Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bitdefender turns off on startup. [Solved]


  • This topic is locked This topic is locked

#31
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/18/2014
Scan Time: 1:00:34 AM
Logfile: MalwareB.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.18.01
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327381
Time Elapsed: 11 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

Advertisements


#32
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

 Results of screen317's Security Check version 0.99.93  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 ESET Online Scanner v3   
 Bitdefender Antivirus Free Edition   
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Adobe Flash Player     16.0.0.235  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 


  • 0

#33
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

The MBAM log looks good and ESET didn't find anything so your system is clean. Your Internet Explorer is outdated. If IE is your primary internet browser you really should upgrade it to IE8. Microsoft has discontinued support for IE8 but you still may be able to get it through Microsoft Updates. If you can't and still want to upgrade let me know and we will find you a stand alone copy.

 

Do you still want to do some system maintenance to see if that will improve the load up of Bit defender?

 

Please answer my questions and we will take it from there.


  • 0

#34
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Well I was finally able to install panda and removed bitdefender but that still has a 30 second startup delay. It would be nice if I knew how to setup these anti viruses to start before windows. I know Bitdefender before started up and was running the instant windows was. This is something I want to learn to do because I want to try out other free anti viruses.

 

My download bandwidth for this laptop reduced to 2 mbps it should be 35 mbps. In safe mode it is 35 mbps. Maybe thats because of all the software we had to install. I don't know but I'm a little concerned.


  • 0

#35
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I don't know what happened to your bandwidth, but it wasn't because we installed anything. The tools we used are all stand alone execute files...nothing installed. And you already had MalwareBytes and ESET installed.

Did you notice the bandwidth issue after trying to uninstall BitDefender and install Panda?

Please don't install any additional software on the system while we are working on it unless I ask you to. Uninstalling/installing things clouds the issue and makes it harder to understand what's going on.

 

Please get me a fresh FRST scan:

 

Fabar Recovery Scan

Close all open Windows and browsers

  • Double-click the FRST.exe file to run it.
  • When the tool opens click Yes to disclaimer.
  • Under Optional Scan, click the box beside Addition.txt
  • Press Scan button.
    xFRSTconsolelatest-petit.jpg
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.

 

 


  • 0

#36
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I thought we were done, well before I read this I deleted panda and dl avast, sorry about that. my bandwidth was slow before I did any installing/removing. Around a month ago my band width was a little slower than normal only on my laptop but I didn't think any thing of it.


  • 0

#37
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by Owner (administrator) on GATEWAY400VTX on 19-12-2014 12:08:13
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-02-07] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-19] (AVAST Software)
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\XP SP3 N1280.exe [5656576 2014-10-05] (Microsoft Corporation)
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoDrives] 0x00FCFF03
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSMHelp] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoLogoff] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoWinKeys] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoUserNameInStartMenu] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsMenu] 0x00000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoActiveDesktop] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSMMyPictures] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSharedDocuments] 0x01000000
AppInit_DLLs: prio.dll => C:\Program Files\Prio\prio.dll [15216 2012-11-08] (O&K Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKU\S-1-5-21-1606980848-1957994488-289805187-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.43

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Extension: Disconnect - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Go-Mobile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Zoom Page - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-19] (AVAST Software)
S2 PandaAgent; "C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-19] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-19] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-19] ()
R1 prio; C:\WINDOWS\System32\drivers\prio.sys [54128 2012-11-08] (Xeno)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [244560 2003-10-02] (SigmaTel, Inc.)
S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [120830 2003-10-08] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [98842 2003-10-08] (Intel Corporation)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 12:07 - 2014-12-19 12:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2014-12-19 10:10 - 2014-12-19 10:10 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2014-12-19 09:52 - 2014-12-19 09:52 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVAST Software
2014-12-19 09:39 - 2014-12-19 09:39 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-12-19 09:39 - 2014-12-19 09:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2014-12-19 09:38 - 2014-12-19 09:38 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-19 09:38 - 2014-12-19 09:38 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-12-19 09:38 - 2014-12-19 09:38 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-19 09:38 - 2014-12-19 09:37 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-19 09:38 - 2014-12-19 09:37 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-19 09:37 - 2014-12-19 09:37 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-19 09:35 - 2014-12-19 09:35 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-19 09:30 - 2014-12-19 09:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-12-19 06:38 - 2014-12-19 06:38 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Application Data\Macromedia
2014-12-19 06:38 - 2014-12-19 06:38 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Application Data\Adobe
2014-12-19 06:35 - 2014-12-19 06:35 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Local Settings\Application Data\Mozilla
2014-12-19 06:35 - 2014-12-19 06:35 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Application Data\Mozilla
2014-12-19 05:34 - 2014-12-19 05:34 - 00096486 _____ () C:\Documents and Settings\All Users\Application Data\1418988752.bdinstall.bin
2014-12-19 05:28 - 2014-12-19 05:28 - 00031968 _____ () C:\Documents and Settings\All Users\Application Data\1418988530.bdinstall.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00039187 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.3740.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00008071 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.3876.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00002406 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.1240.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00000956 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.1664.bin
2014-12-19 05:25 - 2014-12-19 05:25 - 00037462 _____ () C:\Documents and Settings\All Users\Application Data\1418988328.bdinstall.bin
2014-12-19 05:13 - 2014-12-19 10:10 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Panda Security
2014-12-19 05:09 - 2014-12-19 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Panda Security
2014-12-18 01:24 - 2014-12-18 01:24 - 00852505 _____ () C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
2014-12-18 01:20 - 2014-12-18 01:20 - 00001062 _____ () C:\Documents and Settings\Owner\Desktop\MalwareB.txt
2014-12-17 10:00 - 2014-12-17 10:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-17 08:19 - 2014-12-17 08:19 - 02347384 _____ (ESET) C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
2014-12-16 06:23 - 2014-12-16 06:23 - 00000797 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-12-16 06:04 - 2014-12-16 06:04 - 01707646 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2014-12-14 06:05 - 2014-12-16 06:42 - 00000000 ____D () C:\AdwCleaner
2014-12-14 06:02 - 2014-12-14 06:02 - 02166272 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
2014-12-14 05:24 - 2014-12-14 05:24 - 00001534 _____ () C:\Documents and Settings\Owner\Desktop\Fixlist.txt
2014-12-14 04:56 - 2014-12-14 04:56 - 00005643 _____ () C:\Documents and Settings\Owner\Desktop\RKreport_DEL_12142014_045341.log
2014-12-14 04:31 - 2014-12-14 04:31 - 00003914 _____ () C:\Documents and Settings\Owner\Desktop\New Text Document.txt
2014-12-13 05:18 - 2014-12-13 05:18 - 00011642 _____ () C:\Documents and Settings\Owner\Desktop\Addition.txt
2014-12-13 05:17 - 2014-12-19 12:08 - 00022816 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-12-13 05:17 - 2014-12-19 12:08 - 00000000 ____D () C:\FRST
2014-12-13 05:15 - 2014-12-19 12:07 - 01113600 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-12-13 04:44 - 2014-12-13 04:45 - 15201368 _____ () C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
2014-12-11 05:00 - 2014-12-11 05:00 - 00043136 _____ () C:\Documents and Settings\Owner\Desktop\OTL.Txt
2014-12-11 05:00 - 2014-12-11 05:00 - 00026334 _____ () C:\Documents and Settings\Owner\Desktop\Extras.Txt
2014-12-11 04:50 - 2014-12-11 04:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2014-12-09 02:37 - 2014-12-09 02:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-22 12:47 - 2014-11-22 12:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Rainmaker_Software_Group_

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 12:08 - 2014-04-05 14:37 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-12-19 11:51 - 2014-05-09 07:45 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-19 11:41 - 2014-05-08 18:06 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-12-19 11:41 - 2014-05-08 18:06 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-12-19 11:41 - 2014-04-05 17:26 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-12-19 11:41 - 2014-04-05 14:37 - 00000000 ____D () C:\Documents and Settings\Owner
2014-12-19 10:30 - 2014-09-15 14:05 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 10:22 - 2014-05-08 14:47 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-12-19 10:21 - 2014-04-05 14:37 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-19 10:21 - 2004-08-04 06:00 - 00012984 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-19 06:43 - 2014-05-26 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus
2014-12-19 06:43 - 2014-04-05 14:31 - 00000000 ___SD () C:\Documents and Settings\Owner\UserData
2014-12-19 06:40 - 2014-09-14 03:11 - 00000178 ___SH () C:\Documents and Settings\Administrator.GATEWAY400VTX\ntuser.ini
2014-12-19 06:39 - 2014-09-22 15:59 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Local Settings\temp
2014-12-19 05:13 - 2014-04-05 14:25 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-12-17 10:00 - 2014-10-19 07:55 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-12-17 10:00 - 2014-06-13 17:40 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-17 10:00 - 2014-06-13 17:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-17 07:32 - 2014-09-15 14:04 - 00001721 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 07:31 - 2014-09-15 14:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-17 07:31 - 2014-09-15 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-15 00:01 - 2014-04-05 14:19 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-14 04:35 - 2014-09-22 17:50 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-10 02:32 - 2014-05-09 07:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-21 22:52 - 2014-09-30 04:08 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-11-21 22:22 - 2014-04-05 14:22 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-11-21 22:21 - 2014-06-13 19:50 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-11-21 22:21 - 2014-06-13 19:50 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-11-21 06:14 - 2014-09-15 14:04 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-09-15 14:04 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-20 12:36 - 2014-09-14 03:11 - 00001599 _____ () C:\Documents and Settings\Administrator.GATEWAY400VTX\Start Menu\Programs\Remote Assistance.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Owner at 2014-12-19 12:09:20
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GTW Modem (HKLM\...\GTW Modem) (Version:  - )
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Prio (HKLM\...\Prio) (Version: 2.0.0.2960 - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Solitaire XP version 1.0 (HKLM\...\{2187FAB6-013A-4983-825F-F57F7BBBA373}_is1) (Version: 1.0 - SOLITAIREXP.COM)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-12-2014 00:01:54 System Checkpoint
19-12-2014 09:35:31 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 06:00 - 2014-09-22 15:54 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-19 09:38 - 2014-12-19 09:38 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121900\algo.dll
2014-12-19 09:37 - 2014-12-19 09:37 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uxpatch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uxpatch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1606980848-1957994488-289805187-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.GATEWAY400VTX
ASPNET (S-1-5-21-1606980848-1957994488-289805187-1005 - Limited - Enabled)
Guest (S-1-5-21-1606980848-1957994488-289805187-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1606980848-1957994488-289805187-1000 - Limited - Disabled)
Owner (S-1-5-21-1606980848-1957994488-289805187-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1606980848-1957994488-289805187-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® PRO/Wireless 2915ABG Network Connection
Description: Intel® PRO/Wireless 2915ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: w29n51
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Modem
Description: PCI Modem
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Mobile Intel® Celeron® CPU 2.20GHz
Percentage of memory in use: 29%
Total physical RAM: 1014.42 MB
Available physical RAM: 720.01 MB
Total Pagefile: 2440.66 MB
Available Pagefile: 2248.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.25 GB) (Free:30.84 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 2BE2254E)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#38
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I think there is a chance that bandwidth issue may be my web browser. I only have one browser and was auto updating, I may just have to reset it.


  • 0

#39
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Please wait to reset the browser or router if you are using one until we get this sorted.

I thought we were finished too, except for cleaning up our tools. The issue you are having with the antivirus program loading slow and showing Disabled is probably due to the remnants of the AV programs that have been uninstalled.
AV programs are notorious for not uninstalling completely, thus causing issues with any new AV program that is installed. I can see remnants of PC Cleanup Pro, BitDefender and Panda still left on the system. And the Avast av program shows that it is disabled.
And the log also shows that the Cryptographic service isn't running now:

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

Did you stop this service?

What I want to do is run a FRST fix to un-hide a Panda Devices Agent entry in the list of installed programs so it can be uninstalled. Then run the BitDefender and Panda removal tools to completely remove those programs. Then I need another FRST fix to look for and residual registry entries for PC Cleaner Pro and to the presents of the i386 folder.

Then we need to run a tool to check the services on the system.
I would suggest downloading all the files/tools first and save them to the desktop. Then we can run them.
There is a lot to do here so take your time and if you have any questions Stop and Ask.
 
 
Step-1.
Download the following and save them to the desktop:

1. Click here to download the BitDefender uninstall tool and save it to the desktop.

2. Click here to download the Panda Uninstaller tool and save the file to the desktop.

3. Please download the Farbar Service Scanner and save the file to the desktop.

Step-2.
FRST Fix

Warning: This fix is relevant for this system and no other. If you are not this user, Do NOT follow these directions as they could damage the workings of your system.

  • Download attached fixlist.txt file and save it to the same location the FRST.exe file is in. [attachment=74372:Fixlist.txt]
    NOTE: It's important that both files, FRST.exe / FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • Run FRST and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • The Fixlog.txt file can also be found in the same location that the program was run from.

Step-3.
Uninstall a Program

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security)


3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.
 
Step-4.
Run the BitDefender Removal Tool

  • Double-click the BD_Free_Uninstall_Tool.exe file ro run the program.
  • After a couple of moments the uninstall tool interface will appear;
  • Click Uninstall
    uninstall%20tool.png
  • Wait for the tool to display the completion message and then restart your computer.

NOTE: During the uninstall process, the uninstall tool searches the computer for all the BitDefender previous versions that might have been installed on the computer. If it doesn’t find a certain version (ex. BitDefender 2008), it will display a red X in the window; this is a perfectly normal behavior.
 
Step-5.
Run the Panda AV Remoaval tool

  • Double-click the UNINSTALLER.EXE file to run the program.
  • Click Yes when a window showing the following message is displayed:

    Do you want to run this uninstaller?
    WARNING: It will reboot at the end to ensure a clean uninstall.

  • Even if the window is not displayed, reboot your computer once the uninstallation process is completed.

Step-6.
Run Farbar Service Scanner
 

  • Double click the FSS.exe file on the desktop to run it.

    fss1.jpg
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-7.
Farbar Search
Close all open Windows and browsers

  • Double-click the FRST.exe file to run it.
  • When the tool opens click Yes to disclaimer.
  • In the Search box, type or Copy and Paste the following:
    PC Cleaner Pro;PCCleanerPro
  • Click the Search Registry button.
  • You will see a progress bar, then a message pops up indicating that the search is completed and the Search.txt log is saved in the same location where FRST.exe is located.
  • Please copy and paste it to your reply.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question about the Cryptographic service
2. The Fixlog.txt log
3. Let me know if you had any problems uninstalling the Panda Devices Agent program.
4. Let me know if there were any problems running the BitDefender and Panda removal tools.
5. The FSS.txt log
6. The Search.txt log
 


  • 0

#40
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

1.

CryptSvc service is set on manual.

 

 

2.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-12-2014
Ran by Owner at 2014-12-20 11:47:21 Run:2
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
closeprocesses:
AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
2014-11-22 12:47 - 2014-11-22 12:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Rainmaker_Software_Group_
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
findfolder:i386
emptytemp:
*****************

Processes closed successfully.
AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB} => The item is protected. Make sure the software is uninstalled and its services are removed.
C:\Documents and Settings\Owner\Local Settings\Application Data\Rainmaker_Software_Group_ => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent\\SystemComponent => Value not found.
================== FindFolder: "findfolder:i386" ===================

No folder found
EmptyTemp: => Removed 19.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

3.

In add/Remove I got a error 1721 and cound not remove Panda agent but I ran the Panda uninstaller and that removed the program from the add/remove list without a hitch.

 

4.

Both uninstall tools ran great.

 

 

5.

Farbar Service Scanner Version: 21-07-2014
Ran by Owner (administrator) on 20-12-2014 at 12:30:04
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc: "%SystemRoot%\System32\cryptsvc.dll".


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(12) Gpc(3) IPSec(5) NetBT(6) prio(11) PSched(7) Tcpip(4)
0x0C00000005000000010000000200000003000000040000000C0000000B0000000A00000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

 

 

 

6.

Farbar Recovery Scan Tool (x86) Version: 20-12-2014
Ran by Owner at 2014-12-20 12:33:14
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

================== Search Registry: "PC Cleaner Pro;PCCleanerPro" ===========

====== End Of Search ======


  • 0

Advertisements


#41
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Connection Status:
==============
*

*
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

 

I know this is off topic but I wanted to point this out.

Why is this in here? Do I really need to connect to google and yahoo? I wonder how much system resorces they use.


  • 0

#42
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Connection Status:
==============
*
*
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
I know this is off topic but I wanted to point this out.
Why is this in here? Do I really need to connect to google and yahoo? I wonder how much system resorces they use.

This is simply the program checking the system's ability to connect to a website by pinging the Google and Yahoo sites. It doesn't use any system resources once it is finished.
 

CryptSvc service is set on manual.

Did you set it to manual on purpose?
 
Do you know anything about these services that aren't running? Did you turn them off on purpose?
1.
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
2.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

 

Looks like the fixes did their job. Let's have one last look with FRST to make sure the entries are gone.

 

Fabar Recovery Scan

Close all open Windows and browsers

  • Double-click the FRST.exe file to run it.
  • When the tool opens click Yes to disclaimer.
  • Under Optional Scan, click the box beside Addition.txt
  • Press Scan button.
    xFRSTconsolelatest-petit.jpg
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.

  • 0

#43
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

1.

Turned them to disable or manual some time ago, a while back.

 

 

 

2.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014
Ran by Owner (administrator) on GATEWAY400VTX on 20-12-2014 17:50:06
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-02-07] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-19] (AVAST Software)
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\XP SP3 N1280.exe [5656576 2014-10-05] (Microsoft Corporation)
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoDrives] 0x00FCFF03
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSMHelp] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoLogoff] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoWinKeys] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoUserNameInStartMenu] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoRecentDocsMenu] 0x00000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoActiveDesktop] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSMMyPictures] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKU\S-1-5-21-1606980848-1957994488-289805187-1003\...\Policies\Explorer: [NoSharedDocuments] 0x01000000
AppInit_DLLs: prio.dll => C:\Program Files\Prio\prio.dll [15216 2012-11-08] (O&K Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKU\S-1-5-21-1606980848-1957994488-289805187-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.43

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Extension: Disconnect - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Go-Mobile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Zoom Page - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\[email protected] [2014-11-22]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-19] (AVAST Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-19] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-19] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-19] ()
R1 prio; C:\WINDOWS\System32\drivers\prio.sys [54128 2012-11-08] (Xeno)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [244560 2003-10-02] (SigmaTel, Inc.)
S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [120830 2003-10-08] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [98842 2003-10-08] (Intel Corporation)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 12:33 - 2014-12-20 12:33 - 00000276 _____ () C:\Documents and Settings\Owner\Desktop\Search.txt
2014-12-20 12:30 - 2014-12-20 12:30 - 00003179 _____ () C:\Documents and Settings\Owner\Desktop\FSS.txt
2014-12-20 12:11 - 2014-12-20 12:12 - 00000000 ____D () C:\SMCLpav
2014-12-20 11:44 - 2014-12-20 11:44 - 02935344 _____ () C:\Documents and Settings\Owner\Desktop\BD_Free_Uninstall_Tool.exe
2014-12-20 11:44 - 2014-12-20 11:44 - 00757656 _____ () C:\Documents and Settings\Owner\Desktop\UNINSTALLER.exe
2014-12-20 11:44 - 2014-12-20 11:44 - 00415232 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FSS.exe
2014-12-19 12:07 - 2014-12-20 11:47 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2014-12-19 10:10 - 2014-12-19 10:10 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2014-12-19 09:52 - 2014-12-19 09:52 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVAST Software
2014-12-19 09:39 - 2014-12-19 09:39 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-12-19 09:39 - 2014-12-19 09:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2014-12-19 09:38 - 2014-12-19 09:38 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-19 09:38 - 2014-12-19 09:38 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-12-19 09:38 - 2014-12-19 09:38 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-19 09:38 - 2014-12-19 09:37 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-19 09:38 - 2014-12-19 09:37 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-19 09:38 - 2014-12-19 09:37 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-19 09:37 - 2014-12-19 09:37 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-19 09:35 - 2014-12-19 09:35 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-19 09:30 - 2014-12-19 09:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-12-19 06:38 - 2014-12-19 06:38 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Application Data\Macromedia
2014-12-19 06:38 - 2014-12-19 06:38 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Application Data\Adobe
2014-12-19 06:35 - 2014-12-19 06:35 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Local Settings\Application Data\Mozilla
2014-12-19 06:35 - 2014-12-19 06:35 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Application Data\Mozilla
2014-12-19 05:34 - 2014-12-19 05:34 - 00096486 _____ () C:\Documents and Settings\All Users\Application Data\1418988752.bdinstall.bin
2014-12-19 05:28 - 2014-12-19 05:28 - 00031968 _____ () C:\Documents and Settings\All Users\Application Data\1418988530.bdinstall.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00039187 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.3740.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00008071 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.3876.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00002406 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.1240.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00000956 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.1664.bin
2014-12-19 05:25 - 2014-12-19 05:25 - 00037462 _____ () C:\Documents and Settings\All Users\Application Data\1418988328.bdinstall.bin
2014-12-19 05:13 - 2014-12-19 10:10 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Panda Security
2014-12-19 05:09 - 2014-12-19 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Panda Security
2014-12-18 01:24 - 2014-12-18 01:24 - 00852505 _____ () C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
2014-12-18 01:20 - 2014-12-18 01:20 - 00001062 _____ () C:\Documents and Settings\Owner\Desktop\MalwareB.txt
2014-12-17 10:00 - 2014-12-17 10:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-17 08:19 - 2014-12-17 08:19 - 02347384 _____ (ESET) C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
2014-12-16 06:23 - 2014-12-16 06:23 - 00000797 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-12-16 06:04 - 2014-12-16 06:04 - 01707646 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2014-12-14 06:05 - 2014-12-16 06:42 - 00000000 ____D () C:\AdwCleaner
2014-12-14 06:02 - 2014-12-14 06:02 - 02166272 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
2014-12-14 04:56 - 2014-12-14 04:56 - 00005643 _____ () C:\Documents and Settings\Owner\Desktop\RKreport_DEL_12142014_045341.log
2014-12-14 04:31 - 2014-12-14 04:31 - 00003914 _____ () C:\Documents and Settings\Owner\Desktop\New Text Document.txt
2014-12-13 05:18 - 2014-12-19 12:38 - 00009376 _____ () C:\Documents and Settings\Owner\Desktop\Addition.txt
2014-12-13 05:17 - 2014-12-20 17:50 - 00022567 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-12-13 05:17 - 2014-12-20 17:50 - 00000000 ____D () C:\FRST
2014-12-13 05:15 - 2014-12-20 11:47 - 01114112 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-12-13 04:44 - 2014-12-13 04:45 - 15201368 _____ () C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
2014-12-11 05:00 - 2014-12-11 05:00 - 00043136 _____ () C:\Documents and Settings\Owner\Desktop\OTL.Txt
2014-12-11 05:00 - 2014-12-11 05:00 - 00026334 _____ () C:\Documents and Settings\Owner\Desktop\Extras.Txt
2014-12-11 04:50 - 2014-12-11 04:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2014-12-09 02:37 - 2014-12-09 02:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 17:50 - 2014-04-05 14:37 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-12-20 17:49 - 2014-05-08 18:06 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-12-20 17:49 - 2014-05-08 18:06 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-12-20 17:49 - 2014-04-05 17:26 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-12-20 17:49 - 2014-04-05 14:37 - 00000000 ____D () C:\Documents and Settings\Owner
2014-12-20 15:44 - 2014-05-09 07:45 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-20 12:13 - 2014-05-08 14:47 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-12-20 12:13 - 2004-08-04 06:00 - 00012984 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-20 12:12 - 2014-04-05 14:37 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-19 16:04 - 2014-09-30 04:08 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-12-19 15:31 - 2014-09-14 03:11 - 00000178 ___SH () C:\Documents and Settings\Administrator.GATEWAY400VTX\ntuser.ini
2014-12-19 14:59 - 2014-09-15 14:05 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 14:58 - 2014-09-22 15:59 - 00000000 ____D () C:\Documents and Settings\Administrator.GATEWAY400VTX\Local Settings\temp
2014-12-19 06:43 - 2014-05-26 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus
2014-12-19 06:43 - 2014-04-05 14:31 - 00000000 ___SD () C:\Documents and Settings\Owner\UserData
2014-12-19 05:13 - 2014-04-05 14:25 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-12-17 10:00 - 2014-10-19 07:55 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-12-17 10:00 - 2014-06-13 17:40 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-17 10:00 - 2014-06-13 17:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-17 07:32 - 2014-09-15 14:04 - 00001721 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 07:31 - 2014-09-15 14:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-17 07:31 - 2014-09-15 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-15 00:01 - 2014-04-05 14:19 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-14 04:35 - 2014-09-22 17:50 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-10 02:32 - 2014-05-09 07:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-21 22:22 - 2014-04-05 14:22 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-11-21 22:21 - 2014-06-13 19:50 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-11-21 22:21 - 2014-06-13 19:50 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-11-21 06:14 - 2014-09-15 14:04 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-09-15 14:04 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2014
Ran by Owner at 2014-12-20 17:51:18
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GTW Modem (HKLM\...\GTW Modem) (Version:  - )
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Prio (HKLM\...\Prio) (Version: 2.0.0.2960 - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Solitaire XP version 1.0 (HKLM\...\{2187FAB6-013A-4983-825F-F57F7BBBA373}_is1) (Version: 1.0 - SOLITAIREXP.COM)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-12-2014 00:01:54 System Checkpoint
19-12-2014 09:35:31 avast! antivirus system restore point
20-12-2014 11:54:07 Removed Panda Devices Agent.
20-12-2014 11:54:50 Removed Panda Devices Agent.
20-12-2014 11:56:28 Removed Panda Devices Agent.
20-12-2014 12:00:30 Removed Panda Devices Agent.
20-12-2014 12:01:38 Removed Panda Devices Agent.
20-12-2014 12:02:27 Removed Panda Devices Agent.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 06:00 - 2014-09-22 15:54 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-20 16:15 - 2014-12-20 16:15 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122001\algo.dll
2014-12-19 09:37 - 2014-12-19 09:37 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uxpatch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uxpatch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1606980848-1957994488-289805187-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.GATEWAY400VTX
ASPNET (S-1-5-21-1606980848-1957994488-289805187-1005 - Limited - Enabled)
Guest (S-1-5-21-1606980848-1957994488-289805187-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1606980848-1957994488-289805187-1000 - Limited - Disabled)
Owner (S-1-5-21-1606980848-1957994488-289805187-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1606980848-1957994488-289805187-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® PRO/Wireless 2915ABG Network Connection
Description: Intel® PRO/Wireless 2915ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: w29n51
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Modem
Description: PCI Modem
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Mobile Intel® Celeron® CPU 2.20GHz
Percentage of memory in use: 22%
Total physical RAM: 1014.42 MB
Available physical RAM: 785.08 MB
Total Pagefile: 2440.66 MB
Available Pagefile: 2253.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.25 GB) (Free:30.6 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 2BE2254E)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#44
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Turned them to disable or manual some time ago, a while back.

I hope you got all of the latest/last updates for XP before you did this. As you probably know, Microsoft stopped supporting XP in April of this year. XP no longer receives updates so your system is vulnerable and will remain vulnerable from now on. If you didn't get the  final updates listed before the support ended, your system is even more vulnerable. See the Microsoft Windows XP end of life page here for more information.
 
The last fix removed the PC Cleaner Pro from the list of installed AV programs, but there are still some BitDefender and Panda remnants showing, even after running the removal tools. So we will remove them and the removal tools we used.
Then we will do some general maintenance on the machine and see if that helps.
 
Step-1.
FRST Fix

Warning: This fix is relevant for this system and no other. If you are not this user, Do NOT follow these directions as they could damage the workings of your system.

  • Download attached fixlist.txt file and save it to the same location the FRST.exe file is in. [attachment=74388:Fixlist.txt]
    NOTE: It's important that both files, FRST.exe / FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • Run FRST and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • The Fixlog.txt file can also be found in the same location that the program was run from.

Step-2.
Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to a tutorial by Dakeyras, found  here and follow the instructions for Graphical Mode if you so wish.
NOTE: If you decide to use the Graphical Mode, close the Command window after Defrag has finished by typing Exit at the blinking cursor and pressing the Enter key.

  • Click Start , then click Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and press the Enter key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Deragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
    NOTE: If you chose to use the Graphical Mode, this would be where you close the Command window. To close the Command window, type Exit at the blinking cursor and press the Enter key. If you want to continue in the Command window, complete the remaining steps.
  • Now type in CHKDSK C: /R and press the Enter key.
  • When prompted with:

    CHKDSK cannot run because the volume is in use by another process
    Would you like to schedule this volume to be checked next time the system
    restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and press the Enter key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

ChkDsk01.png

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.
 
Let's delete the browsing history and clear the cache for Firefox and see if that helps with the band width.
 
Step-3.
Please go to the Mozilla Support page here.
In the Table of Contents, click the link for How Do I Clear My History?. You will be taken to the instructions.
In the Time range to clear: box, click Everything
In the Details section make sure the following boxes are checked:
Browsing&Download History
Cookies
Cache
 
NEXT...
 
Click the Firefox Menu button again.
Click Options
Click the Advanced icon at the top of the page.
Click the Network tab.
In the Cached Web Content, click Clear Now.
Close Firefox and reboot the system.
 
Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.

1. The Fixlog.txt log
2. Did the maintenance items help?


  • 0

#45
reach1

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

1.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-12-2014 01
Ran by Owner at 2014-12-21 09:59:45 Run:3
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
2014-12-20 11:44 - 2014-12-20 11:44 - 02935344 _____ () C:\Documents and Settings\Owner\Desktop\BD_Free_Uninstall_Tool.exe
2014-12-20 11:44 - 2014-12-20 11:44 - 00757656 _____ () C:\Documents and Settings\Owner\Desktop\UNINSTALLER.exe
2014-12-19 05:34 - 2014-12-19 05:34 - 00096486 _____ () C:\Documents and Settings\All Users\Application Data\1418988752.bdinstall.bin
2014-12-19 05:28 - 2014-12-19 05:28 - 00031968 _____ () C:\Documents and Settings\All Users\Application Data\1418988530.bdinstall.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00039187 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.3740.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00008071 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.3876.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00002406 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.1240.bin
2014-12-19 05:25 - 2014-12-19 05:26 - 00000956 _____ () C:\Documents and Settings\All Users\Application Data\1418988334.1664.bin
2014-12-19 05:25 - 2014-12-19 05:25 - 00037462 _____ () C:\Documents and Settings\All Users\Application Data\1418988328.bdinstall.bin
2014-12-19 05:13 - 2014-12-19 10:10 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Panda Security
2014-12-19 05:09 - 2014-12-19 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Panda Security
2014-12-18 01:24 - 2014-12-18 01:24 - 00852505 _____ () C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
2014-12-17 08:19 - 2014-12-17 08:19 - 02347384 _____ (ESET) C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
2014-12-16 06:23 - 2014-12-16 06:23 - 00000797 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-12-16 06:04 - 2014-12-16 06:04 - 01707646 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2014-12-14 06:05 - 2014-12-16 06:42 - 00000000 ____D () C:\AdwCleaner
2014-12-14 06:02 - 2014-12-14 06:02 - 02166272 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
2014-12-14 04:56 - 2014-12-14 04:56 - 00005643 _____ () C:\Documents and Settings\Owner\Desktop\RKreport_DEL_12142014_045341.log
2014-12-13 04:44 - 2014-12-13 04:45 - 15201368 _____ () C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
emptytemp:





*****************

C:\Documents and Settings\Owner\Desktop\BD_Free_Uninstall_Tool.exe => Moved successfully.
C:\Documents and Settings\Owner\Desktop\UNINSTALLER.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\1418988752.bdinstall.bin => Moved successfully.
C:\Documents and Settings\All Users\Application Data\1418988530.bdinstall.bin => Moved successfully.
C:\Documents and Settings\All Users\Application Data\1418988334.3740.bin => Moved successfully.
C:\Documents and Settings\All Users\Application Data\1418988334.3876.bin => Moved successfully.
C:\Documents and Settings\All Users\Application Data\1418988334.1240.bin => Moved successfully.
C:\Documents and Settings\All Users\Application Data\1418988334.1664.bin => Moved successfully.
C:\Documents and Settings\All Users\Application Data\1418988328.bdinstall.bin => Moved successfully.
C:\Documents and Settings\Owner\Application Data\Panda Security => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security => Moved successfully.
C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe => Moved successfully.
C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe => Moved successfully.
C:\Documents and Settings\Owner\Desktop\JRT.txt => Moved successfully.
C:\Documents and Settings\Owner\Desktop\JRT.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe => Moved successfully.
C:\Documents and Settings\Owner\Desktop\RKreport_DEL_12142014_045341.log => Moved successfully.
C:\Documents and Settings\Owner\Desktop\RogueKiller.exe => Moved successfully.
EmptyTemp: => Removed 82.5 MB temporary data.
 

 

 

 

 

2.

It didn't make a noticable difference.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP