTXXX7UGT9VJT&q={searchTerms}
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1405957103&from=amt&uid=TOSHIBAXMK8037GSX_X7UGT9VJTXXX7UGT9VJT&q={searchTerms}
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://wordpress.org/search/do-search.php?search={searchTerms}
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
[C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl

*************************

AdwCleaner[R0].txt - [7005 octets] - [11/08/2014 16:18:11]
AdwCleaner[R1].txt - [8322 octets] - [10/11/2014 13:26:10]
AdwCleaner[S0].txt - [9193 octets] - [10/11/2014 13:36:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9253 octets] ##########

#22 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 12:58 PM

unkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Microsoft Windows XP x86
Ran by Dick on Mon 11/10/2014 at 13:47:28.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERUPDATE.EXE-0A02E128.pf

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Dick\Local Settings\Application Data\driverhound"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/10/2014 at 13:57:01.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#23 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 04:01 PM

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/10/2014

Scan Time: 2:00:08 PM

Logfile:

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.11.10.08

Rootkit Database: v2014.11.10.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Dick

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 292462

Time Elapsed: 24 min, 42 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 8

PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{89087395-9944-4742-bb31-d8c65afc6049}, , [e040e357f18bff373c0e6e509869629e],

PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{89087395-9944-4742-BB31-D8C65AFC6049}, , [e040e357f18bff373c0e6e509869629e],

PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\finedeal.finedeal, , [e040e357f18bff373c0e6e509869629e],

PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\finedeal.finedeal.9, , [e040e357f18bff373c0e6e509869629e],

PUP.Optional.MultiPlug, HKU\S-1-5-21-220523388-920026266-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{89087395-9944-4742-BB31-D8C65AFC6049}, , [e040e357f18bff373c0e6e509869629e],

PUP.Optional.MultiPlug, HKU\S-1-5-21-220523388-920026266-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{89087395-9944-4742-BB31-D8C65AFC6049}, , [e040e357f18bff373c0e6e509869629e],

PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89087395-9944-4742-BB31-D8C65AFC6049}, , [e040e357f18bff373c0e6e509869629e],

PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{89087395-9944-4742-BB31-D8C65AFC6049}\INPROCSERVER32, , [e040e357f18bff373c0e6e509869629e],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 4

PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\FineDealSoft\FyugZjFhteiDyn.dll, , [e040e357f18bff373c0e6e509869629e],

PUP.Optional.IBryte, C:\Documents and Settings\Dick\My Documents\Downloads\setup (1).exe, , [948cc07a08740d2975b4cb15966b49b7],

PUP.Optional.IBryte, C:\Documents and Settings\Dick\My Documents\Downloads\setup (2).exe, , [dd430d2d0b7159dd72b7944cba47dd23],

PUP.Optional.IBryte, C:\Documents and Settings\Dick\My Documents\Downloads\setup (3).exe, , [879902387309989e45e4419f5da46898],

Physical Sectors: 0

(No malicious items detected)

(end)

#24 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 November 2014 - 04:09 PM

Great, run a new scan with FRST, checkmark Additions and post both logs

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#25 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 04:14 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Dick at 2014-11-10 17:13:15
Running from C:\Documents and Settings\Dick\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon MX450 series On-screen Manual (HKLM\...\Canon MX450 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX450 series User Registration (HKLM\...\Canon MX450 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Currency Strength Meter (HKLM\...\{70426F51-BA53-49FE-99B4-FC1EE138C4FF}) (Version: 3.0.6 - Newsprofiteer)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.)
DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
DTT (HKLM\...\DTT) (Version: - )
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
FineDealSoft (HKLM\...\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}) (Version: - finedeal) <==== ATTENTION
GetTheDiscount (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - GetTheDiscount) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Helper 7.6.3 (HKLM\...\Helper_is1) (Version: 7.6.3 - Netsmart Technologies)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MetaTrader - AxiTrader (HKLM\...\Nial Fuller NY Charts) (Version: 4.00 - MetaQuotes Software Corp.)
MetaTrader 4 (HKLM\...\MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OANDA - MetaTrader (HKLM\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
Quicken 2001 Basic (HKLM\...\Quicken 2001 Basic) (Version: - )
S.A.R.A. (HKLM\...\S.A.R.A.) (Version: - )
ScottradeELITE 2013 (HKLM\...\{10F03169-B313-4758-A0A2-E3A5CF2AB039}) (Version: 5.1.4.0 - Scottrader)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-220523388-920026266-839522115-1004_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points =========================

11-08-2014 21:23:38 Restore Operation
13-08-2014 16:27:52 System Checkpoint
14-08-2014 21:17:25 System Checkpoint
18-08-2014 14:22:56 Software Distribution Service 3.0
18-08-2014 14:53:59 Removed Java 7 Update 25
18-08-2014 14:54:34 Installed Java 7 Update 67
18-08-2014 22:02:38 Software Distribution Service 3.0
20-08-2014 14:14:55 Software Distribution Service 3.0
20-08-2014 14:48:27 Installed Microsoft Office Word Viewer 2003
20-08-2014 14:52:30 Installed Compatibility Pack for the 2007 Office system
21-08-2014 20:30:32 Software Distribution Service 3.0
21-08-2014 21:24:36 Software Distribution Service 3.0
25-08-2014 14:27:19 Software Distribution Service 3.0
25-08-2014 23:54:01 Software Distribution Service 3.0
27-08-2014 15:04:32 Software Distribution Service 3.0
28-08-2014 18:02:12 Software Distribution Service 3.0
01-09-2014 15:12:59 System Checkpoint
01-09-2014 17:13:53 Software Distribution Service 3.0
01-09-2014 19:17:13 Software Distribution Service 3.0
03-09-2014 15:57:01 Software Distribution Service 3.0
04-09-2014 19:50:25 Software Distribution Service 3.0
08-09-2014 14:35:52 Software Distribution Service 3.0
10-09-2014 15:18:28 Software Distribution Service 3.0
11-09-2014 16:17:48 System Checkpoint
11-09-2014 23:05:19 Software Distribution Service 3.0
15-09-2014 13:41:03 Software Distribution Service 3.0
17-09-2014 15:40:36 Software Distribution Service 3.0
18-09-2014 18:55:18 Software Distribution Service 3.0
22-09-2014 14:36:44 Software Distribution Service 3.0
24-09-2014 14:24:39 Software Distribution Service 3.0
25-09-2014 15:23:49 Software Distribution Service 3.0
29-09-2014 14:42:24 Software Distribution Service 3.0
02-10-2014 14:25:43 Software Distribution Service 3.0
06-10-2014 14:09:20 Software Distribution Service 3.0
08-10-2014 14:28:16 Software Distribution Service 3.0
09-10-2014 17:31:50 Software Distribution Service 3.0
09-10-2014 23:08:27 Software Distribution Service 3.0
13-10-2014 14:42:25 Software Distribution Service 3.0
15-10-2014 14:32:08 Software Distribution Service 3.0
16-10-2014 19:26:53 System Checkpoint
16-10-2014 22:18:20 Software Distribution Service 3.0
20-10-2014 12:44:07 Software Distribution Service 3.0
22-10-2014 15:07:58 Software Distribution Service 3.0
23-10-2014 16:21:56 Software Distribution Service 3.0
27-10-2014 15:32:11 Software Distribution Service 3.0
29-10-2014 16:46:03 Software Distribution Service 3.0
30-10-2014 14:49:03 Software Distribution Service 3.0
03-11-2014 15:42:31 Software Distribution Service 3.0
05-11-2014 22:14:23 System Checkpoint
06-11-2014 15:52:34 Software Distribution Service 3.0
10-11-2014 14:41:51 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-10-27 13:19 - 2014-10-27 13:19 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => C:\WINDOWS\vVX3000.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{88655CA4-56D8-4316-878D-4654ACF85231}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 15:14 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-03-20 06:08 - 2008-06-02 11:42 - 00024064 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-03-20 06:08 - 2008-06-02 11:42 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2013-03-20 06:08 - 2008-06-02 11:42 - 00143360 _____ () C:\WINDOWS\System32\preflib.dll
2014-08-18 10:45 - 2014-08-18 10:46 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 16825520 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
2002-09-03 11:30 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2002-09-03 11:44 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-09-25 10:41 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 10:41 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 10:41 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 10:41 - 2014-09-22 23:07 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss\Billminder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk => C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Administrator (S-1-5-21-220523388-920026266-839522115-500 - Administrator - Enabled)
Dick (S-1-5-21-220523388-920026266-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dick
Guest (S-1-5-21-220523388-920026266-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-220523388-920026266-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-220523388-920026266-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 01:28:21 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.11104.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/10/2014 01:22:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/10/2014 00:23:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/10/2014 11:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0004487f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/10/2014 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 9.11.2014.1, faulting module frst.exe, version 9.11.2014.1, fault address 0x0001f09e.
Processing media-specific event for [frst.exe!ws!]

Error: (11/10/2014 11:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/10/2014 10:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/06/2014 11:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/06/2014 10:43:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 37.0.2062.124, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/05/2014 04:49:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

System errors:
=============
Error: (11/10/2014 05:13:45 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/10/2014 05:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/10/2014 05:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (11/10/2014 05:04:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Performance Optimizer service to connect.

Error: (11/10/2014 05:03:47 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/10/2014 05:03:44 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (11/10/2014 01:48:42 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/10/2014 01:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/10/2014 01:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (11/10/2014 01:39:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Performance Optimizer service to connect.

Microsoft Office Sessions:
=========================
Error: (11/10/2014 01:28:21 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.11104.0mpengine0unspecifiedNILNILNIL

Error: (11/10/2014 01:22:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/10/2014 00:23:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/10/2014 11:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.60550004487f

Error: (11/10/2014 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe9.11.2014.1frst.exe9.11.2014.10001f09e

Error: (11/10/2014 11:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/10/2014 10:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/06/2014 11:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/06/2014 10:43:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe37.0.2062.124hungapp0.0.0.000000000

Error: (11/05/2014 04:49:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 24%
Total physical RAM: 3573.97 MB
Available physical RAM: 2688.31 MB
Total Pagefile: 5456.35 MB
Available Pagefile: 4656.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:58.34 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:3.76 GB) (Free:2.33 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================

Advertisements

Register to Remove

#26 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 November 2014 - 04:34 PM

Need to see the Original FRST log please, you just posted Additons

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#27 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 06:21 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Dick (administrator) on DCXPLAPTOP on 10-11-2014 19:19:27
Running from C:\Documents and Settings\Dick\Desktop
Loaded Profile: Dick (Available profiles: Dick)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
(j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GTray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\System32\WLTRAY.exe [2220032 2008-06-02] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [eFax 4.4] => C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
Startup: C:\Documents and Settings\Dick\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Documents and Settings\Dick\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.roadrunner.com/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1363811102093
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1364233578453
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dick\Application Data\Mozilla\Firefox\Profiles\vhocdbrb.default-1398966883750
FF Homepage: https://www.oanda.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dick\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-25]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-11-10]
CHR Extension: (No Name) - C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-11-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-18] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1961984 2008-06-02] (Dell Inc.) [File not signed]
S2 035d80ae; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\applic~1\perfor~1\PerformanceOptimizerSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2008-06-02] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [38400 2009-10-12] (Samsung Electronics Co., Ltd.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-11-05] ()
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 13:57 - 2014-11-10 13:57 - 00000780 _____ () C:\Documents and Settings\Dick\Desktop\JRT.txt
2014-11-10 13:47 - 2014-11-10 13:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-10 11:47 - 2014-11-10 12:24 - 00000651 _____ () C:\Documents and Settings\Dick\Desktop\Result.txt
2014-11-10 11:46 - 2014-11-10 11:46 - 00401920 _____ (Farbar) C:\Documents and Settings\Dick\Desktop\MiniToolBox.exe
2014-11-10 11:26 - 2014-11-10 11:27 - 00000400 _____ () C:\Documents and Settings\Dick\Desktop\Search.txt
2014-11-10 11:12 - 2014-11-10 17:13 - 00024788 _____ () C:\Documents and Settings\Dick\Desktop\Addition.txt
2014-11-10 11:10 - 2014-11-10 19:20 - 00012793 _____ () C:\Documents and Settings\Dick\Desktop\FRST.txt
2014-11-10 11:07 - 2014-11-10 19:19 - 00000000 ____D () C:\FRST
2014-11-10 11:06 - 2014-11-10 11:07 - 01107968 _____ (Farbar) C:\Documents and Settings\Dick\Desktop\FRST.exe
2014-11-10 10:47 - 2014-11-10 10:47 - 00000512 _____ () C:\Documents and Settings\Dick\Desktop\MBR.dat
2014-11-10 10:43 - 2014-11-10 10:43 - 05194752 _____ (AVAST Software) C:\Documents and Settings\Dick\Desktop\aswMBR.exe
2014-11-03 15:42 - 2014-11-03 15:42 - 00812344 _____ (Trend Micro Inc.) C:\Documents and Settings\Dick\Desktop\HJTInstall.exe
2014-11-03 15:42 - 2014-11-03 15:42 - 00001734 _____ () C:\Documents and Settings\Dick\Desktop\HijackThis.lnk
2014-11-03 15:42 - 2014-11-03 15:42 - 00000000 ____D () C:\Program Files\Trend Micro
2014-11-03 15:42 - 2014-11-03 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
2014-10-27 12:58 - 2014-10-27 12:58 - 00000004 _____ () C:\Documents and Settings\Dick\Application Data\appdataFr2.bin
2014-10-27 11:05 - 2014-11-10 17:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FineDealSoft
2014-10-20 07:35 - 2014-10-20 07:35 - 00000075 _____ () C:\WINDOWS\setupact.log
2014-10-20 07:35 - 2014-10-20 07:35 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-16 11:42 - 2014-10-16 11:42 - 00001695 _____ () C:\Documents and Settings\Dick\My Documents\TempDatazz01.tmp
2014-10-15 12:47 - 2014-10-15 12:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 19:19 - 2013-03-20 05:49 - 00000000 ____D () C:\Documents and Settings\Dick\Local Settings\Temp
2014-11-10 19:05 - 2013-07-17 07:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-10 18:02 - 2014-08-18 10:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 17:35 - 2014-02-16 21:51 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-10 17:35 - 2013-04-18 09:45 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 17:13 - 2014-04-07 09:29 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-11-10 17:08 - 2013-03-19 16:42 - 00559994 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-10 17:06 - 2014-02-16 15:28 - 01867313 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-10 17:04 - 2014-03-13 09:01 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-10 17:04 - 2014-02-16 21:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-10 17:04 - 2014-02-16 21:51 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-10 17:04 - 2013-04-18 09:45 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 17:03 - 2013-10-10 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2883150$
2014-11-10 17:03 - 2013-03-20 05:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-10 17:02 - 2013-03-20 05:49 - 00000178 ___SH () C:\Documents and Settings\Dick\ntuser.ini
2014-11-10 17:02 - 2013-03-20 05:49 - 00000000 ____D () C:\Documents and Settings\Dick
2014-11-10 17:00 - 2013-03-26 15:25 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-11-10 13:59 - 2014-07-23 14:21 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-11-10 13:37 - 2014-08-11 16:16 - 00000000 ____D () C:\AdwCleaner
2014-11-10 13:37 - 2013-04-18 09:46 - 00000917 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-11-10 13:37 - 2013-04-18 09:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-11-10 13:37 - 2013-04-15 13:11 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-10 13:37 - 2013-04-15 13:11 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-11-10 13:37 - 2013-03-20 05:49 - 00000743 _____ () C:\Documents and Settings\Dick\Start Menu\Programs\Internet Explorer.lnk
2014-11-10 11:30 - 2013-03-20 05:43 - 00000000 ____D () C:\DELL
2014-11-10 10:10 - 2013-03-27 10:58 - 00000784 _____ () C:\WINDOWS\QUICKEN.INI
2014-11-10 10:10 - 2013-03-27 10:58 - 00000000 ____D () C:\QUICKENW
2014-11-10 09:43 - 2013-03-20 05:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-11-10 09:33 - 2013-03-20 20:37 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{88655CA4-56D8-4316-878D-4654ACF85231}.job
2014-11-06 17:14 - 2014-09-11 09:53 - 00042496 _____ () C:\Documents and Settings\Dick\My Documents\Contractor Draws.xls
2014-11-06 15:48 - 2013-03-26 15:25 - 00002477 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2014-11-05 16:49 - 2014-10-08 13:32 - 00019629 _____ () C:\WINDOWS\setupapi.log
2014-11-05 16:49 - 2014-05-05 13:16 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-11-05 16:42 - 2013-10-10 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-11-05 16:39 - 2002-09-03 12:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-03 14:10 - 2014-02-17 11:22 - 00000000 ____D () C:\Documents and Settings\Dick\My Documents\eFax Messenger 4.4
2014-10-30 09:50 - 2014-10-09 18:09 - 00007720 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-10-30 09:50 - 2014-10-09 18:08 - 00007371 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-10-30 06:24 - 2013-03-26 15:44 - 00229000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-27 13:34 - 2013-03-20 05:49 - 00001599 _____ () C:\Documents and Settings\Dick\Start Menu\Programs\Remote Assistance.lnk
2014-10-27 13:29 - 2013-03-20 05:43 - 00001599 ____C () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-10-27 13:29 - 2013-03-20 05:43 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-10-27 13:29 - 2013-03-20 05:43 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-10-27 11:40 - 2013-03-27 12:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-27 11:40 - 2013-03-27 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-27 11:39 - 2014-08-20 09:24 - 00000000 ____D () C:\Documents and Settings\Dick\Local Settings\Application Data\Adobe
2014-10-27 11:33 - 2013-03-25 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958470$
2014-10-27 11:11 - 2014-10-08 13:21 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-10-27 10:57 - 2014-07-23 16:19 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 10:57 - 2014-07-23 16:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 10:57 - 2014-07-23 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 10:45 - 2013-04-15 13:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-23 19:09 - 2013-10-10 18:18 - 00237318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-920026266-839522115-1004-0.dat
2014-10-23 19:09 - 2013-10-10 18:18 - 00128478 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-10-16 17:26 - 2013-07-20 13:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 17:18 - 2013-03-25 13:35 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-15 16:33 - 2013-12-16 14:39 - 00000000 ____D () C:\Program Files\MetaTrader - AxiTrader
2014-10-15 12:48 - 2014-08-18 09:55 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-15 12:48 - 2014-08-18 09:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-15 12:47 - 2013-06-24 10:44 - 00000000 ____D () C:\Program Files\Java
2014-10-15 12:42 - 2014-03-30 17:07 - 03155304 _____ (MetaQuotes Software Corp.) C:\WINDOWS\system32\MetaViewer.dll

Some content of TEMP:
====================
C:\Documents and Settings\Dick\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Dick\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a606ae01.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#28 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 November 2014 - 06:49 PM

Open notepad (Start --> All Programs --> Accessories --> Notepad).

Please copy the entire contents of the code box below.

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.

You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

Start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 035d80ae; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\applic~1\perfor~1\PerformanceOptimizerSvc.dll",service
c:\docume~1\alluse~1\applic~1\perfor~1
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Then run a new scan with FRST, checkmark Additions and post new logs please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#29 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 07:03 PM

So I have the info above ... beginning with START; finishing up with END saved in Notepad. I'm trying to figure out how to save this next to FRST. Not quite sure.

I have done a search of FRST through the C:/ drive and came up with a list of files. I would choose the FRST application file (size 1082 KB). Is that correct with I click on that file and paste the contents in my notebook file in FRST application file?

#30 dconant1

Silver Member

Authentic Member
284 posts

Posted 10 November 2014 - 07:07 PM

I've noticed something else. When I use the COPY command in notebook then go the the FRST application file in the C:/drive and right click ... I cannot see a paste command. When I left click on FRST on my desktop, then right click ... I cannot see a paste command. So I'm not sure how to paste the contents above next to FRST.

Body Background

skin color theme

Baseline - HJT - for Malware www.safehomepage.com [Solved]

#16 ken545

Advertisements

Register to Remove

#17 dconant1

#18 dconant1

#19 dconant1

#20 ken545

#21 dconant1

#22 dconant1

#23 dconant1

#24 ken545

#25 dconant1

Advertisements

Register to Remove

#26 ken545

#27 dconant1

#28 ken545

#29 dconant1

#30 dconant1

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Baseline - HJT - for Malware www.safehomepage.com [Solved]

#16 ken545

Advertisements Register to Remove

#17 dconant1

#18 dconant1

#19 dconant1

#20 ken545

#21 dconant1

#22 dconant1

#23 dconant1

#24 ken545

#25 dconant1

Advertisements Register to Remove

#26 ken545

#27 dconant1

#28 ken545

#29 dconant1

#30 dconant1

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove