How do I permanently remove adware?

F

farmerjohn1324

Member
I have AVG antivirus and it tells me that I have adware. I click "temove," and it says removed, but then AVG will come up a few hours later telling me that it found more adware in the same location.

How do I permanently remove this?

The adware is called FocusBase.
 
Last edited:
1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
AdwCleaner file:

# AdwCleaner v3.308 - Report created 25/08/2014 at 13:40:33
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Liquid - LIQUID-EDE81A
# Running from : C:\Documents and Settings\Liquid\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update AtuZi
[#] Service Deleted : Update focusbase
[#] Service Deleted : Util AtuZi

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Documents and Settings\Liquid\Local Settings\Application Data\ArcadeGiant
Folder Deleted : C:\Documents and Settings\Liquid\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\DOCUME~1\Liquid\LOCALS~1\Temp\AtuZi
Folder Deleted : C:\DOCUME~1\Liquid\LOCALS~1\Temp\focusbase
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Liquid\Start Menu\Programs\ArcadeGiant
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\VideoDownloadConverter_4z
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\Extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}
Folder Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com
File Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\searchplugins\trovi-search.xml
File Deleted : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BEC0B5A9-4CE8-4873-90E5-345E66A944DB}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\prefs.js ]

Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":221584481,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221584482,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.66.4.33738");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=780c74a8&p2=^HJ^xpi000^YYA^");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2014082216");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xpi000^YYA^");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.66.4.33738");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://videodownloadconverter.dl.tb.ask.com/installComplete.jhtml");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "32707");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");

-\\ Google Chrome v36.0.1985.143

[ File : C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6123 octets] - [25/08/2014 13:32:08]
AdwCleaner[S0].txt - [5984 octets] - [25/08/2014 13:40:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6044 octets] ##########
 
I am the only person to ever use this computer. By default, for some reason the computer called my username "Liquid." I try to run as administrator, and it says I need a password that I am unaware of.

What is this password, or how do I find it?
 
Do you use a password to log on to your account? If not, just leave password blank. If you use a password to log on to your account, its the same password. Check the user accounts to see if there is a password assigned to the user "liquid". And the computer doesn't automatically assign user names.

Is the focusbase adware gone now? Adw cleaner removed it.
 
The computer was built from parts about 6 months ago. Someone else installed XP on it. I am currently using ophcrack to get the admin password, but am not allowed to ask this forum for help on that matter. Yes, I believe the focusbase is gone now, but I will run those other 3 programs and post the logs.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Tue 08/26/2014 at 18:06:23.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/26/2014 at 20:22:30.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malware log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/26/2014
Scan Time: 10:51:23 PM
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Liquid

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 232407
Time Elapsed: 42 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.PassShow.A, HKU\S-1-5-21-343818398-1645522239-1177238915-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PassShow, Quarantined, [c08949b6a9d1b48290d1197b33cf6c94],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.SAMInside, C:\Documents and Settings\Liquid\Desktop\saminside.zip, No Action By User, [3f0a6c9390ea270f0723043151b3fc04],
PUP.Optional.Softonic.A, C:\RECYCLER\S-1-5-21-343818398-1645522239-1177238915-1003\Dc11.exe, Quarantined, [be8b49b6f7832f077c871b47be43837d],
PUP.Optional.Conduit.A, C:\Documents and Settings\Liquid\Local Settings\Temp\SearchProtectINT.exe, Quarantined, [d47522ddcfabee485e1e8bd39e63ff01],
PUP.Optional.OpenCandy, C:\Documents and Settings\Liquid\Local Settings\Temp\dlm1D1.tmp\FreeVideoToJPGConverter.exe, Quarantined, [af9a89762456b87e15fb113ea061c838],

Physical Sectors: 0
(No malicious items detected)


(end)
 
OTL.txt

OTL logfile created on: 8/27/2014 9:43:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Liquid\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.43 Mb Total Physical Memory | 339.32 Mb Available Physical Memory | 66.35% Memory free
1.40 Gb Paging File | 1.15 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 2.07 Gb Free Space | 11.14% Space Free | Partition Type: NTFS

Computer Name: LIQUID-EDE81A | User Name: Liquid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Liquid\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2014\avgmfapx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\14082700\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()


========== Services (SafeList) ==========

SRV - (UpdaterSvcfocusbase) -- C:\Program Files\focusbase\updater.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz134) -- C:\DOCUME~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (cerc6) -- File not found
DRV - (Avgtdix) -- system32\DRIVERS\avgtdix.sys File not found
DRV - (Avgrkx86) -- system32\DRIVERS\avgrkx86.sys File not found
DRV - (AVGIDSShim) -- system32\DRIVERS\avgidsshimx.sys File not found
DRV - (AVGIDSHX) -- system32\DRIVERS\avgidshx.sys File not found
DRV - (AVGIDSDriverl) -- system32\DRIVERS\avgidsdriverlx.sys File not found
DRV - (ddwrd) -- C:\WINDOWS\system32\drivers\xpdvio.sys (Malwarebytes Corporation)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswsp.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswHwid) -- C:\WINDOWS\system32\drivers\aswHwid.sys ()
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Linksys_adapter_H) -- C:\WINDOWS\system32\drivers\AE1200xp.sys (Broadcom Corporation)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: 4zffxtbr%40VideoDownloadConverter_4z.com:6.66.4.33738
FF - prefs.js..extensions.enabledAddons: e38c01fb-ffb2-4c7e-b4c7-1f47c844d855%40gmail.com:0.95.27
FF - prefs.js..extensions.enabledAddons: %7B037A8456-0903-427E-B5E0-7D95FDD598AE%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/25 16:48:25 | 000,000,000 | ---D | M]

[2014/07/03 08:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Extensions
[2014/08/25 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions
[2014/08/17 05:00:39 | 000,000,000 | ---D | M] ("enterprise 1.1") -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com
[2014/08/17 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData
[2014/08/17 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData\plugins
[2014/08/17 05:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData\userCode
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LIQUID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L3SH7DCG.DEFAULT\EXTENSIONS\{037A8456-0903-427E-B5E0-7D95FDD598AE}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LIQUID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L3SH7DCG.DEFAULT\EXTENSIONS\4ZFFXTBR@VIDEODOWNLOADCONVERTER_4Z.COM
[2014/07/07 03:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\DadApp.exe ()
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B935D4-06FE-4090-B904-56322E228216}: DhcpNameServer = 192.168.3.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/06 18:46:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell - "" = AutoRun
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell - "" = AutoRun
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/26 23:36:22 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xpdvio.sys
[2014/08/26 22:49:17 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/26 22:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/08/26 22:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/26 22:39:49 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/26 22:39:38 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/08/26 22:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/26 22:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/08/26 18:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/08/26 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\saminside
[2014/08/26 07:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ophcrack
[2014/08/26 07:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\ophcrack
[2014/08/25 17:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Temp
[2014/08/25 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVAST Software
[2014/08/25 16:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/08/25 16:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/08/25 16:49:23 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/08/25 16:49:20 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/08/25 16:49:18 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/08/25 16:49:15 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/08/25 16:49:10 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/08/25 16:48:39 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/08/25 16:47:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/08/25 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/08/25 15:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/08/25 13:32:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/24 07:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\vlc
[2014/08/24 07:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2014/08/24 07:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/08/23 18:40:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Liquid\Recent
[2014/08/23 18:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/23 07:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/08/23 07:54:32 | 000,000,000 | ---D | C] -- C:\ac966342dac78647c83a26741a
[2014/08/22 22:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVG2014
[2014/08/22 22:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\TuneUp Software
[2014/08/22 22:04:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/08/22 22:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/22 22:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\MFAData
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Avg2014
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Insight Software Solutions
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Insight Software
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2014/08/22 21:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Insight Software Solutions
[2014/08/22 21:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Macro Express3
[2014/08/22 19:48:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Liquid\PrivacIE
[2014/08/22 19:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\SmartFTP
[2014/08/22 19:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\SmartFTP
[2014/08/22 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2014/08/18 04:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\site
[2014/08/17 05:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/08/17 04:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\My Documents\CoffeeCup Software
[2014/08/17 04:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\CoffeeCup Software
[2014/08/04 08:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
[2014/08/04 08:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2014/08/04 08:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\AVG
[2014/08/04 08:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVG
[2014/08/04 07:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/04 07:49:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/08/04 07:47:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/04 07:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\AOL
[2014/08/01 01:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2014/08/01 01:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Bluestacks
[2014/07/31 06:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\online dat
[2014/07/30 03:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Skype
[2014/07/30 03:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\Skype
[2014/07/30 03:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/07/30 03:14:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/07/30 03:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2014/07/29 18:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\prof
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/27 09:41:34 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/27 04:51:13 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/26 23:36:24 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xpdvio.sys
[2014/08/26 22:51:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/26 22:43:49 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/26 20:42:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/26 20:42:43 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/26 20:42:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/26 20:42:18 | 536,342,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/26 07:54:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2014/08/25 19:55:25 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/08/25 16:51:53 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/08/25 16:47:59 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/08/25 16:47:58 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/08/25 16:47:58 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/08/25 16:47:53 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/08/25 16:47:52 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/08/25 16:47:51 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/08/25 16:47:48 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/08/25 16:47:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/08/25 16:47:15 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/08/24 22:42:27 | 000,767,035 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\c.png
[2014/08/24 08:16:57 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\site.html
[2014/08/24 07:43:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Google Chrome.lnk
[2014/08/24 07:30:17 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\WhoCrashed.lnk
[2014/08/24 07:19:18 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/08/23 21:08:10 | 001,388,159 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Civil.pdf
[2014/08/23 18:57:21 | 000,000,000 | ---- | M] () -- C:\Cookies
[2014/08/23 18:17:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/22 21:38:02 | 000,000,163 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2014/08/22 21:33:18 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\swpkey.mes
[2014/08/22 21:33:16 | 000,004,640 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\macex_bak000.~mex
[2014/08/22 21:33:16 | 000,004,640 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\macex.mex
[2014/08/22 15:57:06 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Liquid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/21 05:11:14 | 000,006,176 | ---- | M] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/08/21 05:04:33 | 000,000,464 | ---- | M] () -- C:\WINDOWS\System32\ScannerSettings
[2014/08/20 11:55:44 | 000,176,980 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\bank.JPG
[2014/08/20 05:12:17 | 000,004,097 | ---- | M] () -- C:\WINDOWS\System32\dummy.000
[2014/08/17 05:36:51 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc
[2014/08/14 15:47:03 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Microsoft Word 2010.lnk
[2014/08/08 17:44:16 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\judaism.rtf
[2014/08/08 15:00:01 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/05 22:23:33 | 000,647,321 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Ammendment.pdf
[2014/08/05 21:00:20 | 002,347,285 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\1023.pdf
[2014/08/05 12:06:11 | 000,200,818 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\i1023.pdf
[2014/08/04 12:14:08 | 000,031,814 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Articles.tif
[2014/08/04 11:18:02 | 000,052,156 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\1023checklist.pdf
[2014/08/03 20:07:33 | 000,060,599 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\irs8718.pdf
[2014/08/03 15:11:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/02 13:04:39 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Microsoft Excel 2010.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/26 22:43:49 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/26 20:42:18 | 536,342,528 | -HS- | C] () -- C:\hiberfil.sys
[2014/08/26 07:54:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2014/08/25 16:51:53 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/08/25 16:51:13 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/25 16:49:22 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/08/25 16:49:17 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/08/25 16:49:13 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/08/24 22:42:27 | 000,767,035 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\c.png
[2014/08/24 07:43:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Google Chrome.lnk
[2014/08/24 07:30:17 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\WhoCrashed.lnk
[2014/08/24 07:19:18 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/08/23 21:07:28 | 001,388,159 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Civil.pdf
[2014/08/23 18:57:21 | 000,000,000 | ---- | C] () -- C:\Cookies
[2014/08/23 18:48:48 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
[2014/08/23 18:22:26 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/23 18:22:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/23 18:17:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/22 22:08:38 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014.lnk
[2014/08/22 21:33:47 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\macex_bak000.~mex
[2014/08/22 21:33:23 | 000,102,362 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\samples.mex
[2014/08/22 21:33:18 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\swpkey.mes
[2014/08/22 21:33:16 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\macex.mex
[2014/08/22 21:32:37 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Macro Express 3.lnk
[2014/08/22 19:08:44 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartFTP Client.lnk
[2014/08/21 05:11:14 | 000,006,176 | ---- | C] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/08/20 11:54:19 | 000,176,980 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\bank.JPG
[2014/08/20 05:11:58 | 000,004,097 | ---- | C] () -- C:\WINDOWS\System32\dummy.000
[2014/08/20 05:05:11 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\ScannerSettings
[2014/08/17 05:01:25 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\WinSys32.crc
[2014/08/13 07:03:00 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\site.html
[2014/08/05 12:05:22 | 000,200,818 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\i1023.pdf
[2014/08/04 12:43:41 | 000,647,321 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Ammendment.pdf
[2014/08/04 12:13:44 | 000,031,814 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Articles.tif
[2014/08/04 11:21:37 | 002,347,285 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\1023.pdf
[2014/08/04 11:17:48 | 000,052,156 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\1023checklist.pdf
[2014/08/04 07:46:09 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Liquid\Start Menu\Programs\AIM.lnk
[2014/08/03 20:07:29 | 000,060,599 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\irs8718.pdf
[2014/07/30 03:14:38 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype.lnk
[2014/07/03 19:24:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/07/03 18:15:56 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2014/05/14 06:32:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2014/05/10 03:17:16 | 000,036,466 | ---- | C] () -- C:\WINDOWS\INSTALL.DAT
[2014/05/06 20:05:01 | 000,000,218 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2013/05/06 18:53:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/05/06 18:41:01 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/05/06 11:22:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/05/06 11:20:28 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/16 06:13:09 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\Liquid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2014/07/03 10:15:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 20:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/08/25 16:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/08/04 08:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/22 23:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/01 01:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2014/05/06 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2014/08/04 07:47:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/22 21:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2014/08/22 21:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2014/08/26 22:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/07/13 20:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape ISP Dialer
[2014/08/04 07:50:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2003/05/16 06:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AnvSoft
[2014/08/25 17:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVAST Software
[2014/08/04 08:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVG
[2014/08/22 22:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVG2014
[2014/08/22 19:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\CoffeeCup Software
[2014/07/14 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\Foxit Software
[2014/06/08 14:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\MOVAVI
[2014/07/03 10:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\Netscape ISP Dialer
[2014/08/22 22:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >
 
OTL.txt

OTL logfile created on: 8/27/2014 9:43:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Liquid\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.43 Mb Total Physical Memory | 339.32 Mb Available Physical Memory | 66.35% Memory free
1.40 Gb Paging File | 1.15 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 2.07 Gb Free Space | 11.14% Space Free | Partition Type: NTFS

Computer Name: LIQUID-EDE81A | User Name: Liquid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Liquid\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2014\avgmfapx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\14082700\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()


========== Services (SafeList) ==========

SRV - (UpdaterSvcfocusbase) -- C:\Program Files\focusbase\updater.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz134) -- C:\DOCUME~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (cerc6) -- File not found
DRV - (Avgtdix) -- system32\DRIVERS\avgtdix.sys File not found
DRV - (Avgrkx86) -- system32\DRIVERS\avgrkx86.sys File not found
DRV - (AVGIDSShim) -- system32\DRIVERS\avgidsshimx.sys File not found
DRV - (AVGIDSHX) -- system32\DRIVERS\avgidshx.sys File not found
DRV - (AVGIDSDriverl) -- system32\DRIVERS\avgidsdriverlx.sys File not found
DRV - (ddwrd) -- C:\WINDOWS\system32\drivers\xpdvio.sys (Malwarebytes Corporation)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswsp.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswHwid) -- C:\WINDOWS\system32\drivers\aswHwid.sys ()
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Linksys_adapter_H) -- C:\WINDOWS\system32\drivers\AE1200xp.sys (Broadcom Corporation)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: 4zffxtbr%40VideoDownloadConverter_4z.com:6.66.4.33738
FF - prefs.js..extensions.enabledAddons: e38c01fb-ffb2-4c7e-b4c7-1f47c844d855%40gmail.com:0.95.27
FF - prefs.js..extensions.enabledAddons: %7B037A8456-0903-427E-B5E0-7D95FDD598AE%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/25 16:48:25 | 000,000,000 | ---D | M]

[2014/07/03 08:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Extensions
[2014/08/25 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions
[2014/08/17 05:00:39 | 000,000,000 | ---D | M] ("enterprise 1.1") -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com
[2014/08/17 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData
[2014/08/17 05:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData\plugins
[2014/08/17 05:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liquid\Application Data\Mozilla\Firefox\Profiles\l3sh7dcg.default\extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com\extensionData\userCode
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LIQUID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L3SH7DCG.DEFAULT\EXTENSIONS\{037A8456-0903-427E-B5E0-7D95FDD598AE}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LIQUID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L3SH7DCG.DEFAULT\EXTENSIONS\4ZFFXTBR@VIDEODOWNLOADCONVERTER_4Z.COM
[2014/07/07 03:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Liquid\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\DadApp.exe ()
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B935D4-06FE-4090-B904-56322E228216}: DhcpNameServer = 192.168.3.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/06 18:46:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell - "" = AutoRun
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{437374d0-d5a4-11e3-9c87-00065b0e056d}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell - "" = AutoRun
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95d69b77-87ee-11d7-9c7d-00065b0e056d}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/26 23:36:22 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xpdvio.sys
[2014/08/26 22:49:17 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/26 22:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/08/26 22:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/26 22:39:49 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/26 22:39:38 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/08/26 22:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/26 22:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/08/26 18:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/08/26 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\saminside
[2014/08/26 07:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ophcrack
[2014/08/26 07:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\ophcrack
[2014/08/25 17:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Temp
[2014/08/25 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVAST Software
[2014/08/25 16:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/08/25 16:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/08/25 16:49:23 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/08/25 16:49:20 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/08/25 16:49:18 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/08/25 16:49:15 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/08/25 16:49:10 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/08/25 16:48:39 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/08/25 16:47:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/08/25 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/08/25 15:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/08/25 13:32:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/24 07:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\vlc
[2014/08/24 07:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2014/08/24 07:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/08/23 18:40:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Liquid\Recent
[2014/08/23 18:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/23 07:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/08/23 07:54:32 | 000,000,000 | ---D | C] -- C:\ac966342dac78647c83a26741a
[2014/08/22 22:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVG2014
[2014/08/22 22:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\TuneUp Software
[2014/08/22 22:04:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/08/22 22:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/22 22:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\MFAData
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/08/22 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Avg2014
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Insight Software Solutions
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Insight Software
[2014/08/22 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2014/08/22 21:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Insight Software Solutions
[2014/08/22 21:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Macro Express3
[2014/08/22 19:48:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Liquid\PrivacIE
[2014/08/22 19:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\SmartFTP
[2014/08/22 19:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\SmartFTP
[2014/08/22 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2014/08/18 04:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\site
[2014/08/17 05:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/08/17 04:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\My Documents\CoffeeCup Software
[2014/08/17 04:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\CoffeeCup Software
[2014/08/04 08:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
[2014/08/04 08:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2014/08/04 08:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\AVG
[2014/08/04 08:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\AVG
[2014/08/04 07:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/04 07:49:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/08/04 07:47:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/04 07:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\AOL
[2014/08/01 01:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2014/08/01 01:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Bluestacks
[2014/07/31 06:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\online dat
[2014/07/30 03:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Local Settings\Application Data\Skype
[2014/07/30 03:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Application Data\Skype
[2014/07/30 03:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/07/30 03:14:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/07/30 03:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2014/07/29 18:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liquid\Desktop\prof
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/27 09:41:34 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/27 04:51:13 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/26 23:36:24 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\xpdvio.sys
[2014/08/26 22:51:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/26 22:43:49 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/26 20:42:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/26 20:42:43 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/26 20:42:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/26 20:42:18 | 536,342,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/26 07:54:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2014/08/25 19:55:25 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/08/25 16:51:53 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/08/25 16:47:59 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/08/25 16:47:58 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/08/25 16:47:58 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/08/25 16:47:53 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/08/25 16:47:52 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/08/25 16:47:51 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/08/25 16:47:48 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/08/25 16:47:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/08/25 16:47:15 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/08/24 22:42:27 | 000,767,035 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\c.png
[2014/08/24 08:16:57 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\site.html
[2014/08/24 07:43:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Google Chrome.lnk
[2014/08/24 07:30:17 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\WhoCrashed.lnk
[2014/08/24 07:19:18 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/08/23 21:08:10 | 001,388,159 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Civil.pdf
[2014/08/23 18:57:21 | 000,000,000 | ---- | M] () -- C:\Cookies
[2014/08/23 18:17:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/22 21:38:02 | 000,000,163 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2014/08/22 21:33:18 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\swpkey.mes
[2014/08/22 21:33:16 | 000,004,640 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\macex_bak000.~mex
[2014/08/22 21:33:16 | 000,004,640 | ---- | M] () -- C:\Documents and Settings\Liquid\My Documents\macex.mex
[2014/08/22 15:57:06 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Liquid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/21 05:11:14 | 000,006,176 | ---- | M] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/08/21 05:04:33 | 000,000,464 | ---- | M] () -- C:\WINDOWS\System32\ScannerSettings
[2014/08/20 11:55:44 | 000,176,980 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\bank.JPG
[2014/08/20 05:12:17 | 000,004,097 | ---- | M] () -- C:\WINDOWS\System32\dummy.000
[2014/08/17 05:36:51 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc
[2014/08/14 15:47:03 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Microsoft Word 2010.lnk
[2014/08/08 17:44:16 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\judaism.rtf
[2014/08/08 15:00:01 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/05 22:23:33 | 000,647,321 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Ammendment.pdf
[2014/08/05 21:00:20 | 002,347,285 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\1023.pdf
[2014/08/05 12:06:11 | 000,200,818 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\i1023.pdf
[2014/08/04 12:14:08 | 000,031,814 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Articles.tif
[2014/08/04 11:18:02 | 000,052,156 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\1023checklist.pdf
[2014/08/03 20:07:33 | 000,060,599 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\irs8718.pdf
[2014/08/03 15:11:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/02 13:04:39 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Liquid\Desktop\Microsoft Excel 2010.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/26 22:43:49 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/26 20:42:18 | 536,342,528 | -HS- | C] () -- C:\hiberfil.sys
[2014/08/26 07:54:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2014/08/25 16:51:53 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/08/25 16:51:13 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/08/25 16:49:22 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/08/25 16:49:17 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/08/25 16:49:13 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/08/24 22:42:27 | 000,767,035 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\c.png
[2014/08/24 07:43:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Google Chrome.lnk
[2014/08/24 07:30:17 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\WhoCrashed.lnk
[2014/08/24 07:19:18 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/08/23 21:07:28 | 001,388,159 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Civil.pdf
[2014/08/23 18:57:21 | 000,000,000 | ---- | C] () -- C:\Cookies
[2014/08/23 18:48:48 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
[2014/08/23 18:22:26 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/23 18:22:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/23 18:17:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/22 22:08:38 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014.lnk
[2014/08/22 21:33:47 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\macex_bak000.~mex
[2014/08/22 21:33:23 | 000,102,362 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\samples.mex
[2014/08/22 21:33:18 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\swpkey.mes
[2014/08/22 21:33:16 | 000,004,640 | ---- | C] () -- C:\Documents and Settings\Liquid\My Documents\macex.mex
[2014/08/22 21:32:37 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Macro Express 3.lnk
[2014/08/22 19:08:44 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartFTP Client.lnk
[2014/08/21 05:11:14 | 000,006,176 | ---- | C] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/08/20 11:54:19 | 000,176,980 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\bank.JPG
[2014/08/20 05:11:58 | 000,004,097 | ---- | C] () -- C:\WINDOWS\System32\dummy.000
[2014/08/20 05:05:11 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\ScannerSettings
[2014/08/17 05:01:25 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\WinSys32.crc
[2014/08/13 07:03:00 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\site.html
[2014/08/05 12:05:22 | 000,200,818 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\i1023.pdf
[2014/08/04 12:43:41 | 000,647,321 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Ammendment.pdf
[2014/08/04 12:13:44 | 000,031,814 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\Articles.tif
[2014/08/04 11:21:37 | 002,347,285 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\1023.pdf
[2014/08/04 11:17:48 | 000,052,156 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\1023checklist.pdf
[2014/08/04 07:46:09 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Liquid\Start Menu\Programs\AIM.lnk
[2014/08/03 20:07:29 | 000,060,599 | ---- | C] () -- C:\Documents and Settings\Liquid\Desktop\irs8718.pdf
[2014/07/30 03:14:38 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype.lnk
[2014/07/03 19:24:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/07/03 18:15:56 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2014/05/14 06:32:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2014/05/10 03:17:16 | 000,036,466 | ---- | C] () -- C:\WINDOWS\INSTALL.DAT
[2014/05/06 20:05:01 | 000,000,218 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2013/05/06 18:53:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/05/06 18:41:01 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/05/06 11:22:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/05/06 11:20:28 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/16 06:13:09 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\Liquid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2014/07/03 10:15:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 20:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/08/25 16:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/08/04 08:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/22 23:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/01 01:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2014/05/06 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2014/08/04 07:47:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/22 21:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2014/08/22 21:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2014/08/26 22:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/07/13 20:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape ISP Dialer
[2014/08/04 07:50:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2003/05/16 06:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AnvSoft
[2014/08/25 17:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVAST Software
[2014/08/04 08:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVG
[2014/08/22 22:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\AVG2014
[2014/08/22 19:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\CoffeeCup Software
[2014/07/14 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\Foxit Software
[2014/06/08 14:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\MOVAVI
[2014/07/03 10:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\Netscape ISP Dialer
[2014/08/22 22:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liquid\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >
 
Extras.txt (created by OTL)

OTL Extras logfile created on: 8/27/2014 9:43:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Liquid\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.43 Mb Total Physical Memory | 339.32 Mb Available Physical Memory | 66.35% Memory free
1.40 Gb Paging File | 1.15 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 2.07 Gb Free Space | 11.14% Space Free | Partition Type: NTFS

Computer Name: LIQUID-EDE81A | User Name: Liquid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 5.0 -- (SmartSoft Ltd.)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16EE2E7E-221B-40DD-8A9A-4311498EC930}" = LG USB Modem Drivers
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{8169E486-7B48-4A41-AAE9-6A5AE1FC7B9B}" = SmartFTP Client
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9811F26-3EF6-449A-9736-BB79A125D894}" = AVG 2014
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E1547FCE-F5DD-4D77-8C71-13B6A2B8F527}" = O2Micro Smartcard Driver
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Avast" = avast! Free Antivirus
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Deluxe Edition" = Deluxe Edition
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{E1547FCE-F5DD-4D77-8C71-13B6A2B8F527}" = O2Micro Smartcard Driver
"Macro Express 3" = Macro Express 3
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ophcrack" = ophcrack 3.6.0
"VLC media player" = VLC media player
"WhoCrashed_is1" = WhoCrashed 5.02

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2014 8:02:01 AM | Computer Name = LIQUID-EDE81A | Source = MsiInstaller | ID = 11309
Description = Product: Google Update Helper -- Error 1309. Error reading from file:
C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.
System error 3. Verify that the file exists and that you can access it.

Error - 8/21/2014 5:22:26 PM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.

Error - 8/22/2014 9:41:45 AM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.

Error - 8/23/2014 12:31:42 AM | Computer Name = LIQUID-EDE81A | Source = MsiInstaller | ID = 11309
Description = Product: Google Update Helper -- Error 1309. Error reading from file:
C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.
System error 3. Verify that the file exists and that you can access it.

Error - 8/23/2014 9:09:20 PM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.

Error - 8/23/2014 9:29:38 PM | Computer Name = LIQUID-EDE81A | Source = Application Hang | ID = 1002
Description = Hanging application CCleaner.exe, version 4.16.0.4763, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/23/2014 9:37:49 PM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 31.0.0.5310, faulting
module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.

Error - 8/23/2014 10:06:38 PM | Computer Name = LIQUID-EDE81A | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2014 8:31:20 PM | Computer Name = LIQUID-EDE81A | Source = Application Error | ID = 1000
Description = Faulting application TL_Bootstrap.exe, version 0.0.0.0, faulting module
TL_Bootstrap.exe, version 0.0.0.0, fault address 0x00015718.

Error - 8/26/2014 5:20:48 PM | Computer Name = LIQUID-EDE81A | Source = Application Hang | ID = 1002
Description = Hanging application ophcrack.exe, version 3.6.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriverl service which
failed to start because of the following error: %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/26/2014 11:35:59 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm Avgdiskx AVGIDSDriverl AVGIDSShim Avgldx86 Avgtdix
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error - 8/26/2014 11:37:38 PM | Computer Name = LIQUID-EDE81A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/26/2014 11:39:54 PM | Computer Name = LIQUID-EDE81A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/26/2014 11:40:01 PM | Computer Name = LIQUID-EDE81A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/26/2014 11:45:20 PM | Computer Name = LIQUID-EDE81A | Source = Service Control Manager | ID = 7000
Description = The UpdaterSvcfocusbase service failed to start due to the following
error: %%3


< End of report >
 
I need further scans done, unfortunately.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:
  • The ComboFix log
  • An update on how your computer is running
 
ComboFix 14-08-26.02 - Liquid 08/27/2014 14:35:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.322 [GMT -7:00]
Running from: c:\documents and settings\Liquid\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Liquid\Local Settings\Temporary Internet Files\e6ce770a-136b-45e2-9575-26ba238e4506.jpg
c:\documents and settings\Liquid\WINDOWS
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2014-07-27 to 2014-08-27 )))))))))))))))))))))))))))))))
.
.
2014-08-27 06:36 . 2014-08-27 06:36 52440 ----a-w- c:\windows\system32\drivers\xpdvio.sys
2014-08-27 05:49 . 2014-08-27 05:51 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 05:44 . 2014-08-27 05:46 -------- d-----w- c:\windows\LastGood
2014-08-27 05:39 . 2014-05-12 14:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 05:39 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-27 05:39 . 2014-08-27 05:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-27 05:39 . 2014-08-27 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-08-27 01:06 . 2014-08-27 01:06 -------- d-----w- c:\windows\ERUNT
2014-08-27 01:04 . 2014-08-27 03:30 -------- d-----w- c:\documents and settings\Administrator
2014-08-26 14:54 . 2014-08-26 14:57 -------- d-----w- c:\program files\ophcrack
2014-08-26 00:17 . 2014-08-26 00:17 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Temp
2014-08-26 00:02 . 2014-08-26 00:02 -------- d-----w- c:\documents and settings\Liquid\Application Data\AVAST Software
2014-08-25 23:52 . 2014-08-25 23:52 -------- d-----w- c:\windows\jumpshot.com
2014-08-25 23:49 . 2014-08-25 23:47 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-25 23:49 . 2014-08-25 23:47 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-25 23:49 . 2014-08-25 23:47 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-25 23:49 . 2014-08-26 02:55 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-25 23:49 . 2014-08-25 23:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-25 23:49 . 2014-08-25 23:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-25 23:49 . 2014-08-25 23:47 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-25 23:49 . 2014-08-25 23:47 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-08-25 23:48 . 2014-08-25 23:47 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-25 23:47 . 2014-08-25 23:47 43152 ----a-w- c:\windows\avastSS.scr
2014-08-25 23:33 . 2014-08-25 23:33 -------- d-----w- c:\program files\AVAST Software
2014-08-25 22:51 . 2014-08-25 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-08-25 20:32 . 2014-08-25 20:41 -------- d-----w- C:\AdwCleaner
2014-08-24 14:37 . 2014-08-25 05:47 -------- d-----w- c:\documents and settings\Liquid\Application Data\vlc
2014-08-24 14:30 . 2014-08-24 14:36 -------- d-----w- c:\program files\WhoCrashed
2014-08-24 14:04 . 2014-08-24 14:04 -------- d-----w- c:\program files\VideoLAN
2014-08-24 01:16 . 2014-08-24 01:18 -------- d-----w- c:\program files\CCleaner
2014-08-23 14:59 . 2014-08-23 14:59 -------- d-----w- c:\windows\system32\MRT
2014-08-23 14:54 . 2014-08-23 14:55 -------- d-----w- C:\ac966342dac78647c83a26741a
2014-08-23 05:10 . 2014-08-23 05:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2014
2014-08-23 05:08 . 2014-08-23 05:08 -------- d-----w- c:\documents and settings\Liquid\Application Data\TuneUp Software
2014-08-23 05:04 . 2014-08-23 05:04 -------- d-----w- C:\$AVG
2014-08-23 05:01 . 2014-08-23 05:01 -------- d-----w- c:\program files\AVG
2014-08-23 04:34 . 2014-08-27 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2014-08-23 04:34 . 2014-08-23 05:21 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Avg2014
2014-08-23 04:34 . 2014-08-23 04:34 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\MFAData
2014-08-23 04:32 . 2014-08-23 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Insight Software Solutions
2014-08-23 04:32 . 2014-08-23 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Insight Software
2014-08-23 04:30 . 2014-08-23 04:30 -------- d-----w- c:\program files\Common Files\Insight Software Solutions
2014-08-23 04:29 . 2014-08-23 04:33 -------- d-----w- c:\program files\Macro Express3
2014-08-23 02:48 . 2014-08-23 02:48 -------- d-sh--w- c:\documents and settings\Liquid\PrivacIE
2014-08-23 02:18 . 2014-08-23 02:18 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\SmartFTP
2014-08-23 02:09 . 2014-08-23 02:09 -------- d-----w- c:\documents and settings\Liquid\Application Data\SmartFTP
2014-08-23 02:08 . 2014-08-23 02:08 -------- d-----w- c:\program files\SmartFTP Client
2014-08-17 12:02 . 2014-08-24 01:42 -------- d-----w- c:\program files\Google
2014-08-17 11:48 . 2014-08-23 02:50 -------- d-----w- c:\documents and settings\Liquid\Application Data\CoffeeCup Software
2014-08-04 15:15 . 2014-08-04 15:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG
2014-08-04 15:15 . 2014-08-04 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2014-08-04 15:00 . 2014-08-04 15:00 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\AVG
2014-08-04 15:00 . 2014-08-04 15:00 -------- d-----w- c:\documents and settings\Liquid\Application Data\AVG
2014-08-04 14:51 . 2014-08-04 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2014-08-04 14:49 . 2014-08-04 14:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-04 14:47 . 2014-08-04 14:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-08-04 14:45 . 2014-08-04 14:47 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\AOL
2014-08-01 08:59 . 2014-08-01 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacksSetup
2014-08-01 08:58 . 2014-08-01 08:58 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Bluestacks
2014-07-30 10:17 . 2014-07-30 10:17 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Skype
2014-07-30 10:16 . 2014-08-27 16:21 -------- d-----w- c:\documents and settings\Liquid\Application Data\Skype
2014-07-30 10:14 . 2014-07-30 10:14 -------- d-----w- c:\program files\Common Files\Skype
2014-07-30 10:14 . 2014-07-30 10:14 -------- d-----r- c:\program files\Skype
2014-07-30 10:13 . 2014-07-30 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-03 17:25 . 2014-07-03 17:07 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-03 17:25 . 2014-07-03 17:07 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-30 19:43 . 2014-06-30 19:43 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-25 23:46 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-25 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4085896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-05-12 54072]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 cerc6;cerc6; [x]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-30 121624]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008]
R2 UpdaterSvcfocusbase;UpdaterSvcfocusbase;c:\program files\focusbase\updater.exe [x]
R3 cpuz134;cpuz134;c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200xp.sys [2011-03-28 1034240]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-25 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-26 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-25 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-25 67824]
S4 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\DRIVERS\avgidsdriverlx.sys [x]
S4 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-24 01:42 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25 23:46]
.
2014-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.3.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-27 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-08-27 14:57:19
ComboFix-quarantined-files.txt 2014-08-27 21:57
.
Pre-Run: 2,039,111,680 bytes free
Post-Run: 2,849,923,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 828084420764C9D98B3CFA6B0274A91E
8F558EB6672622401DA993E1E865C861
 
Ok, Lots of entries to get removed. I'll post a cleanup script in a little bit after I go through everything. AVG is still on your system and so is focusbase. So give me time, probably like an hour or so.
 
Just wanted to let you know that you are running windows XP on only 512mb of ram, actually less than that because the video is using up some of that as well. Also, you are running out of space on your c drive. You only have about 11 percent (2gb) left. So your system is definitely hurting because of this alone. A new system should be in your immediate future.

The first thing I want you to do is download and run the AVG uninstaller from here.

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2014_4116.exe

After that has completed, please reboot the system and then perform the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box
Code: 
Driver::

cerc6
Avgdiskx
UpdaterSvcfocusbase
AVGIDSDriverl
AVGIDSHX
AVGIDSShim
Avgrkx86
Avgtdix

Folder::

c:\windows\system32\config\systemprofile\Application Data\AVG2014
C:\$AVG
c:\program files\AVG
c:\documents and settings\Liquid\Local Settings\Application Data\Avg2014
c:\documents and settings\LocalService\Local Settings\Application Data\AVG
c:\documents and settings\LocalService\Application Data\AVG
c:\documents and settings\Liquid\Local Settings\Application Data\AVG
c:\documents and settings\Liquid\Application Data\AVG
c:\documents and settings\All Users\Application Data\AVG


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
You must log in or register to reply here.
Back
Top