Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Baseline - HJT - for Malware www.safehomepage.com [Solved]


  • This topic is locked This topic is locked
61 replies to this topic

#16 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 November 2014 - 10:57 AM

ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189   <-- Did you set and use this proxy ??



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#17 dconant1

dconant1

    Silver Member

  • Authentic Member
  • PipPipPip
  • 281 posts

Posted 10 November 2014 - 11:03 AM

here is the addition log:

dditional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Dick at 2014-11-10 11:52:16
Running from C:\Documents and Settings\Dick\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon MX450 series On-screen Manual (HKLM\...\Canon MX450 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX450 series User Registration (HKLM\...\Canon MX450 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Currency Strength Meter (HKLM\...\{70426F51-BA53-49FE-99B4-FC1EE138C4FF}) (Version: 3.0.6 - Newsprofiteer)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.)
DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
DTT (HKLM\...\DTT) (Version:  - )
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
FineDealSoft (HKLM\...\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}) (Version:  - finedeal) <==== ATTENTION
GetTheDiscount (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - GetTheDiscount) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Helper 7.6.3 (HKLM\...\Helper_is1) (Version: 7.6.3 - Netsmart Technologies)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MetaTrader - AxiTrader (HKLM\...\Nial Fuller NY Charts) (Version: 4.00 - MetaQuotes Software Corp.)
MetaTrader 4 (HKLM\...\MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OANDA - MetaTrader (HKLM\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
Performance Optimizer (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{35d80ae}) (Version:  - Linker Ltd) <==== ATTENTION
Quicken 2001 Basic (HKLM\...\Quicken 2001 Basic) (Version:  - )
S.A.R.A. (HKLM\...\S.A.R.A.) (Version:  - )
saveron (HKLM\...\{66951628-3E5A-9C96-37EA-490E187974D5}) (Version:  - "")
ScottradeELITE 2013 (HKLM\...\{10F03169-B313-4758-A0A2-E3A5CF2AB039}) (Version: 5.1.4.0 - Scottrader)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-220523388-920026266-839522115-1004_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

11-08-2014 14:38:49 System Checkpoint
11-08-2014 16:12:57 Software Distribution Service 3.0
11-08-2014 21:23:38 Restore Operation
13-08-2014 16:27:52 System Checkpoint
14-08-2014 21:17:25 System Checkpoint
18-08-2014 14:22:56 Software Distribution Service 3.0
18-08-2014 14:53:59 Removed Java 7 Update 25
18-08-2014 14:54:34 Installed Java 7 Update 67
18-08-2014 22:02:38 Software Distribution Service 3.0
20-08-2014 14:14:55 Software Distribution Service 3.0
20-08-2014 14:48:27 Installed Microsoft Office Word Viewer 2003
20-08-2014 14:52:30 Installed Compatibility Pack for the 2007 Office system
21-08-2014 20:30:32 Software Distribution Service 3.0
21-08-2014 21:24:36 Software Distribution Service 3.0
25-08-2014 14:27:19 Software Distribution Service 3.0
25-08-2014 23:54:01 Software Distribution Service 3.0
27-08-2014 15:04:32 Software Distribution Service 3.0
28-08-2014 18:02:12 Software Distribution Service 3.0
01-09-2014 15:12:59 System Checkpoint
01-09-2014 17:13:53 Software Distribution Service 3.0
01-09-2014 19:17:13 Software Distribution Service 3.0
03-09-2014 15:57:01 Software Distribution Service 3.0
04-09-2014 19:50:25 Software Distribution Service 3.0
08-09-2014 14:35:52 Software Distribution Service 3.0
10-09-2014 15:18:28 Software Distribution Service 3.0
11-09-2014 16:17:48 System Checkpoint
11-09-2014 23:05:19 Software Distribution Service 3.0
15-09-2014 13:41:03 Software Distribution Service 3.0
17-09-2014 15:40:36 Software Distribution Service 3.0
18-09-2014 18:55:18 Software Distribution Service 3.0
22-09-2014 14:36:44 Software Distribution Service 3.0
24-09-2014 14:24:39 Software Distribution Service 3.0
25-09-2014 15:23:49 Software Distribution Service 3.0
29-09-2014 14:42:24 Software Distribution Service 3.0
02-10-2014 14:25:43 Software Distribution Service 3.0
06-10-2014 14:09:20 Software Distribution Service 3.0
08-10-2014 14:28:16 Software Distribution Service 3.0
09-10-2014 17:31:50 Software Distribution Service 3.0
09-10-2014 23:08:27 Software Distribution Service 3.0
13-10-2014 14:42:25 Software Distribution Service 3.0
15-10-2014 14:32:08 Software Distribution Service 3.0
16-10-2014 19:26:53 System Checkpoint
16-10-2014 22:18:20 Software Distribution Service 3.0
20-10-2014 12:44:07 Software Distribution Service 3.0
22-10-2014 15:07:58 Software Distribution Service 3.0
23-10-2014 16:21:56 Software Distribution Service 3.0
27-10-2014 15:32:11 Software Distribution Service 3.0
29-10-2014 16:46:03 Software Distribution Service 3.0
30-10-2014 14:49:03 Software Distribution Service 3.0
03-11-2014 15:42:31 Software Distribution Service 3.0
05-11-2014 22:14:23 System Checkpoint
06-11-2014 15:52:34 Software Distribution Service 3.0
10-11-2014 14:41:51 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-10-27 13:19 - 2014-10-27 13:19 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => C:\WINDOWS\vVX3000.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{88655CA4-56D8-4316-878D-4654ACF85231}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 15:14 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-03-20 06:08 - 2008-06-02 11:42 - 00024064 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-03-20 06:08 - 2008-06-02 11:42 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2013-03-20 06:08 - 2008-06-02 11:42 - 00143360 _____ () C:\WINDOWS\System32\preflib.dll
2014-10-27 11:05 - 2014-10-27 11:05 - 00640512 _____ () C:\Documents and Settings\All Users\Application Data\FineDealSoft\FyugZjFhteiDyn.dll
2002-09-03 11:30 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2002-09-03 11:44 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss\Billminder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk => C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Administrator (S-1-5-21-220523388-920026266-839522115-500 - Administrator - Enabled)
Dick (S-1-5-21-220523388-920026266-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dick
Guest (S-1-5-21-220523388-920026266-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-220523388-920026266-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-220523388-920026266-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 11:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0004487f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/10/2014 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 9.11.2014.1, faulting module frst.exe, version 9.11.2014.1, fault address 0x0001f09e.
Processing media-specific event for [frst.exe!ws!]

Error: (11/10/2014 11:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/10/2014 10:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/06/2014 11:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/06/2014 10:43:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 37.0.2062.124, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/05/2014 04:49:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

Error: (11/03/2014 10:54:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/29/2014 01:41:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/29/2014 01:40:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (11/10/2014 09:43:07 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/10/2014 09:43:06 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/10/2014 09:38:34 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/06/2014 10:53:25 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/06/2014 10:53:24 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/06/2014 10:50:44 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/05/2014 04:50:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1190.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/05/2014 04:49:31 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/05/2014 04:49:22 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (11/05/2014 04:39:24 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Microsoft Office Sessions:
=========================
Error: (11/10/2014 11:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.60550004487f

Error: (11/10/2014 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe9.11.2014.1frst.exe9.11.2014.10001f09e

Error: (11/10/2014 11:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/10/2014 10:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/06/2014 11:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

Error: (11/06/2014 10:43:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe37.0.2062.124hungapp0.0.0.000000000

Error: (11/05/2014 04:49:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (11/03/2014 10:54:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (10/29/2014 01:41:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (10/29/2014 01:40:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 30%
Total physical RAM: 3573.97 MB
Available physical RAM: 2496.64 MB
Total Pagefile: 5456.4 MB
Available Pagefile: 4557.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:58.33 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:3.76 GB) (Free:2.33 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================



#18 dconant1

dconant1

    Silver Member

  • Authentic Member
  • PipPipPip
  • 281 posts

Posted 10 November 2014 - 11:08 AM

I'm sorry ... I have no idea what you mean by did I set and use that proxy.



#19 dconant1

dconant1

    Silver Member

  • Authentic Member
  • PipPipPip
  • 281 posts

Posted 10 November 2014 - 11:12 AM

You asked me to run the Mini Tool Box and post the scan from that ... here it is:

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Dick (administrator) on 10-11-2014 at 11:49:15
Running from "C:\Documents and Settings\Dick\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189

**** End of log ****



#20 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 November 2014 - 11:33 AM

Lets run these programs in order and see how far we can get

 

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #21 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 12:45 PM

    # AdwCleaner v4.101 - Report created 10/11/2014 at 13:36:45
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Dick - DCXPLAPTOP
    # Running from : C:\Documents and Settings\Dick\My Documents\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Performance Optimizer
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\SaveItCoupons
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\saveron
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\websavvEr
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\9905c60754384a29
    Folder Deleted : C:\Program Files\focusbase
    Folder Deleted : C:\Program Files\HELPER
    Folder Deleted : C:\Program Files\supporter
    Folder Deleted : C:\Documents and Settings\Dick\Application Data\Systweak
    Folder Deleted : C:\Documents and Settings\Dick\My Documents\Optimizer Pro
    [!] Folder Deleted : C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    File Deleted : C:\END
    File Deleted : C:\Documents and Settings\Dick\Application Data\Mozilla\Firefox\Profiles\o7l6dj0b.default\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    Shortcut Disinfected : C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Shortcut Disinfected : C:\Documents and Settings\Dick\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\Documents and Settings\Dick\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Shortcut Disinfected : C:\Documents and Settings\Dick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Shortcut Disinfected : C:\Documents and Settings\Dick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{6379FCD0-09FD-BBB5-64BF-4FF436D5BF53}]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{35d80ae}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\RegisteredApplicationsEx
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\UpdateFiles
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66951628-3E5A-9C96-37EA-490E187974D5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{66951628-3E5A-9C96-37EA-490E187974D5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "istart123");
    [vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "istart123");
    [vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("extensions.5VwZn5QA0NnB4DDa.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
    [vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("extensions.JIgxtadJu.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumoro[...]
    [vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("extensions.WKFv.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.ne[...]
    [vhocdbrb.default-1398966883750\prefs.js] - Line Deleted : user_pref("extensions.xRnUR0ytr0KOkRhE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]

    -\\ Google Chrome v37.0.2062.124

    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1405957103&from=amt&uid=TOSHIBAXMK8037GSX_X7UGT9VJTXXX7UGT9VJT&q={searchTerms}
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_34_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CyB0Ezy0FtA0A0C0CyCtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0F0AtCyEyB0DyBtGzztA0D0AtGtAzztDyCtG0A0E0AzztGyE0B0EyDtBzyyC0C0BzzzztA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0DzzyCzztA0D0AtGtBtD0F0DtGyEyEyE0AtG0AzzyBtCtGzztB0BtAyEtAtA0C0E0B0D0B2Q&cr=1548125825&ir=
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1405957103&from=amt&uid=TOSHIBAXMK8037GSX_X7UGT9VJTXXX7UGT9VJT&q={searchTerms}
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1405957103&from=amt&uid=TOSHIBAXMK8037GSX_X7UGT9VJTXXX7UGT9VJT&q={searchTerms}
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://wordpress.org/search/do-search.php?search={searchTerms}
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
    [C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl

    *************************

    AdwCleaner[R0].txt - [7005 octets] - [11/08/2014 16:18:11]
    AdwCleaner[R1].txt - [8322 octets] - [10/11/2014 13:26:10]
    AdwCleaner[S0].txt - [9193 octets] - [10/11/2014 13:36:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9253 octets] ##########
     



    #22 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 12:58 PM

    unkware Removal Tool (JRT) by Thisisu
    Version: 6.3.7 (11.08.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Dick on Mon 11/10/2014 at 13:47:28.18
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERUPDATE.EXE-0A02E128.pf



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\Dick\Local Settings\Application Data\driverhound"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 11/10/2014 at 13:57:01.78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     



    #23 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 04:01 PM

    Malwarebytes Anti-Malware

    www.malwarebytes.org

     

    Scan Date: 11/10/2014

    Scan Time: 2:00:08 PM

    Logfile:

    Administrator: Yes

     

    Version: 2.00.3.1025

    Malware Database: v2014.11.10.08

    Rootkit Database: v2014.11.10.01

    License: Free

    Malware Protection: Disabled

    Malicious Website Protection: Disabled

    Self-protection: Disabled

     

    OS: Windows XP Service Pack 3

    CPU: x86

    File System: NTFS

    User: Dick

     

    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 292462

    Time Elapsed: 24 min, 42 sec

     

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Disabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled

     

    Processes: 0

    (No malicious items detected)

     

    Modules: 0

    (No malicious items detected)

     

    Registry Keys: 8

    PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{89087395-9944-4742-bb31-d8c65afc6049}, , [e040e357f18bff373c0e6e509869629e],

    PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{89087395-9944-4742-BB31-D8C65AFC6049}, , [e040e357f18bff373c0e6e509869629e],

    PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\finedeal.finedeal, , [e040e357f18bff373c0e6e509869629e],

    PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\finedeal.finedeal.9, , [e040e357f18bff373c0e6e509869629e],

    PUP.Optional.MultiPlug, HKU\S-1-5-21-220523388-920026266-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{89087395-9944-4742-BB31-D8C65AFC6049}, , [e040e357f18bff373c0e6e509869629e],

    PUP.Optional.MultiPlug, HKU\S-1-5-21-220523388-920026266-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{89087395-9944-4742-BB31-D8C65AFC6049}, , [e040e357f18bff373c0e6e509869629e],

    PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89087395-9944-4742-BB31-D8C65AFC6049}, , [e040e357f18bff373c0e6e509869629e],

    PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{89087395-9944-4742-BB31-D8C65AFC6049}\INPROCSERVER32, , [e040e357f18bff373c0e6e509869629e],

     

    Registry Values: 0

    (No malicious items detected)

     

    Registry Data: 0

    (No malicious items detected)

     

    Folders: 0

    (No malicious items detected)

     

    Files: 4

    PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\FineDealSoft\FyugZjFhteiDyn.dll, , [e040e357f18bff373c0e6e509869629e],

    PUP.Optional.IBryte, C:\Documents and Settings\Dick\My Documents\Downloads\setup (1).exe, , [948cc07a08740d2975b4cb15966b49b7],

    PUP.Optional.IBryte, C:\Documents and Settings\Dick\My Documents\Downloads\setup (2).exe, , [dd430d2d0b7159dd72b7944cba47dd23],

    PUP.Optional.IBryte, C:\Documents and Settings\Dick\My Documents\Downloads\setup (3).exe, , [879902387309989e45e4419f5da46898],

     

    Physical Sectors: 0

    (No malicious items detected)

     

     

    (end)



    #24 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 November 2014 - 04:09 PM

    Great, run a new scan with FRST, checkmark Additions and post both logs 



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #25 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 04:14 PM

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
    Ran by Dick at 2014-11-10 17:13:15
    Running from C:\Documents and Settings\Dick\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
    Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
    Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
    Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
    Canon MX450 series On-screen Manual (HKLM\...\Canon MX450 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
    Canon MX450 series User Registration (HKLM\...\Canon MX450 series User Registration) (Version:  - ‭Canon Inc.)
    Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
    Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
    Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
    Currency Strength Meter (HKLM\...\{70426F51-BA53-49FE-99B4-FC1EE138C4FF}) (Version: 3.0.6 - Newsprofiteer)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
    Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.)
    DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
    DTT (HKLM\...\DTT) (Version:  - )
    eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
    FineDealSoft (HKLM\...\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}) (Version:  - finedeal) <==== ATTENTION
    GetTheDiscount (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - GetTheDiscount) <==== ATTENTION
    Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Helper 7.6.3 (HKLM\...\Helper_is1) (Version: 7.6.3 - Netsmart Technologies)
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
    HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet 6700 Help (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
    HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    MetaTrader - AxiTrader (HKLM\...\Nial Fuller NY Charts) (Version: 4.00 - MetaQuotes Software Corp.)
    MetaTrader 4 (HKLM\...\MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    OANDA - MetaTrader (HKLM\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
    ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
    Quicken 2001 Basic (HKLM\...\Quicken 2001 Basic) (Version:  - )
    S.A.R.A. (HKLM\...\S.A.R.A.) (Version:  - )
    ScottradeELITE 2013 (HKLM\...\{10F03169-B313-4758-A0A2-E3A5CF2AB039}) (Version: 5.1.4.0 - Scottrader)
    SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
    WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
    Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-220523388-920026266-839522115-1004_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

    ==================== Restore Points  =========================

    11-08-2014 21:23:38 Restore Operation
    13-08-2014 16:27:52 System Checkpoint
    14-08-2014 21:17:25 System Checkpoint
    18-08-2014 14:22:56 Software Distribution Service 3.0
    18-08-2014 14:53:59 Removed Java 7 Update 25
    18-08-2014 14:54:34 Installed Java 7 Update 67
    18-08-2014 22:02:38 Software Distribution Service 3.0
    20-08-2014 14:14:55 Software Distribution Service 3.0
    20-08-2014 14:48:27 Installed Microsoft Office Word Viewer 2003
    20-08-2014 14:52:30 Installed Compatibility Pack for the 2007 Office system
    21-08-2014 20:30:32 Software Distribution Service 3.0
    21-08-2014 21:24:36 Software Distribution Service 3.0
    25-08-2014 14:27:19 Software Distribution Service 3.0
    25-08-2014 23:54:01 Software Distribution Service 3.0
    27-08-2014 15:04:32 Software Distribution Service 3.0
    28-08-2014 18:02:12 Software Distribution Service 3.0
    01-09-2014 15:12:59 System Checkpoint
    01-09-2014 17:13:53 Software Distribution Service 3.0
    01-09-2014 19:17:13 Software Distribution Service 3.0
    03-09-2014 15:57:01 Software Distribution Service 3.0
    04-09-2014 19:50:25 Software Distribution Service 3.0
    08-09-2014 14:35:52 Software Distribution Service 3.0
    10-09-2014 15:18:28 Software Distribution Service 3.0
    11-09-2014 16:17:48 System Checkpoint
    11-09-2014 23:05:19 Software Distribution Service 3.0
    15-09-2014 13:41:03 Software Distribution Service 3.0
    17-09-2014 15:40:36 Software Distribution Service 3.0
    18-09-2014 18:55:18 Software Distribution Service 3.0
    22-09-2014 14:36:44 Software Distribution Service 3.0
    24-09-2014 14:24:39 Software Distribution Service 3.0
    25-09-2014 15:23:49 Software Distribution Service 3.0
    29-09-2014 14:42:24 Software Distribution Service 3.0
    02-10-2014 14:25:43 Software Distribution Service 3.0
    06-10-2014 14:09:20 Software Distribution Service 3.0
    08-10-2014 14:28:16 Software Distribution Service 3.0
    09-10-2014 17:31:50 Software Distribution Service 3.0
    09-10-2014 23:08:27 Software Distribution Service 3.0
    13-10-2014 14:42:25 Software Distribution Service 3.0
    15-10-2014 14:32:08 Software Distribution Service 3.0
    16-10-2014 19:26:53 System Checkpoint
    16-10-2014 22:18:20 Software Distribution Service 3.0
    20-10-2014 12:44:07 Software Distribution Service 3.0
    22-10-2014 15:07:58 Software Distribution Service 3.0
    23-10-2014 16:21:56 Software Distribution Service 3.0
    27-10-2014 15:32:11 Software Distribution Service 3.0
    29-10-2014 16:46:03 Software Distribution Service 3.0
    30-10-2014 14:49:03 Software Distribution Service 3.0
    03-11-2014 15:42:31 Software Distribution Service 3.0
    05-11-2014 22:14:23 System Checkpoint
    06-11-2014 15:52:34 Software Distribution Service 3.0
    10-11-2014 14:41:51 Software Distribution Service 3.0

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-10-27 13:19 - 2014-10-27 13:19 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => C:\WINDOWS\vVX3000.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{88655CA4-56D8-4316-878D-4654ACF85231}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-10-10 15:14 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    2013-03-20 06:08 - 2008-06-02 11:42 - 00024064 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
    2013-03-20 06:08 - 2008-06-02 11:42 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll
    2013-03-20 06:08 - 2008-06-02 11:42 - 00143360 _____ () C:\WINDOWS\System32\preflib.dll
    2014-08-18 10:45 - 2014-08-18 10:46 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2014-09-11 10:05 - 2014-09-11 10:05 - 16825520 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
    2002-09-03 11:30 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
    2002-09-03 11:44 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-09-25 10:41 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
    2014-09-25 10:41 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
    2014-09-25 10:41 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
    2014-09-25 10:41 - 2014-09-22 23:07 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss\Billminder.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk => C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-220523388-920026266-839522115-500 - Administrator - Enabled)
    Dick (S-1-5-21-220523388-920026266-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dick
    Guest (S-1-5-21-220523388-920026266-839522115-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-220523388-920026266-839522115-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-220523388-920026266-839522115-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/10/2014 01:28:21 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
    Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.11104.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

    Error: (11/10/2014 01:22:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/10/2014 00:23:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/10/2014 11:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0004487f.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (11/10/2014 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application frst.exe, version 9.11.2014.1, faulting module frst.exe, version 9.11.2014.1, fault address 0x0001f09e.
    Processing media-specific event for [frst.exe!ws!]

    Error: (11/10/2014 11:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (11/10/2014 10:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (11/06/2014 11:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module fyugzjfhteidyn.dll, version 1.8.0.0, fault address 0x0005ccd7.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (11/06/2014 10:43:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 37.0.2062.124, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/05/2014 04:49:55 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established


    System errors:
    =============
    Error: (11/10/2014 05:13:45 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
    Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

    Error: (11/10/2014 05:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SSPORT service failed to start due to the following error:
    %%2

    Error: (11/10/2014 05:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%20

    Error: (11/10/2014 05:04:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Performance Optimizer service to connect.

    Error: (11/10/2014 05:03:47 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
    Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

    Error: (11/10/2014 05:03:44 PM) (Source: 0) (EventID: 1) (User: )
    Description: 0xC0000001HarddiskVolume1

    Error: (11/10/2014 01:48:42 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
    Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

    Error: (11/10/2014 01:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SSPORT service failed to start due to the following error:
    %%2

    Error: (11/10/2014 01:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%20

    Error: (11/10/2014 01:39:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Performance Optimizer service to connect.


    Microsoft Office Sessions:
    =========================
    Error: (11/10/2014 01:28:21 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
    Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.11104.0mpengine0unspecifiedNILNILNIL

    Error: (11/10/2014 01:22:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    Error: (11/10/2014 00:23:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    Error: (11/10/2014 11:21:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.60550004487f

    Error: (11/10/2014 11:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: frst.exe9.11.2014.1frst.exe9.11.2014.10001f09e

    Error: (11/10/2014 11:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

    Error: (11/10/2014 10:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

    Error: (11/06/2014 11:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe8.0.6001.18702fyugzjfhteidyn.dll1.8.0.00005ccd7

    Error: (11/06/2014 10:43:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: chrome.exe37.0.2062.124hungapp0.0.0.000000000

    Error: (11/05/2014 04:49:55 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download....uthrootseq.txtA connection with the server could not be established


    ==================== Memory info ===========================

    Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz
    Percentage of memory in use: 24%
    Total physical RAM: 3573.97 MB
    Available physical RAM: 2688.31 MB
    Total Pagefile: 5456.35 MB
    Available Pagefile: 4656.09 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1938.2 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.52 GB) (Free:58.34 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive e: () (Removable) (Total:3.76 GB) (Free:2.33 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 3.8 GB) (Disk ID: 91F72D24)
    Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

    ==================== End Of Log ============================


      Advertisements

    Register to Remove


    #26 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 November 2014 - 04:34 PM

    Need to see the Original FRST log please, you just posted Additons



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #27 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 06:21 PM

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
    Ran by Dick (administrator) on DCXPLAPTOP on 10-11-2014 19:19:27
    Running from C:\Documents and Settings\Dick\Desktop
    Loaded Profile: Dick (Available profiles: Dick)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    () C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    () C:\WINDOWS\system32\WLTRYSVC.EXE
    (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
    (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\WINDOWS\vVX3000.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
    (j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    (j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GTray.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2007-10-26] (Synaptics, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\System32\WLTRAY.exe [2220032 2008-06-02] (Dell Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [757248 2009-06-26] (Microsoft Corporation)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-220523388-920026266-839522115-1004\...\Run: [eFax 4.4] => C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
    Startup: C:\Documents and Settings\Dick\Start Menu\Programs\Startup\eFax 4.4.lnk
    ShortcutTarget: eFax 4.4.lnk -> C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
    Startup: C:\Documents and Settings\Dick\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
    ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.roadrunner.com/
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1363811102093
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1364233578453
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Dick\Application Data\Mozilla\Firefox\Profiles\vhocdbrb.default-1398966883750
    FF Homepage: https://www.oanda.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dick\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-18]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-18]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-25]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-11-10]
    CHR Extension: (No Name) - C:\Documents and Settings\Dick\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-11-10]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-18] (Oracle Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1961984 2008-06-02] (Dell Inc.) [File not signed]
    S2 035d80ae; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\applic~1\perfor~1\PerformanceOptimizerSvc.dll",service

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2008-06-02] (Broadcom Corporation)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [38400 2009-10-12] (Samsung Electronics Co., Ltd.) [File not signed]
    R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
    S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-11-05] ()
    S4 IntelIde; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-10 13:57 - 2014-11-10 13:57 - 00000780 _____ () C:\Documents and Settings\Dick\Desktop\JRT.txt
    2014-11-10 13:47 - 2014-11-10 13:47 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-11-10 11:47 - 2014-11-10 12:24 - 00000651 _____ () C:\Documents and Settings\Dick\Desktop\Result.txt
    2014-11-10 11:46 - 2014-11-10 11:46 - 00401920 _____ (Farbar) C:\Documents and Settings\Dick\Desktop\MiniToolBox.exe
    2014-11-10 11:26 - 2014-11-10 11:27 - 00000400 _____ () C:\Documents and Settings\Dick\Desktop\Search.txt
    2014-11-10 11:12 - 2014-11-10 17:13 - 00024788 _____ () C:\Documents and Settings\Dick\Desktop\Addition.txt
    2014-11-10 11:10 - 2014-11-10 19:20 - 00012793 _____ () C:\Documents and Settings\Dick\Desktop\FRST.txt
    2014-11-10 11:07 - 2014-11-10 19:19 - 00000000 ____D () C:\FRST
    2014-11-10 11:06 - 2014-11-10 11:07 - 01107968 _____ (Farbar) C:\Documents and Settings\Dick\Desktop\FRST.exe
    2014-11-10 10:47 - 2014-11-10 10:47 - 00000512 _____ () C:\Documents and Settings\Dick\Desktop\MBR.dat
    2014-11-10 10:43 - 2014-11-10 10:43 - 05194752 _____ (AVAST Software) C:\Documents and Settings\Dick\Desktop\aswMBR.exe
    2014-11-03 15:42 - 2014-11-03 15:42 - 00812344 _____ (Trend Micro Inc.) C:\Documents and Settings\Dick\Desktop\HJTInstall.exe
    2014-11-03 15:42 - 2014-11-03 15:42 - 00001734 _____ () C:\Documents and Settings\Dick\Desktop\HijackThis.lnk
    2014-11-03 15:42 - 2014-11-03 15:42 - 00000000 ____D () C:\Program Files\Trend Micro
    2014-11-03 15:42 - 2014-11-03 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
    2014-10-27 12:58 - 2014-10-27 12:58 - 00000004 _____ () C:\Documents and Settings\Dick\Application Data\appdataFr2.bin
    2014-10-27 11:05 - 2014-11-10 17:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FineDealSoft
    2014-10-20 07:35 - 2014-10-20 07:35 - 00000075 _____ () C:\WINDOWS\setupact.log
    2014-10-20 07:35 - 2014-10-20 07:35 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-10-16 11:42 - 2014-10-16 11:42 - 00001695 _____ () C:\Documents and Settings\Dick\My Documents\TempDatazz01.tmp
    2014-10-15 12:47 - 2014-10-15 12:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-10 19:19 - 2013-03-20 05:49 - 00000000 ____D () C:\Documents and Settings\Dick\Local Settings\Temp
    2014-11-10 19:05 - 2013-07-17 07:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-11-10 18:02 - 2014-08-18 10:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-10 17:35 - 2014-02-16 21:51 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-10 17:35 - 2013-04-18 09:45 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-10 17:13 - 2014-04-07 09:29 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2014-11-10 17:08 - 2013-03-19 16:42 - 00559994 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-10 17:06 - 2014-02-16 15:28 - 01867313 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-10 17:04 - 2014-03-13 09:01 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-11-10 17:04 - 2014-02-16 21:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-11-10 17:04 - 2014-02-16 21:51 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-11-10 17:04 - 2013-04-18 09:45 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-10 17:03 - 2013-10-10 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2883150$
    2014-11-10 17:03 - 2013-03-20 05:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-10 17:02 - 2013-03-20 05:49 - 00000178 ___SH () C:\Documents and Settings\Dick\ntuser.ini
    2014-11-10 17:02 - 2013-03-20 05:49 - 00000000 ____D () C:\Documents and Settings\Dick
    2014-11-10 17:00 - 2013-03-26 15:25 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
    2014-11-10 13:59 - 2014-07-23 14:21 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-11-10 13:37 - 2014-08-11 16:16 - 00000000 ____D () C:\AdwCleaner
    2014-11-10 13:37 - 2013-04-18 09:46 - 00000917 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-11-10 13:37 - 2013-04-18 09:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    2014-11-10 13:37 - 2013-04-15 13:11 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2014-11-10 13:37 - 2013-04-15 13:11 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2014-11-10 13:37 - 2013-03-20 05:49 - 00000743 _____ () C:\Documents and Settings\Dick\Start Menu\Programs\Internet Explorer.lnk
    2014-11-10 11:30 - 2013-03-20 05:43 - 00000000 ____D () C:\DELL
    2014-11-10 10:10 - 2013-03-27 10:58 - 00000784 _____ () C:\WINDOWS\QUICKEN.INI
    2014-11-10 10:10 - 2013-03-27 10:58 - 00000000 ____D () C:\QUICKENW
    2014-11-10 09:43 - 2013-03-20 05:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2014-11-10 09:33 - 2013-03-20 20:37 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{88655CA4-56D8-4316-878D-4654ACF85231}.job
    2014-11-06 17:14 - 2014-09-11 09:53 - 00042496 _____ () C:\Documents and Settings\Dick\My Documents\Contractor Draws.xls
    2014-11-06 15:48 - 2013-03-26 15:25 - 00002477 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
    2014-11-05 16:49 - 2014-10-08 13:32 - 00019629 _____ () C:\WINDOWS\setupapi.log
    2014-11-05 16:49 - 2014-05-05 13:16 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
    2014-11-05 16:42 - 2013-10-10 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2014-11-05 16:39 - 2002-09-03 12:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-11-03 14:10 - 2014-02-17 11:22 - 00000000 ____D () C:\Documents and Settings\Dick\My Documents\eFax Messenger 4.4
    2014-10-30 09:50 - 2014-10-09 18:09 - 00007720 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-10-30 09:50 - 2014-10-09 18:08 - 00007371 _____ () C:\WINDOWS\KB2936068-IE8.log
    2014-10-30 06:24 - 2013-03-26 15:44 - 00229000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2014-10-27 13:34 - 2013-03-20 05:49 - 00001599 _____ () C:\Documents and Settings\Dick\Start Menu\Programs\Remote Assistance.lnk
    2014-10-27 13:29 - 2013-03-20 05:43 - 00001599 ____C () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
    2014-10-27 13:29 - 2013-03-20 05:43 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
    2014-10-27 13:29 - 2013-03-20 05:43 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
    2014-10-27 11:40 - 2013-03-27 12:39 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-10-27 11:40 - 2013-03-27 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-10-27 11:39 - 2014-08-20 09:24 - 00000000 ____D () C:\Documents and Settings\Dick\Local Settings\Application Data\Adobe
    2014-10-27 11:33 - 2013-03-25 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958470$
    2014-10-27 11:11 - 2014-10-08 13:21 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
    2014-10-27 10:57 - 2014-07-23 16:19 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-27 10:57 - 2014-07-23 16:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-10-27 10:57 - 2014-07-23 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-27 10:45 - 2013-04-15 13:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-10-23 19:09 - 2013-10-10 18:18 - 00237318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-920026266-839522115-1004-0.dat
    2014-10-23 19:09 - 2013-10-10 18:18 - 00128478 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-10-16 17:26 - 2013-07-20 13:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-10-16 17:18 - 2013-03-25 13:35 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-10-15 16:33 - 2013-12-16 14:39 - 00000000 ____D () C:\Program Files\MetaTrader - AxiTrader
    2014-10-15 12:48 - 2014-08-18 09:55 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-10-15 12:48 - 2014-08-18 09:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-10-15 12:47 - 2013-06-24 10:44 - 00000000 ____D () C:\Program Files\Java
    2014-10-15 12:42 - 2014-03-30 17:07 - 03155304 _____ (MetaQuotes Software Corp.) C:\WINDOWS\system32\MetaViewer.dll

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Dick\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Dick\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a606ae01.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================



    #28 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 November 2014 - 06:49 PM

     
    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyServer: http=127.0.0.1:14189;https=127.0.0.1:14189
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S2 035d80ae; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\applic~1\perfor~1\PerformanceOptimizerSvc.dll",service
    c:\docume~1\alluse~1\applic~1\perfor~1
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     
     
     
     
    Then run a new scan with FRST, checkmark Additions and post new logs please


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #29 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 07:03 PM

    So I have the info above ... beginning with START; finishing up with END saved in Notepad.  I'm trying to figure out how to save this next to FRST.  Not quite sure. 

    I have done a search of FRST through the C:/ drive and came up with a list of files.  I would choose the FRST application file (size 1082 KB).  Is that correct with I click on that file and paste the contents in my notebook file in FRST application file?



    #30 dconant1

    dconant1

      Silver Member

    • Authentic Member
    • PipPipPip
    • 281 posts

    Posted 10 November 2014 - 07:07 PM

    I've noticed something else.  When I use the COPY command in notebook then go the the FRST application file in the C:/drive and right click ... I cannot see a paste command. When I left click on FRST on my desktop, then right click ... I cannot see a paste command.  So I'm not sure how to paste the contents above next to FRST. 


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users