Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

reoccurring virusmalware [Solved]


  • This topic is locked This topic is locked

#16
sirspread

sirspread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
File C:\WINDOWS\System32\셫἗喴7 not found.
File C:\WINDOWS\System32\Ƞ杼喴7 not found.
File C:\WINDOWS\System32\䃸예喴7 not found.
File C:\WINDOWS\System32\ᓛ娻喴7 not found.
File C:\WINDOWS\System32\枴謐喴7 not found.
File C:\WINDOWS\System32\鴐Ⳑ喴7 not found.
File C:\WINDOWS\System32\㗓╷喴7 not found.
File C:\WINDOWS\System32\醶혭喴7 not found.
File C:\WINDOWS\System32\凱喴7 not found.
File C:\WINDOWS\System32\ꢔ擄喴7 not found.
File C:\WINDOWS\System32\꾵喴7 not found.
File C:\WINDOWS\System32\廼縖喴7 not found.
File C:\WINDOWS\System32\钅骴喴7 not found.
File C:\WINDOWS\System32\甜둤喴7 not found.
File C:\WINDOWS\System32\휺ꑍ喴7 not found.
File C:\WINDOWS\System32\욘᭬喴7 not found.
File C:\WINDOWS\System32\遾ፑ喴7 not found.
File C:\WINDOWS\System32\㸷喴7 not found.
File C:\WINDOWS\System32\쮠ਵ喴7 not found.
File C:\WINDOWS\System32\ఽ塱喴7 not found.
File C:\WINDOWS\System32\喴7 not found.
File C:\WINDOWS\System32\厈旉喴7 not found.
File C:\WINDOWS\System32\吅ḏ喴7 not found.
File C:\WINDOWS\System32\湳喴7 not found.
File C:\WINDOWS\System32\鷾့喴7 not found.
File C:\WINDOWS\System32\䔶ꟛ喴7 not found.
File C:\WINDOWS\System32\▙ἧ喴7 not found.
File C:\WINDOWS\System32\섴঵喴7 not found.
File C:\WINDOWS\System32\ⳅ喴7 not found.
File C:\WINDOWS\System32\๊⯛喴7 not found.
File C:\WINDOWS\System32\礔喴7 not found.
File C:\WINDOWS\System32\含㨵喴7 not found.
File C:\WINDOWS\System32\↨⑿喴7 not found.
File C:\WINDOWS\System32\귨喴7 not found.
File C:\WINDOWS\System32\ꄂ喴7 not found.
File C:\WINDOWS\System32\鞩ꅄ喴7 not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\eo0MLX not found.
File\Folder C:\Documents and Settings\All Users\Application Data\eo0MLX not found.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 09102014_181410
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Compaq_Owner (administrator) on YOUR-447023AE6B on 10-09-2014 18:30:16
Running from C:\Documents and Settings\Compaq_Owner\desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\lxcecoms.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LXCECATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [90112 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [90112 2004-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [lxcemon.exe] => C:\Program Files\Lexmark 4300 Series\lxcemon.exe [192512 2005-08-02] (Lexmark International, Inc.)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2005-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [KodakShareButtonApp] => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [107008 2011-03-07] (Eastman Kodak Company)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-03] (Hewlett-Packard Company)
HKLM\...\Run: [IPHSend] => C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [126104 2006-03-27] (America Online, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1266096361\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-08] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Lexmark Fax Solutions\fm3032.exe [299008 2005-07-12] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 4300 Series\ezprint.exe [94208 2005-07-26] (Lexmark International Inc.)
HKLM\...\Run: [eabconfg.cpl] => C:\Program Files\Compaq\EAB\EABSERVR.EXE [229376 2002-11-12] (Compaq)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-04-15] (ATI Technologies, Inc.)
HKLM\...\Run: [ASUSGamerOSD] => C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [380928 2007-09-13] (ASUSTeK Computer Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2805248 2005-05-04] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 0
HKU\.DEFAULT\...\Policies\system: [NoVisualStyleChoice] 0
HKU\.DEFAULT\...\Policies\system: [NoColorChoice] 0
HKU\.DEFAULT\...\Policies\system: [NoSizeChoice] 0
HKU\.DEFAULT\...\Policies\system: [DisableLockWorkstation] 0
HKU\.DEFAULT\...\Policies\system: [DisableChangePassword] 0
HKU\.DEFAULT\...\Policies\system: [HideLogonScripts] 0
HKU\.DEFAULT\...\Policies\system: [HideLogoffScripts] 0
HKU\.DEFAULT\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoThemesTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoAddPrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [RestrictCpl] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisallowCpl] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDrivesInSendToMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [RestrictRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisallowRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRecycleFiles] 0
HKU\.DEFAULT\...\Policies\Explorer: [ForceRecycleBinSize] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\.DEFAULT\...\Policies\Explorer: [ClassicShell] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoCustomizeWebView] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFileMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWinKeys] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSecurityTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoInstrumentation] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWebView] 0
HKU\.DEFAULT\...\Policies\Explorer: [DontShowSuperHidden] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoOnlinePrintsWizard] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoPublishingWizard] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyPictures] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFavoritesMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHelp] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoCommonGroups] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuEjectPC] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [ForceStartMenuLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDisconnect] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoNtSecurity] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [GreyMSIAds] 0
HKU\.DEFAULT\...\Policies\Explorer: [ForceMaxRecentDocs] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMBalloonTips] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [LockTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAVolume] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCANetwork] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAPower] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKU\.DEFAULT\...\Policies\Explorer: [NoTaskGrouping] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWebServices] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFileUrl] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoBandCustomize] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\.DEFAULT\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoNetHood] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoComputersNearMe] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\.DEFAULT\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogOff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [PromptRunasInstallNetPath] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Policies\Explorer: [ForceCopyAclwithFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [StartRunNoHOMEPATH] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\system: [HideLogonScripts] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [RestrictCpl] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [DisallowCpl] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDrivesInSendToMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [ForceRecycleBinSize] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoCustomizeWebView] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoWinKeys] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoWebView] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [DontShowSuperHidden] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoOnlinePrintsWizard] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoPublishingWizard] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoHelp] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuEjectPC] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [ForceStartMenuLogoff] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDisconnect] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoNtSecurity] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [GreyMSIAds] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [ForceMaxRecentDocs] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSMBalloonTips] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [LockTaskbar] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [HideSCAPower] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoTaskGrouping] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoWebServices] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoComputersNearMe] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [PromptRunasInstallNetPath] 1
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [ForceCopyAclwithFile] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [StartRunNoHOMEPATH] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437
FF NewTab: www.google.com
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxTrick - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2014-08-14]
FF Extension: Classic Theme Restorer - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\Extensions\[email protected] [2014-05-14]
FF Extension: Exif Viewer - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\Extensions\[email protected] [2014-08-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-19]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-12] (Avira Operations GmbH & Co. KG)
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [258560 2007-09-13] (ASUSTeK COMPUTER INC.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-05-18] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 lxce_device; C:\WINDOWS\system32\lxcecoms.exe [471040 2005-07-06] (Lexmark International, Inc.)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 asusgsb; C:\WINDOWS\System32\drivers\asusgsb.sys [12416 2007-09-13] (ASUSTeK Computer Inc.) [File not signed]
R1 asuskbnt; C:\WINDOWS\System32\drivers\atkkbnt.sys [11136 2007-09-13] (ASUSTeK COMPUTER INC.) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 dsiarhwprog; C:\WINDOWS\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany) [File not signed]
R1 EABFiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [6928 2002-10-14] (Compaq Computer Corp.)
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5168 2002-01-28] (Compaq Computer Corp.)
R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-09-13] (ASUSTeK Computer Inc.) [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-08] (Windows ® Server 2003 DDK provider)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 sonypvs1; C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-07-24] (Avira GmbH)
R3 Video3D; C:\WINDOWS\System32\Drivers\Video3D32.sys [10752 2007-09-13] (ASUSTeK COMPUTER INC.) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\22F.tmp [X]
S3 NielGfx; system32\drivers\nielgfx.sys [X]
S0 nielprt; system32\DRIVERS\nielprt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 18:30 - 2014-09-10 18:30 - 00026922 _____ () C:\Documents and Settings\Compaq_Owner\desktop\FRST.txt
2014-09-10 14:02 - 2014-09-10 14:02 - 17424939 _____ () C:\Documents and Settings\Compaq_Owner\desktop\171g_edited-1.psd
2014-09-09 14:05 - 2014-09-09 14:05 - 00000000 ____D () C:\_OTL
2014-09-09 14:03 - 2014-09-09 14:03 - 01097728 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\desktop\FRST.exe
2014-09-05 19:15 - 2014-09-05 19:15 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Compaq_Owner\desktop\OTL.exe
2014-09-05 17:56 - 2014-09-07 23:37 - 00014336 _____ () C:\Documents and Settings\Compaq_Owner\desktop\ins and outs.xlr
2014-09-04 11:06 - 2014-09-04 11:06 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-09-02 20:55 - 2014-09-02 20:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-02 19:25 - 2014-09-02 19:25 - 00000000 ___SD () C:\ComboFix
2014-09-02 17:37 - 2014-09-02 17:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-08-31 21:54 - 2014-08-31 21:54 - 00020621 _____ () C:\ComboFix.txt
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator.YOUR-447023AE6B\Local Settings\temp
2014-08-31 21:40 - 2014-09-10 18:30 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\temp
2014-08-28 11:14 - 2014-08-28 11:14 - 00000866 _____ () C:\Documents and Settings\All Users\desktop\Avira.lnk
2014-08-27 23:12 - 2014-08-27 23:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Adobe
2014-08-24 20:18 - 2014-08-30 20:06 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-08-24 20:18 - 2014-08-24 20:18 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-08-21 22:24 - 2014-08-21 22:25 - 00048282 _____ () C:\JavaRa.log
2014-08-21 21:42 - 2014-08-21 21:43 - 01364531 _____ () C:\Documents and Settings\Compaq_Owner\desktop\adwcleaner_3.308.exe
2014-08-17 21:01 - 2014-09-10 18:17 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-08-17 21:01 - 2014-09-10 18:17 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-17 21:01 - 2014-09-10 18:15 - 00032590 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-17 21:01 - 2014-08-17 21:01 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-17 16:53 - 2014-09-10 18:19 - 00368682 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-16 19:54 - 2014-08-16 22:08 - 00000000 ____D () C:\Program Files\Fralimbo
2014-08-16 19:46 - 2014-08-16 19:46 - 00000170 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\WindApp.boostrap.log
2014-08-16 10:53 - 2014-08-16 10:54 - 00004537 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-12 22:51 - 2014-09-10 18:15 - 00132976 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-08-12 10:36 - 2014-08-28 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 18:30 - 2014-09-10 18:30 - 00026922 _____ () C:\Documents and Settings\Compaq_Owner\desktop\FRST.txt
2014-09-10 18:30 - 2014-08-31 21:40 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\temp
2014-09-10 18:30 - 2014-04-13 17:03 - 00000000 ____D () C:\FRST
2014-09-10 18:29 - 2010-02-13 20:20 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{60F2B32C-DEDB-47D4-B669-B12AA3C1622A}.job
2014-09-10 18:29 - 2004-11-23 23:08 - 00000281 __RSH () C:\boot.ini
2014-09-10 18:29 - 2004-11-09 21:20 - 00000792 _____ () C:\WINDOWS\win.ini
2014-09-10 18:29 - 2004-11-09 21:11 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-10 18:19 - 2014-08-17 16:53 - 00368682 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-10 18:19 - 2014-03-11 10:16 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-10 18:19 - 2010-02-11 13:23 - 00000000 ____D () C:\Program Files\Lx_cats
2014-09-10 18:17 - 2014-08-17 21:01 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-09-10 18:17 - 2014-08-17 21:01 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-10 18:17 - 2004-11-09 21:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-10 18:15 - 2014-08-17 21:01 - 00032590 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-10 18:15 - 2014-08-12 22:51 - 00132976 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-09-10 18:13 - 2010-02-13 17:42 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner
2014-09-10 18:05 - 2010-02-13 17:02 - 00022683 _____ () C:\lxce.log
2014-09-10 17:45 - 2012-05-04 06:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-10 16:01 - 2011-11-19 21:57 - 00024576 ____H () C:\Documents and Settings\Compaq_Owner\desktop\photothumb.db
2014-09-10 15:45 - 2013-09-05 15:30 - 00000000 ____D () C:\AdwCleaner
2014-09-10 14:02 - 2014-09-10 14:02 - 17424939 _____ () C:\Documents and Settings\Compaq_Owner\desktop\171g_edited-1.psd
2014-09-10 11:46 - 2012-05-04 06:50 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 11:46 - 2011-05-28 14:25 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 21:03 - 2010-05-06 13:32 - 00000000 ____D () C:\Program Files\Sophos
2014-09-09 21:01 - 2014-04-21 20:46 - 00000000 ____D () C:\Program Files\Free Window Registry Repair
2014-09-09 16:47 - 2004-11-24 00:36 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-09 14:05 - 2014-09-09 14:05 - 00000000 ____D () C:\_OTL
2014-09-09 14:03 - 2014-09-09 14:03 - 01097728 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\desktop\FRST.exe
2014-09-09 09:20 - 2004-11-09 21:23 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-07 23:37 - 2014-09-05 17:56 - 00014336 _____ () C:\Documents and Settings\Compaq_Owner\desktop\ins and outs.xlr
2014-09-07 23:37 - 2010-02-15 17:00 - 00008174 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2014-09-07 19:53 - 2014-07-03 13:26 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 18:31 - 2011-06-12 22:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwmp11$
2014-09-05 19:15 - 2014-09-05 19:15 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Compaq_Owner\desktop\OTL.exe
2014-09-05 17:15 - 2010-11-23 10:10 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-09-05 16:58 - 2005-01-02 15:39 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-09-05 15:12 - 2004-11-24 00:25 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-04 11:06 - 2014-09-04 11:06 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-09-04 09:16 - 2012-04-26 11:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-02 20:56 - 2014-09-02 20:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-02 19:41 - 2010-02-14 12:03 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-02 19:25 - 2014-09-02 19:25 - 00000000 ___SD () C:\ComboFix
2014-09-02 19:25 - 2010-05-11 20:00 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-09-02 17:37 - 2014-09-02 17:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-08-31 21:54 - 2014-08-31 21:54 - 00020621 _____ () C:\ComboFix.txt
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator.YOUR-447023AE6B\Local Settings\temp
2014-08-31 21:39 - 2004-11-24 00:07 - 00000000 ____D () C:\WINDOWS\Help
2014-08-30 20:06 - 2014-08-24 20:18 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-08-28 20:37 - 2014-08-12 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-08-28 11:14 - 2014-08-28 11:14 - 00000866 _____ () C:\Documents and Settings\All Users\desktop\Avira.lnk
2014-08-28 11:14 - 2013-07-24 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-08-28 11:12 - 2013-07-24 13:04 - 00000000 ____D () C:\Program Files\Avira
2014-08-27 23:12 - 2014-08-27 23:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Adobe
2014-08-27 20:08 - 2010-03-08 18:38 - 00024064 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-24 22:22 - 2010-02-13 19:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB967715$
2014-08-24 20:18 - 2014-08-24 20:18 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-08-21 22:25 - 2014-08-21 22:24 - 00048282 _____ () C:\JavaRa.log
2014-08-21 22:24 - 2005-01-02 15:27 - 00000000 ____D () C:\Program Files\Java
2014-08-21 21:54 - 2011-12-14 23:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2633171$
2014-08-21 21:43 - 2014-08-21 21:42 - 01364531 _____ () C:\Documents and Settings\Compaq_Owner\desktop\adwcleaner_3.308.exe
2014-08-21 16:42 - 2010-03-11 12:01 - 00020294 _____ () C:\lxcescan.log
2014-08-19 12:46 - 2010-02-13 23:07 - 00196608 _____ () C:\WINDOWS\system32\Drivers\nStandard.bin
2014-08-17 21:01 - 2014-08-17 21:01 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-17 21:00 - 2010-02-13 17:42 - 00000178 ___SH () C:\Documents and Settings\Compaq_Owner\ntuser.ini
2014-08-17 16:57 - 2013-12-07 22:37 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Vistaprint Photo Books
2014-08-17 16:50 - 2010-02-11 12:50 - 00000000 __SHD () C:\Documents and Settings\Compaq_Owner\UserData
2014-08-16 22:08 - 2014-08-16 19:54 - 00000000 ____D () C:\Program Files\Fralimbo
2014-08-16 22:08 - 2004-11-24 00:04 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-16 21:28 - 2004-11-24 00:04 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-08-16 20:45 - 2011-05-05 22:13 - 00000738 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 20:45 - 2010-02-16 00:02 - 00000732 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-08-16 20:45 - 2010-02-13 17:42 - 00000811 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Internet Explorer.lnk
2014-08-16 19:51 - 2010-08-07 15:41 - 00000000 ____D () C:\Program Files\Google
2014-08-16 19:46 - 2014-08-16 19:46 - 00000170 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\WindApp.boostrap.log
2014-08-16 10:55 - 2005-01-02 15:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-16 10:54 - 2014-08-16 10:53 - 00004537 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-14 23:04 - 2013-08-14 22:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 23:02 - 2010-02-13 18:48 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-12 10:36 - 2013-07-24 13:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira

Files to move or delete:
====================
C:\Documents and Settings\Compaq_Owner\settings.dat


Some content of TEMP:
====================
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by Compaq_Owner at 2014-09-10 18:31:25
Running from C:\Documents and Settings\Compaq_Owner\desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.41612 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AOL Broadband Toolbar 5.0 (HKLM\...\AOL Broadband Toolbar) (Version: 5.0.80.1 - AOL)
AOL Registration (HKLM\...\AOL Regclient) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - )
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ASUS Gamer OSD (HKLM\...\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}) (Version: 2.05.0913 - ASUSTeK COMPUTER INC.)
ASUS nVidia Driver (Version: 5.00.0000 - ASUSTek) Hidden
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5150 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.13-050414a2-023930C-HP - )
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Compaq Easy Access Buttons 3.00 D2 (HKLM\...\Easy Access Buttons) (Version:  - )
Compaq Multimedia Keyboard Software (HKLM\...\KBD) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.789 - InterVideo Inc.)
Java™ 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 5.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
KODAK Share Button App (HKLM\...\{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}) (Version: 3.01.0000.0000 - Eastman Kodak Company)
Lexmark 4300 Series (HKLM\...\Lexmark 4300 Series) (Version:  - )
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Age of Empires Gold (HKLM\...\Age of Empires Gold 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM\...\Motocross Madness 2) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MS Access 97 SP2 (HKLM\...\MS Access 97 SP2) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC-Doctor 5 for Windows (HKLM\...\InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}) (Version: 5.00.2832.01 - PC-Doctor)
PC-Doctor 5 for Windows (Version: 5.00.2832.01 - PC-Doctor) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PS2 (HKLM\...\PS2) (Version:  - )
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shogun - Total War - Warlord Edition (HKLM\...\Shogun Total War - Warlord Edition) (Version:  - )
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.3 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.2 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.2 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.2 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4207471033-598798117-2367749602-1008_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Documents and Settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

==================== Restore Points  =========================

09-09-2014 15:49:20 System Checkpoint
09-09-2014 20:02:41 Configured PC-Doctor 5 for Windows
09-09-2014 20:08:09 OTL Restore Point - 09/09/2014 21:07:45
09-09-2014 21:26:22 OTL Restore Point - 09/09/2014 22:25:48
10-09-2014 16:58:07 OTL Restore Point - 10/09/2014 17:57:35
10-09-2014 17:14:43 OTL Restore Point - 10/09/2014 18:14:21

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 19:00 - 2014-08-31 21:40 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{60F2B32C-DEDB-47D4-B669-B12AA3C1622A}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-05-17 17:34 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-02-13 19:24 - 2005-07-12 10:33 - 00032768 _____ () C:\WINDOWS\system32\LXPRMON.DLL
2010-02-11 12:52 - 2007-09-13 16:54 - 00643142 _____ () C:\WINDOWS\aticlocklib.dll
2010-02-11 13:22 - 2005-02-24 17:23 - 00061440 _____ () C:\Program Files\Lexmark 4300 Series\lxcecnv4.dll
2014-08-04 14:16 - 2014-08-04 14:16 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-09 16:50 - 2014-08-04 14:20 - 00052472 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-02 20:55 - 2014-09-02 20:56 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk => C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2014 11:06:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (09/04/2014 11:06:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.0.5350, faulting module mozalloc.dll, version 32.0.0.5350, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/04/2014 11:03:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (09/04/2014 11:03:37 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (09/04/2014 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (09/04/2014 11:03:24 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (08/31/2014 09:51:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

Error: (08/31/2014 09:10:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Java™ 6 Update 20 -- Internal Error 2753. regutils.dll

Error: (08/30/2014 08:12:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2014 11:02:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.18.28431, P3 53c3ed8f, P4 system.componentmodel.composition, P5 4.0.0.1, P6 4c2933cc, P7 49c, P8 20, P9 clr20r30, P10 clr20r31.


System errors:
=============
Error: (09/10/2014 06:29:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/10/2014 06:04:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/10/2014 06:00:09 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverDELLNetBT_Tcpip_{E059185C-61F5-4054-86B1

Error: (09/09/2014 09:38:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/09/2014 09:21:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/09/2014 08:18:42 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.12 for the Network Card with network address 0013D3573709 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (09/09/2014 04:44:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The lxce_device service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 04:44:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WAN Miniport (ATW) Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 04:44:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 04:44:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V7 service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (09/04/2014 11:06:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (09/04/2014 11:06:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.0.5350mozalloc.dll32.0.0.53500000141b

Error: (09/04/2014 11:03:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (09/04/2014 11:03:37 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (09/04/2014 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (09/04/2014 11:03:24 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (08/31/2014 09:51:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (08/31/2014 09:10:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Java™ 6 Update 20 -- Internal Error 2753. regutils.dll(NULL)(NULL)(NULL)

Error: (08/30/2014 08:12:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDUpdate.exe1.6.0.12hungapp0.0.0.000000000

Error: (08/28/2014 11:02:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3avira.oe.servicehost.exe1.1.18.2843153c3ed8fsystem.componentmodel.composition4.0.0.14c2933cc49c20ha2r5vsskg1rxuacxv143hzfuv1ct25uNIL


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 65%
Total physical RAM: 1023.36 MB
Available physical RAM: 357.69 MB
Total Pagefile: 2460.68 MB
Available Pagefile: 1696.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.96 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:229.35 GB) (Free:125.84 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:3.52 GB) (Free:0.37 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=3.5 GB) - (Type=0B)
Partition 2: (Active) - (Size=229.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/09/2014
Scan Time: 18:37:28
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.10.07
Rootkit Database: v2014.09.10.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Compaq_Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357774
Time Elapsed: 18 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Avira Free Antivirus    
 Avira      
 Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java™ 6 Update 29  
 Java version out of Date!
 Adobe Flash Player     15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````
 


  • 0

Advertisements


#17
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Great job. Two more steps. Let me know how your machine is doing after these as well. Thank you.

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.68KB   93 downloads

    Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST by Double-Clicking on the file and choosing.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Double-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

 

Items for your next post

1. FRST Fix log

2. aswMBR Log

3. How's your machine now?


  • 0

#18
sirspread

sirspread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Compaq_Owner at 2014-09-10 21:36:58 Run:2
Running from C:\Documents and Settings\Compaq_Owner\desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2805248 2005-05-04] (RealTek Semicoductor Corp.)
HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [90112 2004-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [lxcemon.exe] => C:\Program Files\Lexmark 4300 Series\lxcemon.exe [192512 2005-08-02] (Lexmark International, Inc.)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2005-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [KodakShareButtonApp] => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [107008 2011-03-07] (Eastman Kodak Company)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-03] (Hewlett-Packard Company)
HKLM\...\Run: [IPHSend] => C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [126104 2006-03-27] (America Online, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1266096361\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-08] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Lexmark Fax Solutions\fm3032.exe [299008 2005-07-12] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 4300 Series\ezprint.exe [94208 2005-07-26] (Lexmark International Inc.)
HKLM\...\Run: [eabconfg.cpl] => C:\Program Files\Compaq\EAB\EABSERVR.EXE [229376 2002-11-12] (Compaq)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-04-15] (ATI Technologies, Inc.)
HKLM\...\Run: [ASUSGamerOSD] => C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [380928 2007-09-13] (ASUSTeK Computer Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [90112 2005-05-04] (Realtek Semiconductor Corp.)
Reboot:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AlcWzrd => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PS2 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\lxcemon.exe => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\LSBWatcher => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KodakShareButtonApp => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KBD => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\IPHSend => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hpsysdrv => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HostManager => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\High Definition Audio Property Page Shortcut => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\FaxCenterServer => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EzPrint => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eabconfg.cpl => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ATIPTA => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ASUSGamerOSD => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoundMan => value deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-10 21:46:02
-----------------------------
21:46:02.359    OS Version: Windows 5.1.2600 Service Pack 3
21:46:02.359    Number of processors: 1 586 0x409
21:46:02.359    ComputerName: YOUR-447023AE6B  UserName: Compaq_Owner
21:47:19.171    Initialize success
21:47:20.015    VM: initialized successfully
21:47:20.187    VM: Intel CPU virtualization not supported
21:54:52.765    AVAST engine defs: 14091000
21:55:01.781    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:55:01.875    Disk 0 Vendor: WDC_WD2500JS-60MHB1 10.02E02 Size: 238475MB BusType: 3
21:55:03.328    Disk 0 MBR read successfully
21:55:03.343    Disk 0 MBR scan
21:55:04.203    Disk 0 unknown MBR code
21:55:04.218    Disk 0 Partition 1 00     0B        FAT32 RECOVERY     3608 MB offset 63
21:55:04.625    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       234856 MB offset 7389900
21:55:04.656    Disk 0 unknown boot code
21:55:04.812    Scan finished successfully
21:58:20.000    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
21:58:20.093    The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"

 

the machine has been sluggush most of the day but i have noticed a definate speed up with things in last 10 mins


  • 0

#19
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Good to hear. It should have been a little more responsive after the last fix and reboot. The good news is your machine is clean. Following are some final recommendations.

 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.

 

1. Download Delfix from here and save to your desktop.
2. Double-click on the file to open it.

3. Ensure everything is checked.

4. Click Run.

    Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

Delfix.JPG

 
2. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
Another alternative and popular software program for keeping your programs current is FileHippo Update Checker. Some people prefer this one.
 
1. Please download FileHippo update checker from here and save to your desktop.
2. Double-click the FHSetup.exe file that was downloaded and accept all the defaults to install the program.
3. The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    Once updates are found you will see information from your task bar as follows. If you click on this informational message you will be take to a website showing the programs

    that you have that are outdated and links will be provided to the updates.
Capture.JPG

 

 
3. Keeping Java Updated
WARNING: Java is one of the most exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.

I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to diasble Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 7 Update 67.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link.

 

Java.JPG
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java™ 6 Update 29
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, double click on the file that was downloaded (jre-7u67-windows-i586.exe) to install the latest version. Accept all the defaults and you're good to go.

Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
 
 

4. Firewall - Preventative
Next let's look at Firewalls. These help to prevent unauthorized access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. If you have at least Windows Vista then the built-in Windows firewall is fine. If you are still using Windows XP, you should download a firewall. A recommended one is below. NOTE: Microsoft Support for Windows XP ended April 8, 2014. You may want to make plans to upgrade. Microsoft no longer provides windows updates for this operating system and as a result it is much more vulnerable.

 
OnLine-Armour Note: By default Emsisoft Online Armor installs as a free fully functional 30 day trial version. After the trial period you can either choose to buy a full version license or switch to the limited freeware mode.
Agnitum - Outpost free Note: Scroll down to Free Outpost Products and Outpost Firewall Free.

 
5. Antivirus - Preventative
It's great that you have a reputable AV on your machine. Good job. 
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is not actively monitoring your machine so it won't conflict with the Antivirus that you decide to install. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.

 
6. CryptoLocker Warning!!!! - Complete Data Loss can occur!
There is a particularly nasty infection out there at the moment. You may read more about this here.
Download CryptoPrevent free for home use here following the instructions below.
1. Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
2. Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
3. You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
4. You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
5. The next screen that comes up looks as follows. Leave all the defaults and click the Apply button.
Crypto.JPG

6. Once this is applied you will be asked to reboot your computer. Answer Yes. You're all set.
Note: The free version doesn't provide automatic updates. Periodically, you should open up the program and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!
 
Items for your next post.
1. Contents of the Delfix log.


  • 0

#20
sirspread

sirspread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

 # DelFix v10.8 - Logfile created 11/09/2014 at 14:15:09
# Updated 29/07/2014 by Xplode
# Username : Compaq_Owner - YOUR-447023AE6B
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Compaq_Owner\DoctorWeb
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\JavaRa.log
Deleted : C:\rkill.log
Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_3.308.exe
Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt
Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
Deleted : C:\Documents and Settings\Compaq_Owner\Desktop\SecurityCheck.exe
Deleted : C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\AdwCleaner.exe
Deleted : HKCU\Software\IDAVLab
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\IDAVLab
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1 [System Checkpoint | 09/09/2014 15:49:20]
Deleted : RP #2 [Configured PC-Doctor 5 for Windows | 09/09/2014 20:02:41]
Deleted : RP #3 [OTL Restore Point - 09/09/2014 21:07:45 | 09/09/2014 20:08:09]
Deleted : RP #4 [OTL Restore Point - 09/09/2014 22:25:48 | 09/09/2014 21:26:22]
Deleted : RP #5 [OTL Restore Point - 10/09/2014 17:57:35 | 09/10/2014 16:58:07]
Deleted : RP #6 [OTL Restore Point - 10/09/2014 18:14:21 | 09/10/2014 17:14:43]
Deleted : RP #7 [Software Distribution Service 3.0 | 09/10/2014 22:21:34]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP