Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Bitdefender turns off on startup. [Solved]

Started by reach1 , Nov 22 2014 02:36 PM

This topic is locked

#16
reach1

Posted 13 December 2014 - 05:12 AM

Member

Topic Starter
Member
130 posts

https://www.virustot...sis/1418468973/

#17
reach1

Posted 13 December 2014 - 05:21 AM

Member

Topic Starter
Member
130 posts

FRST & Addition

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Owner (administrator) on GATEWAY400VTX on 13-12-2014 05:17:38
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-02-07] (Intel Corporation)
HKLM\...\Run: [PC Cleaners] => C:\Documents and Settings\All Users\Application Data\PC Cleaners\PCCleaners.exe [69500688 2014-10-09] (PC Cleaners Inc.)
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\XP SP3 N1280.exe [5656576 2014-10-05] (Microsoft Corporation)
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoDrives] 0x00FCFF03
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSMHelp] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoLogoff] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoWinKeys] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoUserNameInStartMenu] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsMenu] 0x00000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoActiveDesktop] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSMMyPictures] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSharedDocuments] 0x01000000
AppInit_DLLs: prio.dll => C:\Program Files\Prio\prio.dll [15216 2012-11-08] (O&K Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1606980848-1957994488-289805187-1003] => ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1606980848-1957994488-289805187-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL =
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.43

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Extension: Disconnect - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Go-Mobile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Zoom Page - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-14]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [57520 2013-10-23] (Bitdefender)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-05-13] (Phoenix Technologies) [File not signed]
R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R1 prio; C:\WINDOWS\System32\drivers\prio.sys [54128 2012-11-08] (Xeno)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [244560 2003-10-02] (SigmaTel, Inc.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [120830 2003-10-08] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [98842 2003-10-08] (Intel Corporation)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 05:17 - 2014-12-13 05:18 - 00023386 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-12-13 05:17 - 2014-12-13 05:17 - 00000000 ____D () C:\FRST
2014-12-13 05:15 - 2014-12-13 05:15 - 01111552 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-12-13 04:44 - 2014-12-13 04:45 - 15201368 _____ () C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
2014-12-13 04:17 - 2014-12-13 04:17 - 00080744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-12 03:46 - 2014-12-12 03:46 - 00000841 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-11 05:00 - 2014-12-11 05:00 - 00043136 _____ () C:\Documents and Settings\Owner\Desktop\OTL.Txt
2014-12-11 05:00 - 2014-12-11 05:00 - 00026334 _____ () C:\Documents and Settings\Owner\Desktop\Extras.Txt
2014-12-11 04:50 - 2014-12-11 04:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2014-12-10 05:58 - 2014-12-10 05:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Panda Security
2014-12-09 02:37 - 2014-12-09 02:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-22 12:47 - 2014-11-22 12:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Rainmaker_Software_Group_

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 05:18 - 2014-04-05 14:37 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-12-13 04:47 - 2014-09-22 17:50 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-13 04:23 - 2014-05-09 07:45 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-13 04:18 - 2014-05-08 14:47 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-12-13 04:18 - 2004-08-04 06:00 - 00012984 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-12 03:47 - 2014-05-08 18:06 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-12-12 03:47 - 2014-04-05 17:26 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-12-12 03:46 - 2014-05-08 18:06 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-12-12 03:46 - 2014-04-05 14:37 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-12 02:53 - 2014-04-05 14:37 - 00000000 ____D () C:\Documents and Settings\Owner
2014-12-10 06:25 - 2014-04-05 14:31 - 00000000 ___SD () C:\Documents and Settings\Owner\UserData
2014-12-10 02:32 - 2014-05-09 07:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-30 13:20 - 2014-06-13 17:40 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-30 13:20 - 2014-06-13 17:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-30 13:20 - 2014-06-13 17:40 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-26 00:57 - 2014-09-15 14:05 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 22:52 - 2014-09-30 04:08 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-11-21 22:22 - 2014-04-05 14:22 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-11-21 22:21 - 2014-06-13 19:50 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-11-21 22:21 - 2014-06-13 19:50 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-11-20 12:36 - 2014-09-14 03:11 - 00001599 _____ () C:\Documents and Settings\Administrator.GATEWAY400VTX\Start Menu\Programs\Remote Assistance.lnk

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2014
Ran by Owner at 2014-12-13 05:18:42
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GTW Modem (HKLM\...\GTW Modem) (Version: - )
InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Prio (HKLM\...\Prio) (Version: 2.0.0.2960 - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
Solitaire XP version 1.0 (HKLM\...\{2187FAB6-013A-4983-825F-F57F7BBBA373}_is1) (Version: 1.0 - SOLITAIREXP.COM)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 06:00 - 2014-09-22 15:54 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-15 00:07 - 2013-03-19 12:07 - 00508136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-06-15 00:07 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Vista.Emulation.dll:BDU
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\pclunst.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\FRST.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\OTL.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uxpatch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uxpatch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1606980848-1957994488-289805187-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.GATEWAY400VTX
ASPNET (S-1-5-21-1606980848-1957994488-289805187-1005 - Limited - Enabled)
Guest (S-1-5-21-1606980848-1957994488-289805187-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1606980848-1957994488-289805187-1000 - Limited - Disabled)
Owner (S-1-5-21-1606980848-1957994488-289805187-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1606980848-1957994488-289805187-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® PRO/Wireless 2915ABG Network Connection
Description: Intel® PRO/Wireless 2915ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: w29n51
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Modem
Description: PCI Modem
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2014 04:18:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (12/13/2014 04:18:10 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (12/13/2014 04:18:10 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

System errors:
=============
Error: (12/13/2014 04:18:30 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/13/2014 04:18:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error:
%%1058

Error: (12/13/2014 04:18:10 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/12/2014 03:46:54 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (12/13/2014 04:18:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (12/13/2014 04:18:10 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040206

Error: (12/13/2014 04:18:10 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070422

==================== Memory info ===========================

Processor: Mobile Intel® Celeron® CPU 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 1014.42 MB
Available physical RAM: 678.03 MB
Total Pagefile: 2440.02 MB
Available Pagefile: 2025.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.25 GB) (Free:31.14 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 2BE2254E)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#18
godawgs

Posted 13 December 2014 - 11:27 AM

Teacher

Retired Staff
8,228 posts

Thanks for the logs. You may want to print these instructions or save them to a text file before you begin. Download the AdwCleaner program that you need first, then close the browser and all open windows and follow the instructions.

Step-1.
Re-Run RogueKiller

Quit all programs and close all browsers.

Double click the RogueKiller icon to run the program.
Wait until Prescan has finished ...
Click the Scan button and wait for the scan to complete.
Click the Registry tab and remove the checks in the following boxes:
- [PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found
- [PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found
- [PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found
- [PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
- [PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
Click on the Delete button.
If the program asks you to reboot your computer please do so.
The report has been created on the desktop. If it isn't there, click the Reports button and select the most recent scan/delete report. Please post:

The RKreport.txt files.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Step-2.
FRST Fix

Warning: This fix is relevant for this system and no other. If you are not this user, Do NOT follow these directions as they could damage the workings of your system.

Download attached fixlist.txt file and save it to the same location the FRST.exe file is in.[attachment=74243:Fixlist.txt]

NOTE: It's important that both files, FRST.exe / FRST64.exe and fixlist.txt are in the same location or the fix will not work.
Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
The Fixlog.txt file can also be found in the same location that the program was run from.

Step-3.
AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.

You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
Click the Report button to get the log.
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The RKreport.txt log
2. The Fixlog.txt log
3. The AdwCleaner[R0].txt log

#19
reach1

Posted 14 December 2014 - 05:20 AM

Member

Topic Starter
Member
130 posts

After Rogue killer every thing seems to work the same, so it had to help a little. I did notice (my computer & recycle bin) icons returned to my desktop, I will remove them after we are finished. so far so good.

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Delete -- Date : 12/14/2014 04:53:41

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 24 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} -> Deleted
[PUP] HKEY_CLASSES_ROOT\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} -> Deleted
[PUP] HKEY_CLASSES_ROOT\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} -> Deleted
[PUP] HKEY_CLASSES_ROOT\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} -> Deleted
[PUP] HKEY_CLASSES_ROOT\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PC Cleaners : "C:\Documents and Settings\All Users\Application Data\PC Cleaners\PCCleaners.exe" /minimize [7][x] -> Deleted
[PUM.Proxy] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80 -> Deleted
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.../redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Internet Explorer\Main | Search Page : -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Deleted
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 33nhslg5.default-1416635410909 : user_pref("browser.startup.homepage", "http://www.bing.com/"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2040AH +++++
--- User ---
[MBR] 831dec1f62c3a1bec76a445dd5f1c07d
[BSP] 8d2a0d12d9750d3f6308814ee997e3bc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 38146 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_09222014_175630.log - RKreport_SCN_09222014_182324.log - RKreport_SCN_12132014_045049.log - RKreport_SCN_12142014_043923.log

#20
reach1

Posted 14 December 2014 - 05:56 AM

Member

Topic Starter
Member
130 posts

FRST said it had a problem and had to close, first the txt log popped up in two seconds and the program said it was fixing for 10-15 minutes after this txt log was on my desktop. Must of got hung up on something, looks good though.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014
Ran by Owner at 2014-12-14 05:26:50 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [PC Cleaners] => C:\Documents and Settings\All Users\Application Data\PC Cleaners\PCCleaners.exe [69500688 2014-10-09] (PC Cleaners Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1606980848-1957994488-289805187-1003] => ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
URLSearchHook: HKU\S-1-5-21-1606980848-1957994488-289805187-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
U3 TlntSvr; No ImagePath
2014-12-10 05:58 - 2014-12-10 05:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Panda Security
AlternateDataStreams: C:\WINDOWS\system32\Vista.Emulation.dll:BDU
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\pclunst.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\FRST.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\OTL.exe:BDU
C:\Documents and Settings\All Users\Application Data\pclunst.exe
C:\Documents and Settings\All Users\Application Data\PC Cleaners
emptytemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PC Cleaners => Value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
TlntSvr => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security => Moved successfully.
C:\WINDOWS\system32\Vista.Emulation.dll => ":BDU" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\pclunst.exe => ":BDU" ADS removed successfully.
C:\Documents and Settings\Owner\Desktop\FRST.exe => ":BDU" ADS removed successfully.
C:\Documents and Settings\Owner\Desktop\OTL.exe => ":BDU" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\pclunst.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\PC Cleaners => Moved successfully.

#21
reach1

Posted 14 December 2014 - 06:15 AM

Member

Topic Starter
Member
130 posts

# AdwCleaner v4.105 - Report created 14/12/2014 at 06:05:49
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - GATEWAY400VTX
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\eSupport.com
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\globalUpdate

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Driver Genius_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Speedial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

*************************

AdwCleaner[R0].txt - [3936 octets] - [14/12/2014 06:05:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3996 octets] ##########

#22
godawgs

Posted 14 December 2014 - 10:19 AM

Teacher

Retired Staff
8,228 posts

Glad everything ran ok. Let's see if the system restore service is working now.

Make a Fresh Restore Point

Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
- Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
  - Click Start, click Control Panel, and then double-click System.
  - Click the System Restore tab.
  - Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
  - Click OK.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Fresh Restore point
Click CREATE
Close System Restore

Let me know if you were able to create the restore point.

#23
reach1

Posted 14 December 2014 - 11:38 PM

Member

Topic Starter
Member
130 posts

yes I had to turn the service back on and restart. "Restore point created". I think ill just put that service on manual from now on. I just dont want it running in the background.

#24
godawgs

Posted 15 December 2014 - 03:53 PM

Teacher

Retired Staff
8,228 posts

Thanks for the info. Please leave the service at automatic start until we are finished. Once finished if you want to disable the service that's up to you. But I will tell you that system restore has saved my bacon on more than one occasion. But if it isn't on and you don't make regular restore points .....

Step-1.
Scan with JRT:

Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Doube-click the JRT icon to launch the application.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

NOTE: Reboot the machine and ensure that all security software is now enabled.

Step-2.
Re-run AdwCleaner

Close all open windows and browsers.

Double click the AdwCleaner icon to run AdwCleaner.
When the prescan has completed, click the Scan button and wait for the scan to complete.
When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
Click the Clean button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.
Once done it will ask to reboot, allow this
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. How is the computer running now?
2. The JRT.txt log
3. The AdwCleaner[S0].txt log

#25
reach1

Posted 16 December 2014 - 06:30 AM

Member

Topic Starter
Member
130 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Tue 12/16/2014 at 6:13:14.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\globalupdate"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/16/2014 at 6:23:57.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#26
reach1

Posted 16 December 2014 - 06:50 AM

Member

Topic Starter
Member
130 posts

Evrything on my PC looks the same as far as I can tell. I just did this AdwC so I have not had much time to notice anything but its all working.

# AdwCleaner v4.105 - Report created 16/12/2014 at 06:42:47
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - GATEWAY400VTX
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\eSupport.com

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Driver Genius_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Speedial

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

*************************

AdwCleaner[R0].txt - [4076 octets] - [14/12/2014 06:05:49]
AdwCleaner[R1].txt - [4044 octets] - [16/12/2014 06:36:15]
AdwCleaner[S0].txt - [4049 octets] - [16/12/2014 06:42:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4109 octets] ##########

#27
godawgs

Posted 16 December 2014 - 12:51 PM

Teacher

Retired Staff
8,228 posts

So BitDefender is on and working now?

Please disable any screensaver you might have running before completing the next steps.

Step-1.
Update and Run MalwareBytes

Double click the MalwareBytes icon on the desktop to run the program. The Dashboard will appear (see the image below).
Click the Update Now link on the right side of the console.
When update is complete select Settings > Detection and Protection and check (tick) Scan for rootkits
Go back to the Dashboard and click on the green Scan Now button.
If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.
On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
Click on the Export button and select Text file and save to the desktop.

Copy and paste the log back here.

Step-2.
Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Please go here then click on:

Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
When prompted double click on the icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
A new window will open:
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install. The following window will open:
Click the radio button beside Enable detection of potentially unwanted applications.
Now click on Advanced Settings and select the following:
Uncheck the box beside Remove found threats
Check the boxes for Scan archives, Scan for potentially unsafe applications andEnable Anti-Stealth Technology
Now click on:
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.When The Scan is Complete:

A.
If No Threats Were Found:
- Put a check mark in Uninstall application on close
- Close the program
- Report to me that nothing was found
B.
If Threats Were Found:
- Click on list of threats found
- Click on export to text file and save it to the desktop as ESET SCAN.txt. NOTE:If the report doesn't come up automatically, you can find it at C:\Program Files\ESET\EsetOnlineScanner\log.txt. For 64 bit systems the log will be at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt
Click on Back
Put a check mark in Uninstall application on close Be sure you have saved the file first
Click on Finish
Close the program. Don't forget to enable your Antivirus program and screen saver.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The MlawareBytes log
2. If ESET didn't find any threats just tell me. If it did please post the ESET scan log.

#28
reach1

Posted 17 December 2014 - 08:13 AM

Member

Topic Starter
Member
130 posts

Bitdefender still turns on 30 seconds late and turns off 10 seconds early on startup and shut down.

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 12/17/2014 7:29:25 AM, SYSTEM, GATEWAY400VTX, Manual, Rootkit Database, 2014.11.22.1, 2014.12.14.1,
Update, 12/17/2014 7:29:25 AM, SYSTEM, GATEWAY400VTX, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 12/17/2014 7:29:31 AM, SYSTEM, GATEWAY400VTX, Manual, Malware Database, 2014.11.26.3, 2014.12.17.2,
Update, 12/17/2014 7:29:37 AM, SYSTEM, GATEWAY400VTX, Manual, program, 2.0.3.1025, 2.0.4.1028,
Update, 12/17/2014 7:32:32 AM, SYSTEM, GATEWAY400VTX, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 12/17/2014 7:32:32 AM, SYSTEM, GATEWAY400VTX, Manual, Rootkit Database, 2014.11.18.1, 2014.12.14.1,
Update, 12/17/2014 7:32:37 AM, SYSTEM, GATEWAY400VTX, Manual, Malware Database, 2014.11.20.6, 2014.12.17.2,
Scan, 12/17/2014 7:44:02 AM, SYSTEM, GATEWAY400VTX, Manual, Start:12/17/2014 7:33:09 AM, Duration:10 min 50 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

#29
reach1

Posted 17 December 2014 - 08:39 AM

Member

Topic Starter
Member
130 posts

oh wait I can scan files now with bitdefender. So it is working again even though its taking longer time than normal to launch. It used to be up and running the instant windows opened.

Eset had a clean pass.

#30
godawgs

Posted 17 December 2014 - 10:21 AM

Teacher

Retired Staff
8,228 posts

You posted the MBAM update log . I need to see the last scan log.

Step-1.
Get MBAM log

Launch MalwareBytes again.
The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
Choose the latest Scan Log, and click on the View button:
In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Give the file a name like MBAMlog and save the report to your Desktop.
Copy & Paste the entire contents of the report log in your next reply.

BitDefender is a bit of a resource hog. I'm glad it's working again. After I'm sure the machine is clean we can do some routine maintenance and see if that will reduce the launch time if you want.

Step-2.

Run Security Check

Download Security Check from here or here and save it to the Desktop.

Double click the SecurityCheck icon to run the application.
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The MBAM scan log
2. The checkup.txt log