# How do I permanently remove adware?



## farmerjohn1324 (Aug 25, 2014)

I have AVG antivirus and it tells me that I have adware. I click "temove," and it says removed, but then AVG will come up a few hours later telling me that it found more adware in the same location.

How do I permanently remove this?

The adware is called FocusBase.


----------



## voyagerfan99 (Aug 25, 2014)

1.

Please download* AdwCleaner* by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download *Junkware Removal Tool *to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download *Malwarebytes' Anti-Malware * and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run *Rkill.scr*,  *Rkill.exe*, or *Rkill.com*.  If you are still having issues running rkill then try downloading these renamed versions of the same program.

*EXPLORER.EXE*
*IEXPLORE.EXE*
*USERINIT.EXE*
*WINLOGON.EXE*

But *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download *OTL* to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.  Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1.  Adwcleaner
2.  Junkware removal tool
3.  Malwarebytes
4.  OTL


----------



## farmerjohn1324 (Aug 25, 2014)

Thanks! You guys are so awesome!


----------



## farmerjohn1324 (Aug 25, 2014)

AdwCleaner file:

# AdwCleaner v3.308 - Report created 25/08/2014 at 13:40:33
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Liquid - LIQUID-EDE81A
# Running from : C:\Documents and Settings\Liquid\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update AtuZi
[#] Service Deleted : Update focusbase
[#] Service Deleted : Util AtuZi

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Documents and Settings\Liquid\Local Settings\Application Data\ArcadeGiant
Folder Deleted : C:\Documents and Settings\Liquid\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\DOCUME~1\Liquid\LOCALS~1\Temp\AtuZi
Folder Deleted : C:\DOCUME~1\Liquid\LOCALS~1\Temp\focusbase
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Liquid\Start Menu\Programs\ArcadeGiant
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\VideoDownloadConverter_4z
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\Extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com
File Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\searchplugins\trovi-search.xml
File Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BEC0B5A9-4CE8-4873-90E5-345E66A944DB}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\prefs.js ]

Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":221584481,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221584482,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.66.4.33738");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=780c74a8&p2=^HJ^xpi000^YYA^");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2014082216");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xpi000^YYA^");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.66.4.33738");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://videodownloadconverter.dl.tb.ask.com/installComplete.jhtml");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "32707");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");

-\\ Google Chrome v36.0.1985.143

[ File : C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6123 octets] - [25/08/2014 13:32:08]
AdwCleaner[S0].txt - [5984 octets] - [25/08/2014 13:40:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6044 octets] ##########


----------



## farmerjohn1324 (Aug 25, 2014)

I am the only person to ever use this computer. By default, for some reason the computer called my username "Liquid." I try to run as administrator, and it says I need a password that I am unaware of.

What is this password, or how do I find it?


----------



## johnb35 (Aug 26, 2014)

Do you use a password to log on to your account?  If not, just leave password blank.  If you use a password to log on to your account, its the same password.  Check the user accounts to see if there is a password assigned to the user "liquid".  And the computer doesn't automatically assign user names.

Is the focusbase adware gone now?  Adw cleaner removed it.


----------



## farmerjohn1324 (Aug 26, 2014)

The computer was built from parts about 6 months ago. Someone else installed XP on it. I am currently using ophcrack to get the admin password, but am not allowed to ask this forum for help on that matter. Yes, I believe the focusbase is gone now, but I will run those other 3 programs and post the logs.


----------



## farmerjohn1324 (Aug 27, 2014)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Tue 08/26/2014 at 18:06:23.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/26/2014 at 20:22:30.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## farmerjohn1324 (Aug 27, 2014)

*Malware log*

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/26/2014
Scan Time: 10:51:23 PM
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Liquid

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 232407
Time Elapsed: 42 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.PassShow.A, HKU\S-1-5-21-343818398-1645522239-1177238915-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PassShow, Quarantined, [c08949b6a9d1b48290d1197b33cf6c94], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.SAMInside, C:\Documents and Settings\Liquid\Desktop\saminside.zip, No Action By User, [3f0a6c9390ea270f0723043151b3fc04], 
PUP.Optional.Softonic.A, C:\RECYCLER\S-1-5-21-343818398-1645522239-1177238915-1003\Dc11.exe, Quarantined, [be8b49b6f7832f077c871b47be43837d], 
PUP.Optional.Conduit.A, C:\Documents and Settings\Liquid\Local Settings\Temp\SearchProtectINT.exe, Quarantined, [d47522ddcfabee485e1e8bd39e63ff01], 
PUP.Optional.OpenCandy, C:\Documents and Settings\Liquid\Local Settings\Temp\dlm1D1.tmp\FreeVideoToJPGConverter.exe, Quarantined, [af9a89762456b87e15fb113ea061c838], 

Physical Sectors: 0
(No malicious items detected)


(end)


----------



## farmerjohn1324 (Aug 27, 2014)

OTL.txt 

OTL logfile created on: 8/27/2014 9:43:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Liquid\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.43 Mb Total Physical Memory | 339.32 Mb Available Physical Memory | 66.35% Memory free
1.40 Gb Paging File | 1.15 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 2.07 Gb Free Space | 11.14% Space Free | Partition Type: NTFS

Computer Name: LIQUID-EDE81A | User Name: Liquid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Liquid\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2014\avgmfapx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\14082700\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()


========== Services (SafeList) ==========

SRV - (UpdaterSvcfocusbase) -- C:\Program Files\focusbase\updater.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)


========== Driver Services (SafeList) ==========

DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (cpuz134) -- C:\DOCUME~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (Avgtdix) -- system32\DRIVERS\avgtdix.sys File not found
DRV - (Avgrkx86) -- system32\DRIVERS\avgrkx86.sys File not found
DRV - (AVGIDSShim) -- system32\DRIVERS\avgidsshimx.sys File not found
DRV - (AVGIDSHX) -- system32\DRIVERS\avgidshx.sys File not found
DRV - (AVGIDSDriverl) -- system32\DRIVERS\avgidsdriverlx.sys File not found
DRV - (ddwrd) -- C:\WINDOWS\system32\drivers\xpdvio.sys (Malwarebytes Corporation)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswsp.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswHwid) -- C:\WINDOWS\system32\drivers\aswHwid.sys ()
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Linksys_adapter_H) -- C:\WINDOWS\system32\drivers\AE1200xp.sys (Broadcom Corporation)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: 4zffxtbr%40VideoDownloadConverter_4z.com:6.66.4.33738
FF - prefs.js..extensions.enabledAddons: e38c01fb-ffb2-4c7e-b4c7-1f47c844d855%40gmail.com:0.95.27
FF - prefs.js..extensions.enabledAddons: %7B037A8456-0903-427E-B5E0-7D95FDD598AE%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/25 16:48:25 | 000,000,000 | ---D | M]

[2014/07/03 08:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Extensions
[2014/08/25 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions
[2014/08/17 05:00:39 | 000,000,000 | ---D | M] ("enterprise 1.1") -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com
[2014/08/17 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData
[2014/08/17 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData\plugins
[2014/08/17 05:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData\userCode
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LIQUID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L3SH7DCG.DEFAULT\EXTENSIONS\{037A8456-0903-427E-B5E0-7D95FDD598AE}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LIQUID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L3SH7DCG.DEFAULT\EXTENSIONS\4ZFFXTBR@VIDEODOWNLOADCONVERTER_4Z.COM
[2014/07/07 03:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome  ==========

CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\DadApp.exe ()
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B935D4-06FE-4090-B904-56322E228216}: DhcpNameServer = 192.168.3.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/06 18:46:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell - "" = AutoRun
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell - "" = AutoRun
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/26 23:36:22 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xpdvio.sys
[2014/08/26 22:49:17 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/26 22:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/08/26 22:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/26 22:39:49 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/26 22:39:38 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/08/26 22:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/26 22:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/08/26 18:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/08/26 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\saminside
[2014/08/26 07:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ophcrack
[2014/08/26 07:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\ophcrack
[2014/08/25 17:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Temp
[2014/08/25 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVAST Software
[2014/08/25 16:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/08/25 16:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/08/25 16:49:23 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/08/25 16:49:20 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/08/25 16:49:18 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/08/25 16:49:15 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/08/25 16:49:10 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/08/25 16:48:39 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/08/25 16:47:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/08/25 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/08/25 15:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/08/25 13:32:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/24 07:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\vlc
[2014/08/24 07:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2014/08/24 07:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/08/23 18:40:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Liquid\Recent
[2014/08/23 18:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/23 07:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/08/23 07:54:32 | 000,000,000 | ---D | C] -- C:\ac966342dac78647c83a26741a
[2014/08/22 22:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVG2014
[2014/08/22 22:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\TuneUp Software
[2014/08/22 22:04:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/08/22 22:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/22 22:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\MFAData
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Avg2014
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Insight Software Solutions
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Insight Software
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2014/08/22 21:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Insight Software Solutions
[2014/08/22 21:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Macro Express3
[2014/08/22 19:48:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Liquid\PrivacIE
[2014/08/22 19:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\SmartFTP
[2014/08/22 19:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\SmartFTP
[2014/08/22 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2014/08/18 04:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\site
[2014/08/17 05:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/08/17 04:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\My Documents\CoffeeCup Software
[2014/08/17 04:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\CoffeeCup Software
[2014/08/04 08:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
[2014/08/04 08:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2014/08/04 08:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\AVG
[2014/08/04 08:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVG
[2014/08/04 07:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/04 07:49:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/08/04 07:47:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/04 07:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\AOL
[2014/08/01 01:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2014/08/01 01:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Bluestacks
[2014/07/31 06:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\online dat
[2014/07/30 03:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Skype
[2014/07/30 03:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\Skype
[2014/07/30 03:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/07/30 03:14:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/07/30 03:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2014/07/29 18:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\prof
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/27 09:41:34 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/27 04:51:13 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/26 23:36:24 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xpdvio.sys
[2014/08/26 22:51:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/26 22:43:49 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/26 20:42:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/26 20:42:43 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/26 20:42:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/26 20:42:18 | 536,342,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/26 07:54:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2014/08/25 19:55:25 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/08/25 16:51:53 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/08/25 16:47:59 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/08/25 16:47:58 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/08/25 16:47:58 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/08/25 16:47:53 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/08/25 16:47:52 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/08/25 16:47:51 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/08/25 16:47:48 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/08/25 16:47:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/08/25 16:47:15 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/08/24 22:42:27 | 000,767,035 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\c.png
[2014/08/24 08:16:57 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\site.html
[2014/08/24 07:43:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Google Chrome.lnk
[2014/08/24 07:30:17 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\WhoCrashed.lnk
[2014/08/24 07:19:18 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/08/23 21:08:10 | 001,388,159 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Civil.pdf
[2014/08/23 18:57:21 | 000,000,000 | ---- | M] () -- C:\Cookies
[2014/08/23 18:17:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/22 21:38:02 | 000,000,163 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2014/08/22 21:33:18 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\swpkey.mes
[2014/08/22 21:33:16 | 000,004,640 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\macex_bak000.~mex
[2014/08/22 21:33:16 | 000,004,640 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\macex.mex
[2014/08/22 15:57:06 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Liquid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/21 05:11:14 | 000,006,176 | ---- | M] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/08/21 05:04:33 | 000,000,464 | ---- | M] () -- C:\WINDOWS\System32\ScannerSettings
[2014/08/20 11:55:44 | 000,176,980 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\bank.JPG
[2014/08/20 05:12:17 | 000,004,097 | ---- | M] () -- C:\WINDOWS\System32\dummy.000
[2014/08/17 05:36:51 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc
[2014/08/14 15:47:03 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Microsoft Word 2010.lnk
[2014/08/08 17:44:16 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\judaism.rtf
[2014/08/08 15:00:01 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/05 22:23:33 | 000,647,321 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Ammendment.pdf
[2014/08/05 21:00:20 | 002,347,285 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\1023.pdf
[2014/08/05 12:06:11 | 000,200,818 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\i1023.pdf
[2014/08/04 12:14:08 | 000,031,814 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Articles.tif
[2014/08/04 11:18:02 | 000,052,156 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\1023checklist.pdf
[2014/08/03 20:07:33 | 000,060,599 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\irs8718.pdf
[2014/08/03 15:11:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/02 13:04:39 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Microsoft Excel 2010.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/26 22:43:49 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/26 20:42:18 | 536,342,528 | -HS- | C] () -- C:\hiberfil.sys
[2014/08/26 07:54:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2014/08/25 16:51:53 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/08/25 16:51:13 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/25 16:49:22 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/08/25 16:49:17 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/08/25 16:49:13 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/08/24 22:42:27 | 000,767,035 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\c.png
[2014/08/24 07:43:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Google Chrome.lnk
[2014/08/24 07:30:17 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\WhoCrashed.lnk
[2014/08/24 07:19:18 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/08/23 21:07:28 | 001,388,159 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Civil.pdf
[2014/08/23 18:57:21 | 000,000,000 | ---- | C] () -- C:\Cookies
[2014/08/23 18:48:48 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
[2014/08/23 18:22:26 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/23 18:22:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/23 18:17:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/22 22:08:38 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014.lnk
[2014/08/22 21:33:47 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\macex_bak000.~mex
[2014/08/22 21:33:23 | 000,102,362 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\samples.mex
[2014/08/22 21:33:18 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\swpkey.mes
[2014/08/22 21:33:16 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\macex.mex
[2014/08/22 21:32:37 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Macro Express 3.lnk
[2014/08/22 19:08:44 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartFTP Client.lnk
[2014/08/21 05:11:14 | 000,006,176 | ---- | C] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/08/20 11:54:19 | 000,176,980 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\bank.JPG
[2014/08/20 05:11:58 | 000,004,097 | ---- | C] () -- C:\WINDOWS\System32\dummy.000
[2014/08/20 05:05:11 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\ScannerSettings
[2014/08/17 05:01:25 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\WinSys32.crc
[2014/08/13 07:03:00 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\site.html
[2014/08/05 12:05:22 | 000,200,818 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\i1023.pdf
[2014/08/04 12:43:41 | 000,647,321 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Ammendment.pdf
[2014/08/04 12:13:44 | 000,031,814 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Articles.tif
[2014/08/04 11:21:37 | 002,347,285 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\1023.pdf
[2014/08/04 11:17:48 | 000,052,156 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\1023checklist.pdf
[2014/08/04 07:46:09 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Liquid\Start Menu\Programs\AIM.lnk
[2014/08/03 20:07:29 | 000,060,599 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\irs8718.pdf
[2014/07/30 03:14:38 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype.lnk
[2014/07/03 19:24:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/07/03 18:15:56 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2014/05/14 06:32:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2014/05/10 03:17:16 | 000,036,466 | ---- | C] () -- C:\WINDOWS\INSTALL.DAT
[2014/05/06 20:05:01 | 000,000,218 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2013/05/06 18:53:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/05/06 18:41:01 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/05/06 11:22:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/05/06 11:20:28 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/16 06:13:09 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\Liquid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2014/07/03 10:15:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 20:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/08/25 16:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/08/04 08:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/22 23:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/01 01:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2014/05/06 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2014/08/04 07:47:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/22 21:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2014/08/22 21:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2014/08/26 22:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/07/13 20:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape ISP Dialer
[2014/08/04 07:50:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2003/05/16 06:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AnvSoft
[2014/08/25 17:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVAST Software
[2014/08/04 08:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVG
[2014/08/22 22:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVG2014
[2014/08/22 19:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\CoffeeCup Software
[2014/07/14 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\Foxit Software
[2014/06/08 14:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\MOVAVI
[2014/07/03 10:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\Netscape ISP Dialer
[2014/08/22 22:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >


----------



## farmerjohn1324 (Aug 27, 2014)

OTL.txt 

OTL logfile created on: 8/27/2014 9:43:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Liquid\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.43 Mb Total Physical Memory | 339.32 Mb Available Physical Memory | 66.35% Memory free
1.40 Gb Paging File | 1.15 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 2.07 Gb Free Space | 11.14% Space Free | Partition Type: NTFS

Computer Name: LIQUID-EDE81A | User Name: Liquid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Liquid\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2014\avgmfapx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\14082700\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()


========== Services (SafeList) ==========

SRV - (UpdaterSvcfocusbase) -- C:\Program Files\focusbase\updater.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)


========== Driver Services (SafeList) ==========

DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (cpuz134) -- C:\DOCUME~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (Avgtdix) -- system32\DRIVERS\avgtdix.sys File not found
DRV - (Avgrkx86) -- system32\DRIVERS\avgrkx86.sys File not found
DRV - (AVGIDSShim) -- system32\DRIVERS\avgidsshimx.sys File not found
DRV - (AVGIDSHX) -- system32\DRIVERS\avgidshx.sys File not found
DRV - (AVGIDSDriverl) -- system32\DRIVERS\avgidsdriverlx.sys File not found
DRV - (ddwrd) -- C:\WINDOWS\system32\drivers\xpdvio.sys (Malwarebytes Corporation)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswsp.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswHwid) -- C:\WINDOWS\system32\drivers\aswHwid.sys ()
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Linksys_adapter_H) -- C:\WINDOWS\system32\drivers\AE1200xp.sys (Broadcom Corporation)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: 4zffxtbr%40VideoDownloadConverter_4z.com:6.66.4.33738
FF - prefs.js..extensions.enabledAddons: e38c01fb-ffb2-4c7e-b4c7-1f47c844d855%40gmail.com:0.95.27
FF - prefs.js..extensions.enabledAddons: %7B037A8456-0903-427E-B5E0-7D95FDD598AE%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/25 16:48:25 | 000,000,000 | ---D | M]

[2014/07/03 08:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Extensions
[2014/08/25 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions
[2014/08/17 05:00:39 | 000,000,000 | ---D | M] ("enterprise 1.1") -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com
[2014/08/17 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData
[2014/08/17 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData\plugins
[2014/08/17 05:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData\userCode
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LIQUID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L3SH7DCG.DEFAULT\EXTENSIONS\{037A8456-0903-427E-B5E0-7D95FDD598AE}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LIQUID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L3SH7DCG.DEFAULT\EXTENSIONS\4ZFFXTBR@VIDEODOWNLOADCONVERTER_4Z.COM
[2014/07/07 03:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome  ==========

CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\DadApp.exe ()
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B935D4-06FE-4090-B904-56322E228216}: DhcpNameServer = 192.168.3.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/06 18:46:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell - "" = AutoRun
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell - "" = AutoRun
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/26 23:36:22 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xpdvio.sys
[2014/08/26 22:49:17 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/26 22:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/08/26 22:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/26 22:39:49 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/26 22:39:38 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/08/26 22:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/26 22:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/08/26 18:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/08/26 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\saminside
[2014/08/26 07:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ophcrack
[2014/08/26 07:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\ophcrack
[2014/08/25 17:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Temp
[2014/08/25 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVAST Software
[2014/08/25 16:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/08/25 16:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/08/25 16:49:23 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/08/25 16:49:20 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/08/25 16:49:18 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/08/25 16:49:15 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/08/25 16:49:10 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/08/25 16:48:39 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/08/25 16:47:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/08/25 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/08/25 15:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/08/25 13:32:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/24 07:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\vlc
[2014/08/24 07:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2014/08/24 07:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/08/23 18:40:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Liquid\Recent
[2014/08/23 18:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/23 07:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/08/23 07:54:32 | 000,000,000 | ---D | C] -- C:\ac966342dac78647c83a26741a
[2014/08/22 22:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVG2014
[2014/08/22 22:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\TuneUp Software
[2014/08/22 22:04:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/08/22 22:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/22 22:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\MFAData
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Avg2014
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Insight Software Solutions
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Insight Software
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2014/08/22 21:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Insight Software Solutions
[2014/08/22 21:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Macro Express3
[2014/08/22 19:48:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Liquid\PrivacIE
[2014/08/22 19:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\SmartFTP
[2014/08/22 19:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\SmartFTP
[2014/08/22 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2014/08/18 04:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\site
[2014/08/17 05:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/08/17 04:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\My Documents\CoffeeCup Software
[2014/08/17 04:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\CoffeeCup Software
[2014/08/04 08:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
[2014/08/04 08:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2014/08/04 08:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\AVG
[2014/08/04 08:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVG
[2014/08/04 07:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/04 07:49:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/08/04 07:47:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/04 07:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\AOL
[2014/08/01 01:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2014/08/01 01:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Bluestacks
[2014/07/31 06:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\online dat
[2014/07/30 03:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Skype
[2014/07/30 03:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\Skype
[2014/07/30 03:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/07/30 03:14:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/07/30 03:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2014/07/29 18:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\prof
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/27 09:41:34 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/27 04:51:13 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/26 23:36:24 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xpdvio.sys
[2014/08/26 22:51:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/26 22:43:49 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/26 20:42:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/26 20:42:43 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/26 20:42:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/26 20:42:18 | 536,342,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/26 07:54:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2014/08/25 19:55:25 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/08/25 16:51:53 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/08/25 16:47:59 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/08/25 16:47:58 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/08/25 16:47:58 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/08/25 16:47:53 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/08/25 16:47:52 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/08/25 16:47:51 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/08/25 16:47:48 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/08/25 16:47:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/08/25 16:47:15 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/08/24 22:42:27 | 000,767,035 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\c.png
[2014/08/24 08:16:57 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\site.html
[2014/08/24 07:43:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Google Chrome.lnk
[2014/08/24 07:30:17 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\WhoCrashed.lnk
[2014/08/24 07:19:18 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/08/23 21:08:10 | 001,388,159 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Civil.pdf
[2014/08/23 18:57:21 | 000,000,000 | ---- | M] () -- C:\Cookies
[2014/08/23 18:17:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/22 21:38:02 | 000,000,163 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2014/08/22 21:33:18 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\swpkey.mes
[2014/08/22 21:33:16 | 000,004,640 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\macex_bak000.~mex
[2014/08/22 21:33:16 | 000,004,640 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\macex.mex
[2014/08/22 15:57:06 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Liquid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/21 05:11:14 | 000,006,176 | ---- | M] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/08/21 05:04:33 | 000,000,464 | ---- | M] () -- C:\WINDOWS\System32\ScannerSettings
[2014/08/20 11:55:44 | 000,176,980 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\bank.JPG
[2014/08/20 05:12:17 | 000,004,097 | ---- | M] () -- C:\WINDOWS\System32\dummy.000
[2014/08/17 05:36:51 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc
[2014/08/14 15:47:03 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Microsoft Word 2010.lnk
[2014/08/08 17:44:16 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\judaism.rtf
[2014/08/08 15:00:01 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/05 22:23:33 | 000,647,321 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Ammendment.pdf
[2014/08/05 21:00:20 | 002,347,285 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\1023.pdf
[2014/08/05 12:06:11 | 000,200,818 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\i1023.pdf
[2014/08/04 12:14:08 | 000,031,814 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Articles.tif
[2014/08/04 11:18:02 | 000,052,156 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\1023checklist.pdf
[2014/08/03 20:07:33 | 000,060,599 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\irs8718.pdf
[2014/08/03 15:11:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/02 13:04:39 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Microsoft Excel 2010.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/26 22:43:49 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/26 20:42:18 | 536,342,528 | -HS- | C] () -- C:\hiberfil.sys
[2014/08/26 07:54:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2014/08/25 16:51:53 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/08/25 16:51:13 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/25 16:49:22 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/08/25 16:49:17 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/08/25 16:49:13 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/08/24 22:42:27 | 000,767,035 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\c.png
[2014/08/24 07:43:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Google Chrome.lnk
[2014/08/24 07:30:17 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\WhoCrashed.lnk
[2014/08/24 07:19:18 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/08/23 21:07:28 | 001,388,159 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Civil.pdf
[2014/08/23 18:57:21 | 000,000,000 | ---- | C] () -- C:\Cookies
[2014/08/23 18:48:48 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
[2014/08/23 18:22:26 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/23 18:22:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/23 18:17:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/22 22:08:38 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014.lnk
[2014/08/22 21:33:47 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\macex_bak000.~mex
[2014/08/22 21:33:23 | 000,102,362 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\samples.mex
[2014/08/22 21:33:18 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\swpkey.mes
[2014/08/22 21:33:16 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\macex.mex
[2014/08/22 21:32:37 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Macro Express 3.lnk
[2014/08/22 19:08:44 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartFTP Client.lnk
[2014/08/21 05:11:14 | 000,006,176 | ---- | C] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/08/20 11:54:19 | 000,176,980 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\bank.JPG
[2014/08/20 05:11:58 | 000,004,097 | ---- | C] () -- C:\WINDOWS\System32\dummy.000
[2014/08/20 05:05:11 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\ScannerSettings
[2014/08/17 05:01:25 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\WinSys32.crc
[2014/08/13 07:03:00 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\site.html
[2014/08/05 12:05:22 | 000,200,818 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\i1023.pdf
[2014/08/04 12:43:41 | 000,647,321 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Ammendment.pdf
[2014/08/04 12:13:44 | 000,031,814 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Articles.tif
[2014/08/04 11:21:37 | 002,347,285 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\1023.pdf
[2014/08/04 11:17:48 | 000,052,156 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\1023checklist.pdf
[2014/08/04 07:46:09 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Liquid\Start Menu\Programs\AIM.lnk
[2014/08/03 20:07:29 | 000,060,599 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\irs8718.pdf
[2014/07/30 03:14:38 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype.lnk
[2014/07/03 19:24:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/07/03 18:15:56 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2014/05/14 06:32:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2014/05/10 03:17:16 | 000,036,466 | ---- | C] () -- C:\WINDOWS\INSTALL.DAT
[2014/05/06 20:05:01 | 000,000,218 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2013/05/06 18:53:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/05/06 18:41:01 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/05/06 11:22:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/05/06 11:20:28 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/16 06:13:09 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\Liquid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2014/07/03 10:15:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 20:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/08/25 16:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/08/04 08:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/22 23:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/01 01:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2014/05/06 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2014/08/04 07:47:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/22 21:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2014/08/22 21:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2014/08/26 22:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/07/13 20:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape ISP Dialer
[2014/08/04 07:50:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2003/05/16 06:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AnvSoft
[2014/08/25 17:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVAST Software
[2014/08/04 08:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVG
[2014/08/22 22:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVG2014
[2014/08/22 19:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\CoffeeCup Software
[2014/07/14 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\Foxit Software
[2014/06/08 14:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\MOVAVI
[2014/07/03 10:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\Netscape ISP Dialer
[2014/08/22 22:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >


----------



## farmerjohn1324 (Aug 27, 2014)

Extras.txt (created by OTL)

OTL Extras logfile created on: 8/27/2014 9:43:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Liquid\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.43 Mb Total Physical Memory | 339.32 Mb Available Physical Memory | 66.35% Memory free
1.40 Gb Paging File | 1.15 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 2.07 Gb Free Space | 11.14% Space Free | Partition Type: NTFS

Computer Name: LIQUID-EDE81A | User Name: Liquid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 5.0 -- (SmartSoft Ltd.)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabledersonal Email Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16EE2E7E-221B-40DD-8A9A-4311498EC930}" = LG USB Modem Drivers
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{8169E486-7B48-4A41-AAE9-6A5AE1FC7B9B}" = SmartFTP Client
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9811F26-3EF6-449A-9736-BB79A125D894}" = AVG 2014
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E1547FCE-F5DD-4D77-8C71-13B6A2B8F527}" = O2Micro Smartcard Driver
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Avast" = avast! Free Antivirus
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Deluxe Edition" = Deluxe Edition
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{E1547FCE-F5DD-4D77-8C71-13B6A2B8F527}" = O2Micro Smartcard Driver
"Macro Express 3" = Macro Express 3
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ophcrack" = ophcrack 3.6.0
"VLC media player" = VLC media player
"WhoCrashed_is1" = WhoCrashed 5.02

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2014 8:02:01 AM | Computer Name = LIQUID-EDE81A | Source = MsiInstaller | ID = 11309
Description = Product: Google Update Helper -- Error 1309. Error reading from file:
 C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  
System error 3.  Verify that the file exists and that you can access it.

Error - 8/21/2014 5:22:26 PM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
 module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.

Error - 8/22/2014 9:41:45 AM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
 module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.

Error - 8/23/2014 12:31:42 AM | Computer Name = LIQUID-EDE81A | Source = MsiInstaller | ID = 11309
Description = Product: Google Update Helper -- Error 1309. Error reading from file:
 C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  
System error 3.  Verify that the file exists and that you can access it.

Error - 8/23/2014 9:09:20 PM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
 module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.

Error - 8/23/2014 9:29:38 PM | Computer Name = LIQUID-EDE81A | Source = Application Hang | ID = 1002
Description = Hanging application CCleaner.exe, version 4.16.0.4763, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/23/2014 9:37:49 PM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
 module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.

Error - 8/23/2014 10:06:38 PM | Computer Name = LIQUID-EDE81A | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2014 8:31:20 PM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application TL_Bootstrap.exe, version 0.0.0.0, faulting module
 TL_Bootstrap.exe, version 0.0.0.0, fault address 0x00015718.

Error - 8/26/2014 5:20:48 PM | Computer Name = LIQUID-EDE81A | Source = Application Hang | ID = 1002
Description = Hanging application ophcrack.exe, version 3.6.0.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service 
which failed to start because of the following error:   %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
 which failed to start because of the following error:   %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
 failed to start because of the following error:   %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriverl service which
 failed to start because of the following error:   %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
 failed to start because of the following error:   %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFD  aswRdr  aswRvrt  aswSnx  aswSP  aswTdi  aswVmm  Avgdiskx  AVGIDSDriverl  AVGIDSShim  Avgldx86  Avgtdix
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error - 8/26/2014 11:37:38 PM | Computer Name = LIQUID-EDE81A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/26/2014 11:39:54 PM | Computer Name = LIQUID-EDE81A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
 arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/26/2014 11:40:01 PM | Computer Name = LIQUID-EDE81A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/26/2014 11:45:20 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7000
Description = The UpdaterSvcfocusbase service failed to start due to the following
 error:   %%3


< End of report >


----------



## farmerjohn1324 (Aug 27, 2014)

Okay I ran all four programs. What do these logs tell you?

The browser still stops responding from time to time.


----------



## johnb35 (Aug 27, 2014)

I need further scans done, unfortunately. 

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.





We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  


If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine. 


In your next reply please post:

The ComboFix log
An update on how your computer is running


----------



## farmerjohn1324 (Aug 28, 2014)

ComboFix 14-08-26.02 - Liquid 08/27/2014  14:35:05.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.322 [GMT -7:00]
Running from: c:\documents and settings\Liquid\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Liquid\Local Settings\Temporary Internet Files\e6ce770a-136b-45e2-9575-26ba238e4506.jpg
c:\documents and settings\Liquid\WINDOWS
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-27 to 2014-08-27  )))))))))))))))))))))))))))))))
.
.
2014-08-27 06:36 . 2014-08-27 06:36	52440	----a-w-	c:\windows\system32\drivers\xpdvio.sys
2014-08-27 05:49 . 2014-08-27 05:51	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 05:44 . 2014-08-27 05:46	--------	d-----w-	c:\windows\LastGood
2014-08-27 05:39 . 2014-05-12 14:26	53208	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 05:39 . 2014-05-12 14:25	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-27 05:39 . 2014-08-27 05:43	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2014-08-27 05:39 . 2014-08-27 05:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2014-08-27 01:06 . 2014-08-27 01:06	--------	d-----w-	c:\windows\ERUNT
2014-08-27 01:04 . 2014-08-27 03:30	--------	d-----w-	c:\documents and settings\Administrator
2014-08-26 14:54 . 2014-08-26 14:57	--------	d-----w-	c:\program files\ophcrack
2014-08-26 00:17 . 2014-08-26 00:17	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\Temp
2014-08-26 00:02 . 2014-08-26 00:02	--------	d-----w-	c:\documents and settings\Liquid\Application Data\AVAST Software
2014-08-25 23:52 . 2014-08-25 23:52	--------	d-----w-	c:\windows\jumpshot.com
2014-08-25 23:49 . 2014-08-25 23:47	57800	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2014-08-25 23:49 . 2014-08-25 23:47	192352	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-08-25 23:49 . 2014-08-25 23:47	779536	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-08-25 23:49 . 2014-08-26 02:55	414520	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-08-25 23:49 . 2014-08-25 23:47	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-08-25 23:49 . 2014-08-25 23:47	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-08-25 23:49 . 2014-08-25 23:47	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-08-25 23:49 . 2014-08-25 23:47	55112	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2014-08-25 23:48 . 2014-08-25 23:47	276432	----a-w-	c:\windows\system32\aswBoot.exe
2014-08-25 23:47 . 2014-08-25 23:47	43152	----a-w-	c:\windows\avastSS.scr
2014-08-25 23:33 . 2014-08-25 23:33	--------	d-----w-	c:\program files\AVAST Software
2014-08-25 22:51 . 2014-08-25 23:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVAST Software
2014-08-25 20:32 . 2014-08-25 20:41	--------	d-----w-	C:\AdwCleaner
2014-08-24 14:37 . 2014-08-25 05:47	--------	d-----w-	c:\documents and settings\Liquid\Application Data\vlc
2014-08-24 14:30 . 2014-08-24 14:36	--------	d-----w-	c:\program files\WhoCrashed
2014-08-24 14:04 . 2014-08-24 14:04	--------	d-----w-	c:\program files\VideoLAN
2014-08-24 01:16 . 2014-08-24 01:18	--------	d-----w-	c:\program files\CCleaner
2014-08-23 14:59 . 2014-08-23 14:59	--------	d-----w-	c:\windows\system32\MRT
2014-08-23 14:54 . 2014-08-23 14:55	--------	d-----w-	C:\ac966342dac78647c83a26741a
2014-08-23 05:10 . 2014-08-23 05:10	--------	d-----w-	c:\windows\system32\config\systemprofile\Application Data\AVG2014
2014-08-23 05:08 . 2014-08-23 05:08	--------	d-----w-	c:\documents and settings\Liquid\Application Data\TuneUp Software
2014-08-23 05:04 . 2014-08-23 05:04	--------	d-----w-	C:\$AVG
2014-08-23 05:01 . 2014-08-23 05:01	--------	d-----w-	c:\program files\AVG
2014-08-23 04:34 . 2014-08-27 05:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2014-08-23 04:34 . 2014-08-23 05:21	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\Avg2014
2014-08-23 04:34 . 2014-08-23 04:34	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\MFAData
2014-08-23 04:32 . 2014-08-23 04:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\Insight Software Solutions
2014-08-23 04:32 . 2014-08-23 04:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\Insight Software
2014-08-23 04:30 . 2014-08-23 04:30	--------	d-----w-	c:\program files\Common Files\Insight Software Solutions
2014-08-23 04:29 . 2014-08-23 04:33	--------	d-----w-	c:\program files\Macro Express3
2014-08-23 02:48 . 2014-08-23 02:48	--------	d-sh--w-	c:\documents and settings\Liquid\PrivacIE
2014-08-23 02:18 . 2014-08-23 02:18	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\SmartFTP
2014-08-23 02:09 . 2014-08-23 02:09	--------	d-----w-	c:\documents and settings\Liquid\Application Data\SmartFTP
2014-08-23 02:08 . 2014-08-23 02:08	--------	d-----w-	c:\program files\SmartFTP Client
2014-08-17 12:02 . 2014-08-24 01:42	--------	d-----w-	c:\program files\Google
2014-08-17 11:48 . 2014-08-23 02:50	--------	d-----w-	c:\documents and settings\Liquid\Application Data\CoffeeCup Software
2014-08-04 15:15 . 2014-08-04 15:15	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\AVG
2014-08-04 15:15 . 2014-08-04 15:15	--------	d-----w-	c:\documents and settings\LocalService\Application Data\AVG
2014-08-04 15:00 . 2014-08-04 15:00	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\AVG
2014-08-04 15:00 . 2014-08-04 15:00	--------	d-----w-	c:\documents and settings\Liquid\Application Data\AVG
2014-08-04 14:51 . 2014-08-04 15:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG
2014-08-04 14:49 . 2014-08-04 14:50	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-04 14:47 . 2014-08-04 14:47	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2014-08-04 14:45 . 2014-08-04 14:47	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\AOL
2014-08-01 08:59 . 2014-08-01 08:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\BlueStacksSetup
2014-08-01 08:58 . 2014-08-01 08:58	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\Bluestacks
2014-07-30 10:17 . 2014-07-30 10:17	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\Skype
2014-07-30 10:16 . 2014-08-27 16:21	--------	d-----w-	c:\documents and settings\Liquid\Application Data\Skype
2014-07-30 10:14 . 2014-07-30 10:14	--------	d-----w-	c:\program files\Common Files\Skype
2014-07-30 10:14 . 2014-07-30 10:14	--------	d-----r-	c:\program files\Skype
2014-07-30 10:13 . 2014-07-30 10:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-03 17:25 . 2014-07-03 17:07	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-03 17:25 . 2014-07-03 17:07	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-30 19:43 . 2014-06-30 19:43	121624	----a-w-	c:\windows\system32\drivers\avgdiskx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-25 23:46	578240	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-25 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4085896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-05-12 54072]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 cerc6;cerc6; [x]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-30 121624]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008]
R2 UpdaterSvcfocusbase;UpdaterSvcfocusbase;c:\program files\focusbase\updater.exe [x]
R3 cpuz134;cpuz134;c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200xp.sys [2011-03-28 1034240]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-25 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-26 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-25 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-25 67824]
S4 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\DRIVERS\avgidsdriverlx.sys [x]
S4 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-24 01:42	1104200	----a-w-	c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25 23:46]
.
2014-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.3.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-27 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-08-27  14:57:19
ComboFix-quarantined-files.txt  2014-08-27 21:57
.
Pre-Run: 2,039,111,680 bytes free
Post-Run: 2,849,923,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 828084420764C9D98B3CFA6B0274A91E
8F558EB6672622401DA993E1E865C861


----------



## johnb35 (Aug 28, 2014)

Ok, Lots of entries to get removed.  I'll post a cleanup script in a little bit after I go through everything.  AVG is still on your system and so is focusbase.  So give me time, probably like an hour or so.


----------



## farmerjohn1324 (Aug 28, 2014)

Symptoms are : browser freezing, browser not connecting even though it says I'm online, and sometimes the programs not responding


----------



## farmerjohn1324 (Aug 28, 2014)

Okay, I tried to remove AVG and replace it with Avast. I just went to the Control Panel "remove programs" to remove AVG.


----------



## voyagerfan99 (Aug 28, 2014)

Just wait for John.


----------



## johnb35 (Aug 28, 2014)

Just wanted to let you know that you are running windows XP on only 512mb of ram, actually less than that because the video is using up some of that as well.  Also, you are running out of space on your c drive.  You only have about 11 percent (2gb) left.  So your system is definitely hurting because of this alone.  A new system should be in your immediate future.  

The first thing I want you to do is download and run the AVG uninstaller from here.

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2014_4116.exe

After that has completed, please reboot the system and then perform the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

```
Driver::

cerc6
Avgdiskx
UpdaterSvcfocusbase
AVGIDSDriverl
AVGIDSHX
AVGIDSShim
Avgrkx86
Avgtdix

Folder::

c:\windows\system32\config\systemprofile\Application Data\AVG2014
C:\$AVG
c:\program files\AVG
c:\documents and settings\Liquid\Local Settings\Application Data\Avg2014
c:\documents and settings\LocalService\Local Settings\Application Data\AVG
c:\documents and settings\LocalService\Application Data\AVG
c:\documents and settings\Liquid\Local Settings\Application Data\AVG
c:\documents and settings\Liquid\Application Data\AVG
c:\documents and settings\All Users\Application Data\AVG
```


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## farmerjohn1324 (Aug 28, 2014)

ComboFix 14-08-26.02 - Liquid 08/27/2014  20:48:29.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.138 [GMT -7:00]
Running from: c:\documents and settings\Liquid\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Liquid\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVG
c:\documents and settings\All Users\Application Data\AVG\AWL\AvgRep.xml
c:\documents and settings\All Users\Application Data\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUProgMan.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUProgManagerCache.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUTuningIndex.10.2.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL2014\TUProgRating.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL2014\TUReportData.10.tudb
c:\documents and settings\Liquid\Application Data\AVG
c:\documents and settings\Liquid\Application Data\AVG\AWL2014\Dashboard\IntegratorStates_en-US.xml
c:\documents and settings\Liquid\Local Settings\Application Data\AVG
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\oneclick.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\oneclickstarter.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\settingcenter.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\tuinstallhelper.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\tumessages.log
c:\documents and settings\LocalService\Application Data\AVG
c:\documents and settings\LocalService\Local Settings\Application Data\AVG
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSDRIVERL
-------\Legacy_AVGIDSHX
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Legacy_UPDATERSVCFOCUSBASE
-------\Service_cerc6
-------\Service_UpdaterSvcfocusbase
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-28  )))))))))))))))))))))))))))))))
.
.
2014-08-28 00:07 . 2014-08-28 00:07	--------	d-----w-	c:\documents and settings\Liquid\Application Data\Rainmeter
2014-08-28 00:06 . 2014-08-28 00:07	--------	d-----w-	c:\program files\Rainmeter
2014-08-27 05:49 . 2014-08-27 05:51	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 05:39 . 2014-05-12 14:26	53208	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 05:39 . 2014-05-12 14:25	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-27 05:39 . 2014-08-27 05:43	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2014-08-27 05:39 . 2014-08-27 05:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2014-08-27 01:06 . 2014-08-27 01:06	--------	d-----w-	c:\windows\ERUNT
2014-08-27 01:04 . 2014-08-27 03:30	--------	d-----w-	c:\documents and settings\Administrator
2014-08-26 14:54 . 2014-08-26 14:57	--------	d-----w-	c:\program files\ophcrack
2014-08-26 00:17 . 2014-08-26 00:17	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\Temp
2014-08-26 00:02 . 2014-08-26 00:02	--------	d-----w-	c:\documents and settings\Liquid\Application Data\AVAST Software
2014-08-25 23:52 . 2014-08-25 23:52	--------	d-----w-	c:\windows\jumpshot.com
2014-08-25 23:49 . 2014-08-25 23:47	57800	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2014-08-25 23:49 . 2014-08-25 23:47	192352	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-08-25 23:49 . 2014-08-25 23:47	779536	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-08-25 23:49 . 2014-08-26 02:55	414520	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-08-25 23:49 . 2014-08-25 23:47	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-08-25 23:49 . 2014-08-25 23:47	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-08-25 23:49 . 2014-08-25 23:47	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-08-25 23:49 . 2014-08-25 23:47	55112	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2014-08-25 23:48 . 2014-08-25 23:47	276432	----a-w-	c:\windows\system32\aswBoot.exe
2014-08-25 23:47 . 2014-08-25 23:47	43152	----a-w-	c:\windows\avastSS.scr
2014-08-25 23:33 . 2014-08-25 23:33	--------	d-----w-	c:\program files\AVAST Software
2014-08-25 22:51 . 2014-08-25 23:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVAST Software
2014-08-25 20:32 . 2014-08-25 20:41	--------	d-----w-	C:\AdwCleaner
2014-08-24 14:37 . 2014-08-25 05:47	--------	d-----w-	c:\documents and settings\Liquid\Application Data\vlc
2014-08-24 14:30 . 2014-08-24 14:36	--------	d-----w-	c:\program files\WhoCrashed
2014-08-24 14:04 . 2014-08-24 14:04	--------	d-----w-	c:\program files\VideoLAN
2014-08-24 01:16 . 2014-08-24 01:18	--------	d-----w-	c:\program files\CCleaner
2014-08-23 14:59 . 2014-08-23 14:59	--------	d-----w-	c:\windows\system32\MRT
2014-08-23 14:54 . 2014-08-23 14:55	--------	d-----w-	C:\ac966342dac78647c83a26741a
2014-08-23 05:08 . 2014-08-23 05:08	--------	d-----w-	c:\documents and settings\Liquid\Application Data\TuneUp Software
2014-08-23 04:32 . 2014-08-23 04:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\Insight Software Solutions
2014-08-23 04:32 . 2014-08-23 04:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\Insight Software
2014-08-23 04:30 . 2014-08-23 04:30	--------	d-----w-	c:\program files\Common Files\Insight Software Solutions
2014-08-23 04:29 . 2014-08-23 04:33	--------	d-----w-	c:\program files\Macro Express3
2014-08-23 02:48 . 2014-08-23 02:48	--------	d-sh--w-	c:\documents and settings\Liquid\PrivacIE
2014-08-23 02:18 . 2014-08-23 02:18	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\SmartFTP
2014-08-23 02:09 . 2014-08-23 02:09	--------	d-----w-	c:\documents and settings\Liquid\Application Data\SmartFTP
2014-08-23 02:08 . 2014-08-23 02:08	--------	d-----w-	c:\program files\SmartFTP Client
2014-08-17 12:02 . 2014-08-24 01:42	--------	d-----w-	c:\program files\Google
2014-08-17 11:48 . 2014-08-23 02:50	--------	d-----w-	c:\documents and settings\Liquid\Application Data\CoffeeCup Software
2014-08-04 14:49 . 2014-08-04 14:50	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-04 14:47 . 2014-08-04 14:47	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2014-08-04 14:45 . 2014-08-04 14:47	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\AOL
2014-08-01 08:59 . 2014-08-01 08:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\BlueStacksSetup
2014-08-01 08:58 . 2014-08-01 08:58	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\Bluestacks
2014-07-30 10:17 . 2014-07-30 10:17	--------	d-----w-	c:\documents and settings\Liquid\Local Settings\Application Data\Skype
2014-07-30 10:16 . 2014-08-28 03:16	--------	d-----w-	c:\documents and settings\Liquid\Application Data\Skype
2014-07-30 10:14 . 2014-07-30 10:14	--------	d-----w-	c:\program files\Common Files\Skype
2014-07-30 10:14 . 2014-07-30 10:14	--------	d-----r-	c:\program files\Skype
2014-07-30 10:13 . 2014-07-30 10:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-03 17:25 . 2014-07-03 17:07	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-03 17:25 . 2014-07-03 17:07	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-25 23:46	578240	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-25 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4085896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/25/2014 4:49 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/25/2014 4:49 PM 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/25/2014 4:49 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [8/25/2014 4:49 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8/25/2014 4:49 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/25/2014 4:49 PM 67824]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [4/3/2014 8:21 PM 315008]
S3 cpuz134;cpuz134;\??\c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [7/3/2014 9:44 AM 1034240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-24 01:42	1104200	----a-w-	c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25 23:46]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-28 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-27 21:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\WININET.dll
c:\windows\system32\PROPSYS.dll
c:\windows\system32\MSVCP120.dll
c:\windows\system32\MSVCR120.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-08-27  21:18:03 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-28 04:17
ComboFix2.txt  2014-08-27 21:57
.
Pre-Run: 3,859,091,456 bytes free
Post-Run: 3,789,139,968 bytes free
.
- - End Of File - - 249C1C39EBA6AD82F479AF3549874F27
8F558EB6672622401DA993E1E865C861


----------



## johnb35 (Aug 28, 2014)

Hows the system running now?


----------



## farmerjohn1324 (Aug 29, 2014)

Browser still freezes from time to time, but I'll give it a day or so to see how it improves.


----------



## johnb35 (Aug 29, 2014)

What browser do you use?

Please download and run the following program. 

http://filehippo.com/download_ccleaner/download/59aa7b1c8d6d4dee95b236d2b04bed34/

Download and install, then open the program, don't change any options and click on run cleaner.

Then please download and run this.

http://www.bleepingcomputer.com/download/tfc/dl/92/

Open program and click on start.  Computer will most likely need to be rebooted when it has finished.  Let me know how system is reacting after running these 2 programs.  We may also have to reset your browser after you tell me which one you use.


----------



## farmerjohn1324 (Aug 29, 2014)

I use Google Chrome. I had been using Firefox and it had the same problems. I am downloading those files now. Do you think my lack of RAM could be causing these problems?


----------



## spirit (Aug 29, 2014)

farmerjohn1324 said:


> I use Google Chrome. I had been using Firefox and it had the same problems. I am downloading those files now. Do you think my lack of RAM could be causing these problems?



Google Chrome is a bit RAM hungry - how much RAM do you have?

It could also be slow because of stuff left over from the infections.


----------



## johnb35 (Aug 29, 2014)

farmerjohn1324 said:


> I use Google Chrome. I had been using Firefox and it had the same problems. I am downloading those files now. Do you think my lack of RAM could be causing these problems?


 
It's a combination of your ram and the processor, but mostly lack of ram.  As I said before, its time for a new machine. 




spirit said:


> Google Chrome is a bit RAM hungry - how much RAM do you have?
> 
> It could also be slow because of stuff left over from the infections.



He runs XP on 512mb of ram and a single core celeron at 1.7 ghz.  He needs a new machine.  He can only upgrade to 1gb of ram but it won't really help.


----------



## voyagerfan99 (Aug 29, 2014)

spirit said:


> google chrome is a bit ram hungry - how much ram do you have?



512mb


----------



## spirit (Aug 29, 2014)

johnb35 said:


> IHe runs XP on 512mb of ram and a single core celeron at 1.7 ghz.  He needs a new machine.  He can only upgrade to 1gb of ram but it won't really help.



Well there's your problem.


----------



## farmerjohn1324 (Aug 29, 2014)

I ran those last two programs. Why would it not help me to upgrade to 1gb of RAM? This would nearly double it from 512mb.

I created a youtube channel to show my computers problems, it is at...

https://www.youtube.com/channel/UCwXZ7IacqX_4g_0U7o5m4Gw/videos


----------



## farmerjohn1324 (Aug 29, 2014)

Is there anything else I can do to try to make it run better? Freeing up hard drive space? Any way to free up RAM?


----------



## spirit (Aug 29, 2014)

Try completely reinstalling Windows.


----------



## aldan (Aug 29, 2014)

you really need a new pc.trust me i had a 2.8ghz single core celeron with 2gb of ram and i dont know how i put up with it as long as i did.its old hardware and its painfully slow.if a new machine isnt in the budget there are a lot of inexpensive older systems a lot better than yours out there.we purchased an old e2100 dual core with 4gb of ddr2 ram for $100.runs perfectly with win7 and not a problem in 2 years.


----------



## farmerjohn1324 (Aug 30, 2014)

Where would I get an older system like that for $100?


----------



## voyagerfan99 (Aug 30, 2014)

farmerjohn1324 said:


> Where would I get an older system like that for $100?



How about $200?

http://www.newegg.com/Product/Produ...ell_latitude_e6400-_-9SIA5WM1XG2868-_-Product

I love Dell Latitude's and always recommend them.

Or up your budget even more and you can get a laptop like mine

http://www.newegg.com/Product/Produ...re=dell_latitude_e6420-_-34-300-729-_-Product


----------



## farmerjohn1324 (Aug 30, 2014)

Did anyone look at that youtube channel on one of my previous posts? Are all of these problems caused by lack of RAM? The same thing happened with Firefox.

And what about when it says "connected," and then the browser says "can't connect." 
What is going on there?


----------



## voyagerfan99 (Aug 30, 2014)

farmerjohn1324 said:


> Did anyone look at that youtube channel on one of my previous posts?



What YouTube channel? I didn't see you post a video.


----------



## spirit (Aug 30, 2014)

voyagerfan99 said:


> How about $200?
> 
> http://www.newegg.com/Product/Produ...ell_latitude_e6400-_-9SIA5WM1XG2868-_-Product
> 
> ...



This.

Or you could get a nice ThinkPad T410 with an i5 and 4GB of RAM: http://www.newegg.com/Product/Produ...e=refurbished_thinkpad-_-34-313-642-_-Product

I love my ThinkPad and would recommend them. The Dells are excellent too. 

You don't need to spend a crazy amount of money in order to get a nice upgrade from your machine because practically anything made within the past 6 or 7 years is faster - which is the good thing about hanging onto an old machine for so long, I guess.


----------



## voyagerfan99 (Aug 30, 2014)

I wouldn't get a T410. I had one at work and that thing ran HOT HOT HOT! I like Thinkpads, but definitely not that one.


----------



## johnb35 (Aug 30, 2014)

farmerjohn1324 said:


> Did anyone look at that youtube channel on one of my previous posts? Are all of these problems caused by lack of RAM? The same thing happened with Firefox.
> 
> And what about when it says "connected," and then the browser says "can't connect."
> What is going on there?



The reason being is that XP can't differentiate between being connected to router and actually being connected to internet.   

Without having to buy a new system then your only hope to resurrect this machine is just to reinstall windows, that alone should help.  I really wouldn't put any more money into this system as its old and very low end.  If it had better specs and could hold more memory I would say yes but its not really gonna help to add another mb of memory.


----------



## farmerjohn1324 (Aug 31, 2014)

Okay, and when I do buy a new machine, I really want to be able to run Google Earth. I try to on this machine, it says my video card is not good enough. What is the minimum I need to run Google Earth?

What is the best operating system that I should get when I buy a new system?

And one more semi-unrelated question without starting a new thread. I currently can't play DVD's on my Windows Media Player. They say I need a new codec

I have windows media player version 9.00.00.4503

I've been told to go to:

windows.microsoft.com/en/UF/windows/windows-media-player-plug-ins

And so when my mouse/system freezes and I am forced to restart just by pushing the off button, and when the browser freezes, this is all due to low RAM?

Why would reinstalling XP help? Is there a different operating system I could put on this machine to help it run better before I get a new one?

but nothing on this site matches what I need.

Where should I go?

"The reason being is that XP can't differentiate between being connected to router and actually being connected to internet." Why not? Seems like it should be able to do a simple thing like that, right?


----------



## aldan (Aug 31, 2014)

first thing to do is post your budget so the gurus can recommend a setup for you.if you like wmp then download the k-lite codec pack so it can play your dvds format.or you could download vlc media player which will play pretty much anything you throw at it without installing a codec pack.having been thru what you are going thru i wouldnt do anything to your old machine except to take it to the recycle place.


----------



## farmerjohn1324 (Aug 31, 2014)

I am about to reload Windows XP, but before I do, can someone answer these this question:

Are all of these problems due to lack of RAM:

 browser stops responding, mouse/system freezes, browser won't recognize internet?

Or is the last one a problem with XP itself, and why would an operating system not be able to do such a function?


----------



## farmerjohn1324 (Aug 31, 2014)

I want to be able to run a windows operating system, a browser that can have 8 tabs open at once, some of them playing videos, and to run MS Office, and Google Earth (which I just checked needs a 3d accelerated card with shader support), and I want enough hard drive space so that the problems I currently have do not happen.

How much RAM should I have to get this? And how much hard drive space should I have? I currently have 18.6GB.


----------



## spirit (Aug 31, 2014)

farmerjohn1324 said:


> I am about to reload Windows XP, but before I do, can someone answer these this question:
> 
> Are all of these problems due to lack of RAM:
> 
> ...



Your problem is due to a lack of RAM but ALSO your very low-end CPU that was the lowest-end (read: SLOWEST) when you bought it in 2003! 11 years ago! AND you likely have an extremely slow hard drive that has had years of wear. 

The problem isn't necessarily to do with XP, but rather the hardware that it is running on. For the record I used XP for years (as did many other people) on much stronger hardware than what you have and it ran fine. It even ran Google Earth! 

These are typically also symptoms of malware. If you've had this installation of XP for 11 years and have never scanned your system for malware then there is a very good chance that *something* has slipped in there over the years and hasn't been removed.

But please, forget about this computer. Throw it away. You REALLY need to upgrade! 

Google Earth will run on pretty much any machine that has been made within the past 8 years I reckon, so the Dell that Voyager posted or the ThinkPad that I posted will have no problems running it. You don't need a crazy system to run it but probably something more powerful than what you have now.

You should look for a machine with Windows 7 or 8.1. Most refurbished machines run Windows 7 (Professional, usually). Windows 7 was the only Microsoft OS to come with DVD codecs so you can actually play DVDs with Media Player on Windows 7 without having to buy and install codecs. Otherwise, you can download VLC Media Player for free to play DVDs (and that will work on any Microsoft OS): http://www.videolan.org/vlc/download-windows.html

I hope this helps. You will love an upgrade and kick yourself for not getting a new machine sooner.


----------



## farmerjohn1324 (Aug 31, 2014)

Actually, this computer was made from parts about 10 months ago. I have no idea of the history of the parts or of the operating system.

But what is bare minimum RAM, processor speed, and hard drive capacity I should get? Bare minimum to run what I need to do? If 512mb is giving me problems, do I need 2gb, 4gb, 8gb?

And if 1.70ghz is too slow, what speed should I shoot for?


----------



## spirit (Aug 31, 2014)

It doesn't matter how it was assembled. The fact is it is was low-end in 2003. There's your issue.

What you want is at least 3GB of RAM (preferably 4GB and a 64-bit OS), probably 250GB HDD minimum (most refurbs I've seen have 320GB or 500GB) and as for the processor you want a dual-core as the absolute minimum. Probably around 2.0GHz but the clockspeed doesn't matter too much.

You currently have a 1.7GHz sole-core - a 1.0GHz dual-core would probably thrash it. A 1.5GHz dual-core would definitely thrash it. So don't worry too much about the clockspeed at this point in time.

Something like this would be ideal for you (and yes, it will run Google Earth): http://www.newegg.com/Product/Produ...ell_latitude_e6400-_-9SIA5WM1XG2868-_-Product

$200 and it has a 2.4GHz Core 2 Duo, 4GB RAM, 500GB HDD and Windows 7 Home. 

Perfect.


----------



## farmerjohn1324 (Aug 31, 2014)

Cool thanks.


----------

