Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

XP slow, suspected virus or adware in spite of Kaspersky being installed

This is a discussion on XP slow, suspected virus or adware in spite of Kaspersky being installed within the Resolved HJT Threads forums, part of the Tech Support Forum category. XP Professional, service pack 3 slow and triggers Kaspersky Total Security to pop up every few seconds. I suspect there


 
 
Thread Tools Search this Thread
Old 11-10-2015, 01:56 PM   #1
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

XP Professional, service pack 3
slow and triggers Kaspersky Total Security to pop up every few seconds. I suspect there is some adware or virus...

this is the dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by laci at 16:42:50 on 2015-11-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3134.2224 [GMT -5:00]
.
AV: Kaspersky Total Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Total Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Synology\Assistant\UsbClientService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN38699948401290644&ctid=CT3279141
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://sunlitwater.wordpress.com/2007/02/27/the-little-things/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: {0B1B0D47-95F7-4bad-9309-A945B655AE61} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Easy Gif Animator Toolbar Helper: {96372AB6-15EB-4316-B497-71C741BC548C} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - c:\program files\kaspersky lab\kaspersky total security 16.0.0\ieext\ie_plugin.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: XBTBPos00 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - LocalServer32 - <no file>
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4A34-B167-FC4865038E53} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4A34-B167-FC4865038E53} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - c:\program files\kaspersky lab\kaspersky total security 16.0.0\ieext\ie_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
mRun: [ScanSoft OmniPage 16-reminder] "c:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 16\ereg\Ereg.ini"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [PDFHook] c:\program files\nuance\pdf professional 5\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf professional 5\RegistryController.exe
mRun: [Nuance PDF Professional 5-reminder] "c:\program files\nuance\pdf professional 5\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf professional 5\ereg\Ereg.ini"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\docume~1\laci\startm~1\programs\startup\shortc~1.lnk - u:\__camtasia-videos\__path\effortless-abundance-silent-to-loop-.mp3
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:383
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Customize Menu - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open with Nuance PDF Converter 5.0 - c:\program files\nuance\pdf professional 5\cnvres_eng.dll /100
IE: Save Forms - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {024516FC-2E86-4731-93C6-E6DA04DE62F3} - c:\documents and settings\laci\local settings\application data\difolders software\blogjet\blogthis.js
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-94171777763b68e5.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www2.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7FFB4A9D-F076-47E5-BD27-0F936E0F9B00} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E4F057BA-EE4F-4D85-9D6D-88C2380055BA} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - <orphaned>
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.86\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laci\application data\mozilla\firefox\profiles\qujunlej.default-1379115785906\
FF - prefs.js: browser.startup.homepage - hxxp://outcall.net/toplist/auto10/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF - plugin: c:\documents and settings\laci\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\documents and settings\laci\local settings\application data\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: c:\program files\google\update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_19_0_0_245.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: plugin.state.npcontentblocker - 2
.
FF - user.js: plugin.state.nponlinebanking - 2
.
FF - user.js: plugin.state.npvkplugin - 2
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [2015-7-5 201912]
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2015-6-22 153784]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [2015-6-6 46776]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [2015-6-26 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [2014-12-31 44216]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2014-2-10 773512]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [2013-4-12 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [2014-8-21 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-6-6 156856]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files\kaspersky lab\kaspersky total security 16.0.0\avp.exe [2015-7-8 194000]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [2014-7-2 58040]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-10-4 90352]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-2 144672]
R2 UsbClientService;UsbClientService;c:\program files\synology\assistant\UsbClientService.exe [2011-2-18 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2011-2-18 46304]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [2014-2-10 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2013-4-19 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-11-16 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-11-16 37040]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-10-12 120472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9694dee7947f6;Google Update Service (gupdate1c9694dee7947f6);c:\program files\google\update\GoogleUpdate.exe [2008-12-28 144200]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-11-10 18:59:11 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-10 18:59:11 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-20 08:34:35 150408 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-10-20 08:34:32 44216 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-09-26 08:31:40 39304 ----a-w- c:\windows\system32\drivers\klpd.sys
2008-03-10 17:48:26 2939142 ----a-w- c:\program files\FLVplayr.exe
.
============= FINISH: 16:50:32.54 ===============

I also have another thread for another of my computers.
Attached Files
File Type: txt attach.txt (15.0 KB, 20 views)
File Type: txt dds.txt (16.0 KB, 24 views)
mavensophie is offline  
Sponsored Links
Advertisement
 
Old 11-13-2015, 10:39 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

My.Freeze.com Toolbar<<Please read this

------------------------------------------------------

CCleaner
PC Pitstop Optimize
RegistryBooster
Uniblue RegistryBooster


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling PC Pitstop Optimize, RegistryBooster, and Uniblue RegistryBooster via Add or Remove Programs in your Control Panel.

------------------------------------------------------

I see you have P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Add or Remove Programs.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-13-2015, 12:55 PM   #3
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

whew... this was a total struggle... the computer doesn't want to let me uninstall stuff...

pcpitstop schedule is still running in processes. My.freeze.com toolbar won't uninstall: uninstall.log is missing

I had to run the AdwCleaner in safe mode, because it crashed as soon as I clicked on it... I hope it did well in safe mode.

The trouble is bigger than I thought it was... obviously.

# AdwCleaner v5.020 - Logfile created 13/11/2015 at 15:43:06
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : laci - HP
# Running from : C:\Documents and Settings\laci\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\speedypc software
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[-] Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[-] Folder Deleted : C:\Documents and Settings\laci\Application Data\DriverCure
[-] Folder Deleted : C:\Documents and Settings\laci\Application Data\goforfiles
[-] Folder Deleted : C:\Documents and Settings\laci\Application Data\PriceGong
[-] Folder Deleted : C:\Documents and Settings\laci\Application Data\speedypc software
[-] Folder Deleted : C:\Documents and Settings\laci\Application Data\SwvUpdater
[-] Folder Deleted : C:\Documents and Settings\laci\Local Settings\Application Data\apn
[-] Folder Deleted : C:\Documents and Settings\laci\Local Settings\Application Data\Conduit
[-] Folder Deleted : C:\Documents and Settings\laci\Local Settings\Application Data\Ilivid Player
[-] Folder Deleted : C:\Documents and Settings\laci\Local Settings\Application Data\PackageAware
[-] Folder Deleted : C:\Documents and Settings\laci\Local Settings\Application Data\searchcom_001
[-] Folder Deleted : C:\Documents and Settings\laci\Local Settings\Application Data\SearchProtect
[-] Folder Deleted : C:\Documents and Settings\laci\Local Settings\Application Data\Innovative Solutions
[-] Folder Deleted : C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
[-] Folder Deleted : C:\Documents and Settings\laci\Start Menu\Programs\Freeze.com
[-] Folder Deleted : C:\Program Files\Conduit
[-] Folder Deleted : C:\Program Files\iLivid
[-] Folder Deleted : C:\Program Files\SearchProtect
[-] Folder Deleted : C:\Program Files\Uniblue
[-] Folder Deleted : C:\Program Files\MediaPlayerV1
[-] Folder Deleted : C:\Program Files\Common Files\Innovative Solutions

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\5237zhxd.default-1389975846046\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\5237zhxd.default-1389975846046\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\5237zhxd.default-1389975846046\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\5237zhxd.default-1389975846046\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\5237zhxd.default-1389975846046\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\dqzwr47w.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\dqzwr47w.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\dqzwr47w.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\dqzwr47w.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\dqzwr47w.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\user.js
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\user.js
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej(2).default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej(2).default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej(2).default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej(2).default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej(2).default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\searchplugins\conduit-search.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\user.js
[-] File Deleted : C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\user.js
[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : GoforFilesUpdate

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
[-] Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51F04BD6-3888-4849-864C-617FAE709CE0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80987362-6216-49BC-98E4-77E6CF71A5D7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80987362-6216-49BC-98E4-77E6CF71A5D7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{80987362-6216-49BC-98E4-77E6CF71A5D7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\Crossrider
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\PriceGong
[-] Key Deleted : HKCU\Software\speedypc software
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\AskBarDis
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Settings Manager
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Freeze.com
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\speedypc software
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2ADF0518-CBAB-4685-B1B1-C0B4AF4CF0EB}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DFEF4C07-509B-465A-8632-041301EC3924}

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\5237zhxd.default-1389975846046\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff");
[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\5237zhxd.default-1389975846046\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=");
[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\dqzwr47w.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff");
[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\dqzwr47w.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=");
[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff");
[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\hv8hlgtd.Sophie\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=");
[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej(2).default-1379115785906\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff");
[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej(2).default-1379115785906\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=");
[-] [C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=");
[-] [C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com_
[-] [C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : supertoolbar.ask.com
[-] [C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search
[-] [C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : conduit.search
[-] [C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oelbclnhkbhlhikfmpmbakbgeonbjjnp

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [18846 bytes] ##########
mavensophie is offline  
Sponsored Links
Advertisement
 
Old 11-13-2015, 01:12 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello mavensophie.

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-13-2015, 01:51 PM   #5
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

ComboFix 15-11-09.01 - laci 11/13/2015 16:28:00.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3134.2313 [GMT -5:00]
Running from: c:\documents and settings\laci\Desktop\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Total Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\laci\g2mdlhlpx.exe
c:\documents and settings\laci\My Documents\97174275.tmp
c:\program files\WinPCap
c:\program files\WinPCap\install.log
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2015-10-13 to 2015-11-13 )))))))))))))))))))))))))))))))
.
.
2015-11-13 20:40 . 2015-11-13 20:43 -------- d-----w- C:\AdwCleaner
2015-11-13 19:19 . 2015-11-13 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2015-11-13 19:14 . 2015-11-13 19:14 -------- d-----w- c:\documents and settings\laci\Application Data\DiskDefrag
2015-11-13 19:14 . 2015-11-13 19:24 -------- d-----w- c:\documents and settings\laci\Application Data\GlarySoft
2015-11-13 19:11 . 2015-11-13 19:11 -------- d-----w- c:\program files\Glarysoft
2015-10-16 23:46 . 2015-10-16 23:46 17314496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-10 18:59 . 2012-06-28 23:34 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-10 18:59 . 2012-06-28 23:34 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-20 08:34 . 2014-02-10 20:17 150408 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-10-20 08:34 . 2015-01-01 02:36 44216 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-09-26 08:31 . 2013-04-12 20:34 39304 ----a-w- c:\windows\system32\drivers\klpd.sys
2008-03-10 17:48 . 2009-07-06 00:45 2939142 ----a-w- c:\program files\FLVplayr.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-10-27 02:11 . E60E9D5F229CB8DA347D48ADD6E8DC47 . 917984 . . [16.0.2] . . c:\windows\ERDNT\cache\firefox.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2015-10-08 110160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"ScanSoft OmniPage 16-reminder"="c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 328992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-02-02 795936]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-02-02 58656]
"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2005-10-14 3719168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CuteFTP\\CUTFTP32.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmdnew\\TOTALCMD.EXE"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EditPlus 3\\editplus.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9284:TCP"= 9284:TCP:BitComet 9284 TCP
"9284:UDP"= 9284:UDP:BitComet 9284 UDP
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [7/5/2015 11:10 PM 201912]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [6/6/2015 7:50 AM 46776]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [6/26/2015 11:00 PM 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [12/31/2014 9:36 PM 44216]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [4/12/2013 3:34 PM 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [8/21/2014 3:39 PM 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [5/14/2013 5:34 PM 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [6/6/2013 5:38 PM 156856]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [1/13/2006 8:00 AM 15872]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [7/2/2014 4:10 PM 58040]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [10/4/2009 1:07 PM 90352]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2/2/2008 1:20 AM 144672]
R2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [2/18/2011 1:18 AM 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2/18/2011 1:20 AM 46304]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [2/10/2014 3:17 PM 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/19/2013 9:44 AM 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [11/16/2013 10:11 PM 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/16/2013 10:11 PM 37040]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [10/12/2009 8:02 AM 120472]
S2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [7/8/2015 11:02 PM 194000]
S2 gupdate1c9694dee7947f6;Google Update Service (gupdate1c9694dee7947f6);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2008 7:39 PM 144200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-10 21:27 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 18:59]
.
2015-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2015-11-13 c:\windows\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
- c:\program files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe [2012-01-12 20:09]
.
2015-11-13 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1940363232-3415319241-587996925-1005.job
- c:\program files\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-10-07 19:04]
.
2015-11-13 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1940363232-3415319241-587996925-1005.job
- c:\program files\Citrix\GoToMeeting\3499\g2mupload.exe [2015-10-07 19:04]
.
2015-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-29 14:12]
.
2015-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-29 14:12]
.
2015-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1940363232-3415319241-587996925-1005Core.job
- c:\documents and settings\laci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-25 12:36]
.
2015-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1940363232-3415319241-587996925-1005UA.job
- c:\documents and settings\laci\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-25 12:36]
.
2015-11-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-24 01:59]
.
2015-11-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-24 01:59]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://sunlitwater.wordpress.com/2007/02/27/the-little-things/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open with Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {{024516FC-2E86-4731-93C6-E6DA04DE62F3} - c:\documents and settings\laci\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\
FF - prefs.js: browser.startup.homepage - hxxp://outcall.net/toplist/auto10/
.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\laci\Start Menu\Programs\Startup\Shortcut to effortless-abundance-silent-to-loop-.lnk - u:\__camtasia-videos\__path\effortless-abundance-silent-to-loop-.mp3
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1 - c:\program files\Uniblue\RegistryBooster\unins001.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-11-13 16:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1512)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(924)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\TechSmith\SnagIt 7\TSCHelp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2015-11-13 16:49:19 - machine was rebooted
ComboFix-quarantined-files.txt 2015-11-13 21:49
ComboFix2.txt 2012-11-18 17:43
.
Pre-Run: 15,519,985,664 bytes free
Post-Run: 15,807,238,144 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7851E4A3F0CB1D23285528BFAC318BBA
E5FA06ACA0D60BA9C870D0EF3D9898C9
mavensophie is offline  
Old 11-13-2015, 03:46 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mavensophie. How is the machine behaving?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-14-2015, 06:25 AM   #7
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\RegistryBooster\registrybooster.exe.vir a variant of Win32/RegistryBooster.D potentially unwanted application
C:\AI_RecycleBin\{10DB9DB8-60CB-4CD9-B5DC-6734C98889CB}\5\Strongvault\StrongVaultApp.exe a variant of MSIL/Adware.StrongVault.A application
C:\Documents and Settings\laci\Desktop\Advanced_Uninstaller11_56_CNet.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Documents and Settings\laci\Desktop\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\laci\Desktop\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\laci\Desktop\___stuff\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\laci\Desktop\___stuff\rcsetup.exe Win32/DownWare.W potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1449\A0500486.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1476\A0524511.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1476\A0524524.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1478\A0524814.exe a variant of Win32/UniBlue.F potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1478\A0525840.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1478\A0525924.dll a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1478\A0525930.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1478\A0525931.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1478\A0525932.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1478\A0525934.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP1478\A0525939.exe a variant of Win32/RegistryBooster.D potentially unwanted application




Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/13/2015
Scan Time: 10:19:57 PM
Logfile: malwarebytes-scan-log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.13.08
Rootkit Database: v2015.11.13.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: laci

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434613
Time Elapsed: 35 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

computer is still slow, kaspersky still pops up every few minutes when I am on my browser(firefox)
mavensophie is offline  
Old 11-14-2015, 10:45 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mavensophie. Not all slowness issues are caused by malware. You may have to seek help in one of our other forums.

When you say slow, do you mean the whole computer, browser(s), or both?

What does Kaspersky say when it pops up? Can you post a pic of what you see?

------------------------------------------------------

Several of the ESET finds have already been quarantined by AdwCleaner. Those will get deleted when we uninstall AdwCleaner.

System Volume Information is where Windows keeps old system restore points. Those will get deleted when we uninstall ComboFix later.

We'll deal with the remaining finds using another tool.

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-14-2015, 11:19 AM   #9
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

I will catch the kaspersky stuff when I turn it back on...

here are the farbar results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by laci (administrator) on HP (14-11-2015 14:15:48)
Running from C:\Documents and Settings\laci\Desktop
Loaded Profiles: laci (Available Profiles: laci & 343f5 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(PC Pitstop LLC) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Synology\Assistant\UsbClientService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Logitech Inc.) C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 7\TscHelp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\3880\g2mstart.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\3880\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\3880\g2mlauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SetRefresh] => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2007-03-26] (Nuance Communications, Inc.)
HKLM\...\Run: [Deskup] => C:\Program Files\Iomega\DriveIcons\deskup.exe [32768 2002-07-16] (Iomega)
HKLM\...\Run: [ScanSoft OmniPage 16-reminder] => C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe [328992 2007-07-20] (Nuance Communications, Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe [795936 2008-02-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe [58656 2008-02-02] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Professional 5-reminder] => C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-03-17] (ATI Technologies Inc.)
HKU\S-1-5-21-1940363232-3415319241-587996925-1005\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-10-08] (Siber Systems)
HKU\S-1-5-18\...\MountPoints2: ##Acer#passport - R:\WDSetup.exe
AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll => C:\WINDOWS\system32\acaptuser32.dll [112096 2012-07-30] (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk [2007-08-14]
ShortcutTarget: SnagIt 7.lnk -> C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7FFB4A9D-F076-47E5-BD27-0F936E0F9B00}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E4F057BA-EE4F-4D85-9D6D-88C2380055BA}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1940363232-3415319241-587996925-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKU\S-1-5-21-1940363232-3415319241-587996925-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1940363232-3415319241-587996925-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchScopes: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HelperObject Class -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2005-10-14] (TechSmith Corporation)
BHO: NVRShowBar -> {0B1B0D47-95F7-4bad-9309-A945B655AE61} -> No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-10-08] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-13] (Oracle Corporation)
BHO: Easy Gif Animator Toolbar Helper -> {96372AB6-15EB-4316-B497-71C741BC548C} -> C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll [2010-05-15] ()
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30] (Adobe Systems Incorporated)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-01-25] (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-13] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-10-08] (Siber Systems Inc.)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14] (TechSmith Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll [2010-05-15] ()
Toolbar: HKLM - No Name - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - No File
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-01-25] (Zeon Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-10-08] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> No Name - {11352A67-0178-46B1-8855-D50B2F81C054} - No File
Toolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll [2010-05-15] ()
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} hxxp://cid-94171777763b68e5.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} hxxps://www2.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906
FF DefaultSearchEngine: Google
FF Homepage: hxxp://outcall.net/toplist/auto10/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-13] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1940363232-3415319241-587996925-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\laci\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-06-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-1940363232-3415319241-587996925-1005: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\laci\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1940363232-3415319241-587996925-1005: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\laci\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1940363232-3415319241-587996925-1005: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll [2012-12-27] (Amazon.com, Inc.)
FF user.js: detected! => C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-1940363232-3415319241-587996925-1005\FireFox\user.js [2015-01-01]
FF SearchPlugin: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-1940363232-3415319241-587996925-1005\FireFox\searchplugins\conduit-search.xml [2014-03-29]
FF Extension: DownThemAll! AntiContainer - C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\Extensions\[email protected] [2015-09-02]
FF Extension: Snap Links Plus - C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\Extensions\[email protected] [2015-06-17]
FF Extension: Bookmark All - C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\Extensions\{a76cd07b-f0d7-4ef9-9566-8faef6e290e4}.xpi [2015-06-17]
FF Extension: DownThemAll! - C:\Documents and Settings\laci\Application Data\Mozilla\Firefox\Profiles\qujunlej.default-1379115785906\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-09-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-10-20] [not signed]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-10-08]
FF HKU\S-1-5-21-1940363232-3415319241-587996925-1005\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi

Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\laci\Application Data\Mozilla\plugins\npgoogletalk.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\laci\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll => No File
CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll => No File
CHR Plugin: (BitTorrent) - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll => No File
CHR Plugin: (Internet Pictures Corp. iPIX Plugin v6.2) - C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll => No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\laci\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]
CHR Extension: (RoboForm) - C:\Documents and Settings\laci\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-03-16]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-10-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-08-19] (Kaspersky Lab ZAO)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-22] (NOS Microsystems Ltd.)
S2 gupdate1c9694dee7947f6; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [99688 2009-10-14] (Sony Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-13] (Oracle Corporation)
S3 lmab_device; C:\WINDOWS\system32\LMabcoms.exe [487424 2005-05-23] (Lexmark International, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-24] (Mozilla Foundation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [90352 2009-04-26] (PC Pitstop LLC)
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-02-02] (Nuance Communications, Inc.)
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] () [File not signed]
S4 Iomega Activity Disk2; "" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-08] (Adaptec, Inc.) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2278784 2004-09-21] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R3 busenum; C:\WINDOWS\System32\DRIVERS\busenum.sys [46304 2011-02-18] (Windows (R) Win 7 DDK provider)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [201912 2015-07-05] (Kaspersky Lab ZAO)
R3 eapihdrv; C:\Documents and Settings\laci\Local Settings\temp\ehdrv.sys [135760 2015-11-14] (ESET)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel(R) Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel(R) Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel(R) Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel(R) Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [57712 2015-06-26] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [58040 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [150408 2015-10-20] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [44216 2015-10-20] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [773512 2015-10-20] (AO Kaspersky Lab)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [36024 2015-06-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [37040 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [39304 2015-09-26] (AO Kaspersky Lab)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [73912 2015-06-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [51729 2003-12-17] (Logitech, Inc.)
R3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37887 2003-12-17] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-14] (Malwarebytes)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R0 ppa3; C:\WINDOWS\System32\DRIVERS\ppa3.sys [17664 2008-04-13] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 TotRec7; C:\WINDOWS\System32\drivers\TotRec7.sys [120472 2008-04-17] (High Criteria inc.)
R1 VD_FileDisk; C:\WINDOWS\system32\Drivers\VD_FileDisk.sys [15872 2006-01-13] (Flint Incorporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 mcdbus; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 14:15 - 2015-11-14 14:16 - 00029281 _____ C:\Documents and Settings\laci\Desktop\FRST.txt
2015-11-14 14:15 - 2015-11-14 14:16 - 00000000 ____D C:\FRST
2015-11-14 14:14 - 2015-11-14 14:14 - 01702400 _____ (Farbar) C:\Documents and Settings\laci\Desktop\FRST.exe
2015-11-14 09:20 - 2015-11-14 09:20 - 00007790 _____ C:\Documents and Settings\laci\Desktop\threats-found-by eset.txt
2015-11-13 20:09 - 2015-11-13 20:18 - 02870984 _____ (ESET) C:\Documents and Settings\laci\Desktop\esetsmartinstaller_enu.exe
2015-11-13 18:53 - 2015-11-13 18:53 - 00000813 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-13 18:53 - 2015-11-13 18:53 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-13 18:53 - 2015-11-13 18:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-13 18:53 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-13 18:52 - 2015-11-14 05:14 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\laci\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-13 16:49 - 2015-11-14 14:16 - 00000000 ____D C:\Documents and Settings\laci\Local Settings\temp
2015-11-13 16:49 - 2015-11-13 16:49 - 00021246 _____ C:\ComboFix.txt
2015-11-13 16:49 - 2015-11-13 16:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-11-13 16:49 - 2015-11-13 16:49 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-11-13 16:49 - 2015-11-13 16:49 - 00000000 ____D C:\Documents and Settings\343f5\Local Settings\temp
2015-11-13 16:37 - 2015-11-13 16:37 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2015-11-13 16:37 - 2015-11-13 16:37 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-11-13 16:37 - 2015-11-13 16:37 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2015-11-13 16:36 - 2015-11-13 16:36 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-11-13 16:36 - 2015-11-13 16:36 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2015-11-13 16:23 - 2015-11-13 16:23 - 00000000 _RSHD C:\cmdcons
2015-11-13 15:40 - 2015-11-13 15:43 - 00000000 ____D C:\AdwCleaner
2015-11-13 15:35 - 2015-11-13 15:35 - 01729536 _____ C:\Documents and Settings\laci\Desktop\AdwCleaner.exe
2015-11-13 15:31 - 2015-11-13 15:31 - 01729536 _____ C:\Documents and Settings\laci\Desktop\adwcleaner_5.020.exe
2015-11-13 14:19 - 2015-11-13 14:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2015-11-13 14:14 - 2015-11-13 14:24 - 00000000 ____D C:\Documents and Settings\laci\Application Data\GlarySoft
2015-11-13 14:14 - 2015-11-13 14:14 - 00000000 ____D C:\Documents and Settings\laci\Application Data\DiskDefrag
2015-11-13 14:13 - 2015-11-13 14:13 - 00001217 _____ C:\GUDownLoaddebug.txt
2015-11-13 14:11 - 2015-11-13 14:11 - 00000953 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Uninstaller.lnk
2015-11-13 14:11 - 2015-11-13 14:11 - 00000947 _____ C:\Documents and Settings\All Users\Desktop\Absolute Uninstaller.lnk
2015-11-13 14:11 - 2015-11-13 14:11 - 00000000 ____D C:\Program Files\Glarysoft
2015-11-13 14:11 - 2015-11-13 14:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Glarysoft
2015-11-10 16:50 - 2015-11-10 16:50 - 00016418 _____ C:\Documents and Settings\laci\Desktop\dds.txt
2015-11-10 16:50 - 2015-11-10 16:50 - 00015406 _____ C:\Documents and Settings\laci\Desktop\attach.txt
2015-11-10 16:40 - 2015-11-10 16:40 - 00688992 ____R (Swearware) C:\Documents and Settings\laci\Desktop\dds.scr
2015-11-07 11:11 - 2015-11-07 11:11 - 04634645 _____ C:\Documents and Settings\laci\Desktop\the-cost-of-not-buying.psd
2015-11-04 19:59 - 2015-11-04 19:59 - 00000719 _____ C:\WINDOWS\setupapi.log
2015-11-04 19:56 - 2015-11-04 19:56 - 00000060 _____ C:\WINDOWS\setupact.log
2015-11-04 19:56 - 2015-11-04 19:56 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-01 20:05 - 2015-11-01 20:05 - 00122880 _____ C:\WINDOWS\Minidump\Mini110115-01.dmp
2015-10-22 12:51 - 2015-10-22 12:51 - 00000607 _____ C:\Documents and Settings\laci\Desktop\3-secondphase-humility-urgency.camrec.lnk
2015-10-21 16:52 - 2015-10-21 17:11 - 1066986552 _____ C:\Documents and Settings\laci\Desktop\talk-to-me-20151021.camrec
2015-10-17 11:35 - 2015-10-17 11:39 - 692460480 _____ C:\Documents and Settings\laci\Desktop\talk-to-me-20151017.camrec
2015-10-16 20:05 - 2015-10-16 20:05 - 00579584 _____ C:\Documents and Settings\laci\Desktop\buy1get1ad.qxp
2015-10-16 19:30 - 2015-10-16 19:30 - 00007580 _____ C:\Documents and Settings\laci\My Documents\cc_20151016_203042.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 13:59 - 2012-06-28 18:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-14 13:57 - 2011-08-25 07:44 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1940363232-3415319241-587996925-1005UA.job
2015-11-14 13:57 - 2011-08-25 07:44 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1940363232-3415319241-587996925-1005Core.job
2015-11-14 13:33 - 2012-01-12 13:31 - 00000428 _____ C:\WINDOWS\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
2015-11-14 13:31 - 2004-08-09 09:00 - 01812622 ____C C:\WINDOWS\WindowsUpdate.log
2015-11-14 13:25 - 2009-06-30 19:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 13:21 - 2014-02-01 11:47 - 00000512 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1940363232-3415319241-587996925-1005.job
2015-11-14 12:32 - 2010-07-18 23:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-11-14 12:25 - 2015-06-29 14:57 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1940363232-3415319241-587996925-1005.job
2015-11-14 12:07 - 2009-09-05 21:40 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-11-14 08:57 - 2004-08-09 09:00 - 00032520 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-13 21:25 - 2009-06-30 19:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-13 20:18 - 2007-04-14 13:11 - 00000000 ____D C:\Program Files\ESET
2015-11-13 20:09 - 2011-07-16 22:17 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-11-13 19:40 - 2004-08-09 08:55 - 00001158 ____C C:\WINDOWS\system32\wpa.dbl
2015-11-13 19:39 - 2014-04-30 05:47 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-11-13 19:39 - 2010-03-11 13:21 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-11-13 19:39 - 2004-08-09 09:00 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-11-13 19:39 - 2004-08-09 01:25 - 00000159 ____C C:\WINDOWS\wiadebug.log
2015-11-13 19:39 - 2004-08-09 01:25 - 00000050 ____C C:\WINDOWS\wiaservc.log
2015-11-13 19:37 - 2015-07-05 10:10 - 00065536 _____ C:\WINDOWS\system32\config\Kaspersk.evt
2015-11-13 19:37 - 2010-09-02 22:11 - 00438888 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-11-13 19:37 - 2007-06-26 16:44 - 00000178 __SHC C:\Documents and Settings\laci\ntuser.ini
2015-11-13 19:37 - 2007-06-26 16:44 - 00000000 ____D C:\Documents and Settings\laci
2015-11-13 18:53 - 2009-09-05 21:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-11-13 18:50 - 2015-02-19 20:12 - 00000000 ____D C:\Documents and Settings\laci\My Documents\No Hands Proxies
2015-11-13 18:50 - 2015-02-19 20:10 - 00000000 ____D C:\Documents and Settings\laci\My Documents\No Hands SEO
2015-11-13 18:49 - 2015-03-26 12:34 - 00001070 _____ C:\Documents and Settings\laci\My Documents\Yahoo-proxies.txt
2015-11-13 18:49 - 2015-02-19 20:16 - 00001714 _____ C:\Documents and Settings\laci\My Documents\Posting-proxies.txt
2015-11-13 18:49 - 2015-02-19 20:16 - 00000000 _____ C:\Documents and Settings\laci\My Documents\Google-proxies.txt
2015-11-13 16:49 - 2012-11-18 12:11 - 00000000 ____D C:\Qoobox
2015-11-13 16:49 - 2007-02-26 22:10 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-11-13 16:41 - 2004-08-09 01:21 - 00000285 _____ C:\WINDOWS\system.ini
2015-11-13 16:37 - 2010-09-02 22:11 - 03478400 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1940363232-3415319241-587996925-1005-0.dat
2015-11-13 16:37 - 2004-08-09 09:01 - 60030976 _____ C:\WINDOWS\system32\config\software.bak
2015-11-13 16:37 - 2004-08-09 09:00 - 07602176 _____ C:\WINDOWS\system32\config\system.bak
2015-11-13 16:37 - 2004-08-09 09:00 - 00446464 _____ C:\WINDOWS\system32\config\default.bak
2015-11-13 16:37 - 2004-08-09 09:00 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.bak
2015-11-13 16:37 - 2004-08-09 09:00 - 00032768 _____ C:\WINDOWS\system32\config\SAM.bak
2015-11-13 16:36 - 2010-03-06 18:25 - 00000000 ____D C:\WINDOWS\ERDNT
2015-11-13 16:23 - 2004-08-09 08:26 - 00000327 __RSH C:\boot.ini
2015-11-13 16:18 - 2012-11-18 12:09 - 05638248 ____R (Swearware) C:\Documents and Settings\laci\Desktop\ComboFix.exe
2015-11-13 15:15 - 2009-10-05 08:59 - 00000000 ____D C:\Documents and Settings\laci\Application Data\BitTorrent
2015-11-13 15:06 - 2007-07-20 12:55 - 00000000 __SHD C:\WINDOWS\CSC
2015-11-13 14:26 - 2008-11-01 10:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop
2015-11-13 14:19 - 2009-09-28 17:41 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-11-13 14:04 - 2008-08-31 19:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop
2015-11-13 14:04 - 2007-07-27 09:19 - 00000000 ____D C:\Program Files\PCPitstop
2015-11-12 03:23 - 2013-08-07 14:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 03:23 - 2008-02-05 07:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-11-12 03:08 - 2007-04-14 22:55 - 143250520 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 16:19 - 2013-07-13 00:25 - 00000000 ____D C:\Documents and Settings\laci\Application Data\uTorrent
2015-11-10 16:15 - 2010-03-13 12:29 - 00000000 ____D C:\Documents and Settings\laci\Desktop\_shortcuts
2015-11-10 16:12 - 2007-12-15 19:54 - 00000000 ____D C:\Program Files\BitTorrent
2015-11-10 15:53 - 2012-07-30 06:42 - 00000000 ____D C:\Documents and Settings\laci\Application Data\S3Browser
2015-11-10 13:59 - 2012-06-28 18:34 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-10 13:59 - 2012-06-28 18:34 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-10 12:49 - 2011-07-09 16:55 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-11-10 08:26 - 2012-07-29 10:21 - 00000000 ____D C:\Documents and Settings\laci\Application Data\vlc
2015-11-10 07:02 - 2007-05-09 13:57 - 00000000 ____D C:\Documents and Settings\laci\Desktop\__ICD-BM1_Sophie
2015-11-09 18:57 - 2010-11-13 10:08 - 00000000 ____D C:\Documents and Settings\laci\My Documents\My Kindle Content
2015-11-08 15:00 - 2014-04-30 05:47 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-11-01 20:08 - 2004-08-09 08:44 - 01078020 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-01 20:05 - 2008-05-03 18:00 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-31 20:47 - 2012-07-27 16:45 - 00000000 ____D C:\Documents and Settings\laci\Application Data\HandBrake
2015-10-21 16:49 - 2007-10-22 20:07 - 00169984 _____ C:\Documents and Settings\laci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-21 07:50 - 2007-11-02 17:26 - 00000406 ____C C:\WINDOWS\vuepro32.ini
2015-10-20 03:34 - 2014-12-31 21:36 - 00044216 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2015-10-20 03:34 - 2014-02-10 15:17 - 00773512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2015-10-20 03:34 - 2014-02-10 15:17 - 00150408 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys

==================== Files in the root of some directories =======

2009-07-05 19:45 - 2008-03-10 12:48 - 2939142 _____ (Plaino ) C:\Program Files\FLVplayr.exe
2007-06-28 22:17 - 2015-09-24 18:39 - 0000157 ____C () C:\Documents and Settings\laci\Application Data\cntp.ini
2008-05-06 20:20 - 2013-03-07 19:21 - 0002808 ____C () C:\Documents and Settings\laci\Application Data\cntp.nws
2008-05-08 20:05 - 2013-06-19 14:30 - 0064666 ____C () C:\Documents and Settings\laci\Application Data\ex_log.txt
2013-03-02 10:09 - 2013-03-02 10:15 - 0064270 _____ () C:\Documents and Settings\laci\Application Data\fonts.txt
2008-03-22 22:35 - 2008-04-02 21:19 - 0001954 ____C () C:\Documents and Settings\laci\Application Data\SAS7_000.DAT
2009-03-26 16:26 - 2011-04-21 20:19 - 0000600 _____ () C:\Documents and Settings\laci\Application Data\winscp.rnd
2011-03-07 22:32 - 2011-03-07 22:34 - 0005040 ___SH () C:\Documents and Settings\laci\Local Settings\Application Data\934284662
2007-10-22 20:07 - 2015-10-21 16:49 - 0169984 _____ () C:\Documents and Settings\laci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-06-29 18:39 - 2007-06-29 18:39 - 0000127 _____ () C:\Documents and Settings\laci\Local Settings\Application Data\fusioncache.dat
2010-05-08 20:57 - 2011-05-03 15:17 - 0000168 _____ () C:\Documents and Settings\laci\Local Settings\Application Data\TheBestSpinner_Export.dat

Files to move or delete:
====================
C:\Documents and Settings\laci\udownload.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (40.7 KB, 15 views)
mavensophie is offline  
Old 11-14-2015, 06:04 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mavensophie. And the other question, when you say slow, do you mean the whole computer, the browser(s), or both?
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1EF1B52A-9468-D082-7C25-80EF85889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {4656A1B9-9468-D082-EF31-27B785889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath
    StandardProfile\GloballyOpenPorts: [9284:TCP] => Enabled:BitComet 9284 TCP
    StandardProfile\GloballyOpenPorts: [9284:UDP] => Enabled:BitComet 9284 UDP
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1940363232-3415319241-587996925-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: NVRShowBar -> {0B1B0D47-95F7-4bad-9309-A945B655AE61} -> No File
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
    Toolbar: HKLM - No Name - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - No File
    oolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> No Name - {11352A67-0178-46B1-8855-D50B2F81C054} - No File
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - No File
    FF Homepage: hxxp://outcall.net/toplist/auto10/
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
    FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [No File]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
    CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\laci\Application Data\Mozilla\plugins\npgoogletalk.dll => No File
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\laci\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll => No File
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll => No File
    CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll => No File
    CHR Plugin: (BitTorrent) - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll => No File
    CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll => No File
    CHR Plugin: (Internet Pictures Corp. iPIX Plugin v6.2) - C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll => No File
    CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll => No File
    CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
    CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll => No File
    CHR Plugin: (Google Update) - C:\Documents and Settings\laci\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
    R2 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [90352 2009-04-26] (PC Pitstop LLC)
    S4 Iomega Activity Disk2; "" [X]
    c:\program files\PCPitstop
    C:\AI_RecycleBin\{10DB9DB8-60CB-4CD9-B5DC-6734C98889CB}
    C:\Documents and Settings\laci\Desktop\Advanced_Uninstaller11_56_CNet.exe
    C:\Documents and Settings\laci\Desktop\ccsetup413.exe
    C:\Documents and Settings\laci\Desktop\ccsetup501.exe
    C:\Documents and Settings\laci\Desktop\___stuff\ccsetup503.exe
    C:\Documents and Settings\laci\Desktop\___stuff\rcsetup.exe
    S3 mcdbus; no ImagePath
    2015-11-13 15:15 - 2009-10-05 08:59 - 00000000 ____D C:\Documents and Settings\laci\Application Data\BitTorrent
    2015-11-13 14:26 - 2008-11-01 10:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop
    2015-11-13 14:04 - 2008-08-31 19:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop
    2015-11-13 14:04 - 2007-07-27 09:19 - 00000000 ____D C:\Program Files\PCPitstop
    2015-11-10 16:19 - 2013-07-13 00:25 - 00000000 ____D C:\Documents and Settings\laci\Application Data\uTorrent
    2015-11-10 16:12 - 2007-12-15 19:54 - 00000000 ____D C:\Program Files\BitTorrent
    C:\Documents and Settings\laci\udownload.dat
    [-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My.Freeze.com Toolbar]
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-15-2015, 06:03 AM   #11
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

I had to run frst in safe mode...

Fix result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by laci (2015-11-15 08:52:27) Run:2
Running from C:\Documents and Settings\laci\Desktop
Loaded Profiles: laci (Available Profiles: laci & 343f5 & Administrator)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1EF1B52A-9468-D082-7C25-80EF85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {4656A1B9-9468-D082-EF31-27B785889A47} => No File
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath
StandardProfile\GloballyOpenPorts: [9284:TCP] => Enabled:BitComet 9284 TCP
StandardProfile\GloballyOpenPorts: [9284:UDP] => Enabled:BitComet 9284 UDP
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1940363232-3415319241-587996925-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: NVRShowBar -> {0B1B0D47-95F7-4bad-9309-A945B655AE61} -> No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
Toolbar: HKLM - No Name - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - No File
oolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> No Name - {11352A67-0178-46B1-8855-D50B2F81C054} - No File
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - No File
FF Homepage: hxxp://outcall.net/toplist/auto10/
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [No File]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] => not found
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\laci\Application Data\Mozilla\plugins\npgoogletalk.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\laci\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll => No File
CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll => No File
CHR Plugin: (BitTorrent) - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll => No File
CHR Plugin: (Internet Pictures Corp. iPIX Plugin v6.2) - C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll => No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\laci\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
R2 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [90352 2009-04-26] (PC Pitstop LLC)
S4 Iomega Activity Disk2; "" [X]
c:\program files\PCPitstop
C:\AI_RecycleBin\{10DB9DB8-60CB-4CD9-B5DC-6734C98889CB}
C:\Documents and Settings\laci\Desktop\Advanced_Uninstaller11_56_CNet.exe
C:\Documents and Settings\laci\Desktop\ccsetup413.exe
C:\Documents and Settings\laci\Desktop\ccsetup501.exe
C:\Documents and Settings\laci\Desktop\___stuff\ccsetup503.exe
C:\Documents and Settings\laci\Desktop\___stuff\rcsetup.exe
S3 mcdbus; no ImagePath
2015-11-13 15:15 - 2009-10-05 08:59 - 00000000 ____D C:\Documents and Settings\laci\Application Data\BitTorrent
2015-11-13 14:26 - 2008-11-01 10:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop
2015-11-13 14:04 - 2008-08-31 19:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop
2015-11-13 14:04 - 2007-07-27 09:19 - 00000000 ____D C:\Program Files\PCPitstop
2015-11-10 16:19 - 2013-07-13 00:25 - 00000000 ____D C:\Documents and Settings\laci\Application Data\uTorrent
2015-11-10 16:12 - 2007-12-15 19:54 - 00000000 ____D C:\Program Files\BitTorrent
C:\Documents and Settings\laci\udownload.dat
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My.Freeze.com Toolbar]
EmptyTemp:
end
*****************

Error: Restore point can only be created in normal mode.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9284:TCP => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9284:UDP => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B1B0D47-95F7-4bad-9309-A945B655AE61} => key not found.
"HKCR\CLSID\{0B1B0D47-95F7-4bad-9309-A945B655AE61}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully.
"HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BCBF738C-4891-4B9A-959A-C6BF7F608C3A} => value removed successfully.
HKCR\CLSID\{BCBF738C-4891-4B9A-959A-C6BF7F608C3A} => key not found.
oolbar: HKU\S-1-5-21-1940363232-3415319241-587996925-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1940363232-3415319241-587996925-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{11352A67-0178-46B1-8855-D50B2F81C054} => value removed successfully.
HKCR\CLSID\{11352A67-0178-46B1-8855-D50B2F81C054} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}" => key removed successfully.
"HKCR\CLSID\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\ic32pp" => key removed successfully.
HKCR\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571} => key not found.
Firefox "homepage" removed successfully.
"HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0" => key removed successfully.
"HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin" => key removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => not found.
C:\Documents and Settings\laci\Application Data\Mozilla\plugins\npgoogletalk.dll => not found.
C:\Documents and Settings\laci\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\np_gp.dll => not found.
C:\Documents and Settings\laci\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
PCPitstop Scheduling => service removed successfully.
Iomega Activity Disk2 => service removed successfully.
c:\program files\PCPitstop => moved successfully
C:\AI_RecycleBin\{10DB9DB8-60CB-4CD9-B5DC-6734C98889CB} => moved successfully
C:\Documents and Settings\laci\Desktop\Advanced_Uninstaller11_56_CNet.exe => moved successfully
C:\Documents and Settings\laci\Desktop\ccsetup413.exe => moved successfully
C:\Documents and Settings\laci\Desktop\ccsetup501.exe => moved successfully
C:\Documents and Settings\laci\Desktop\___stuff\ccsetup503.exe => moved successfully
C:\Documents and Settings\laci\Desktop\___stuff\rcsetup.exe => moved successfully
mcdbus => service removed successfully.
C:\Documents and Settings\laci\Application Data\BitTorrent => moved successfully
C:\Documents and Settings\All Users\Application Data\PCPitstop => moved successfully
C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop => moved successfully
"C:\Program Files\PCPitstop" => not found.
C:\Documents and Settings\laci\Application Data\uTorrent => moved successfully
C:\Program Files\BitTorrent => moved successfully
C:\Documents and Settings\laci\udownload.dat => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My.Freeze.com Toolbar => key removed successfully.
EmptyTemp: => 406 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:54:53 ====
mavensophie is offline  
Old 11-15-2015, 02:55 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mavensophie. Why did you have to run the fix in Safe Mode?

You still haven't answered my question. When you say slow, do you mean the whole computer, browser(s), or both?

Also, are you still getting alerts from Kaspersky?

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9284:TCP"=-
"9284:UDP"=-

[HKEY_USERS\S-1-5-21-1940363232-3415319241-587996925-1005\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-15-2015, 03:03 PM   #13
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

frst, like the first time, crashed on launch...

the computer is about 50 times faster.

the warnings in Kaspersky, it see, are about embedded elements in browsers... I think. If I knew how to set it, I bet it would stop.

It feels that we've gotten rid of a lot of threats, maybe all?

I am attaching some dangers kaspersky found:
Attached Thumbnails
Click image for larger version

Name:	kasperky-warnings.png
Views:	52
Size:	41.8 KB
ID:	261994  
mavensophie is offline  
Old 11-15-2015, 05:31 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Yes, it appears we've removed all malware. You should be able to set Kapsersky to ignore those elements, as they appear to be legit. What are the options in the drop down menu to the right of Resolve in Kas?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-15-2015, 06:02 PM   #15
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

ignore was one of those actions. I selected that option.

thank you for all your help. If nothing else needs to be done, then I think we are done? You did great, thank you.
mavensophie is offline  
Old 11-15-2015, 07:47 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mavensophie. You're very welcome.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Kaspersky before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

-----------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

----------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.

    *Note*- By default, whenever ComboFix deletes any file, it replaces any Hosts file with the default Windows Hosts file. Therefore, you will once again need to replace the default Hosts file with the MVPS HOSTS file.

  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-16-2015, 03:55 AM   #17
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

all done. thank you for your work, and gentle style. Much appreciated.
mavensophie is offline  
Old 11-16-2015, 04:43 AM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, mavensophie! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-16-2015, 10:52 AM   #19
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

thanks again.
mavensophie is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help..xp bsod when i run virus scan.
Hi, this is Troy, i have windows xp with sp3 and i everytime i run a virus scan and have run multiple kinds from windows to maleware bytes...you name it. I get to a point in the scan where i get a blue screen and then computer shuts down. When i run it with out doing a scan the computer stays on....
sootherlol Virus/Trojan/Spyware Help 0 02-18-2013 05:31 PM
Happili Virus Redirect
Hello: I've been hit with the Happili virus where it redirects me when I conduct a google search. Attached is the GMER and TDSS files. Your help is greatly appreciated. Thank you. -ttvr4
ttvr4 Resolved HJT Threads 14 05-15-2012 11:47 AM
Virus slowing down my PC and blocking me out to remove it.
Hi. I've been having this problem with a virus for sometime now it is slowing down my computer blocks me to use famous antiviruses websites and i keep getting this msg telling me that MBAM cough a Trojan.Downloader virus in system32 i keep getting it like every 15 minutes and i have alot of...
Znoti Resolved HJT Threads 15 04-18-2012 02:49 PM
happili.com virus
Hi, I wrote yesterday that believe i have the happili.com virus and cannot remove it. I was told to follow the pre-post instructions. However, I could not run dds.scr. It would open ans tell me to wait. It said the scan should not last more than 3 minutes. But it never ended and I could not close...
sharkfan12 Resolved HJT Threads 23 04-17-2012 12:38 PM
virus removal help
:smile::smile: thanks in advance for any help you can provide. i have been a member on the forum for a number of yrs, and you have helped me in the past. i started to see my pc slow down so i did all the standard (cleaning, delete all tmp files, etc) it did not help. then i notice that i was...
stroh Resolved HJT Threads 50 03-04-2012 07:06 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:39 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts