[iammykyl]

Well done both of you

[Advertisements]

Certainly do appreciate your help in this iammmykyl

[Biscuithd]

Certainly do appreciate your help in this iammmykyl

[Biscuithd]

What you have posted is the Additions.txt log file. Necessary, but I also the FRST log file. It will be located in same place as the Additions.txt is located.

 

BTW, does the machine boot normally now?

[Warden]

It does boot normally now.Everything seems to be functioning properly. Here is the frst log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014 (ATTENTION: ====> FRST version is 24 days old and could be outdated)

Ran by Presenter (administrator) on TS8730WIMAGE on 17-12-2014 12:01:24

Running from C:\Documents and Settings\Presenter

Loaded Profile: Presenter (Available profiles: Presenter & Administrator)

Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe

(Anvisoft) C:\Program Files\Anvisoft\Cloud System Booster\CSBSvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

(Old McDonald's Farm) C:\Program Files\Autorun Eater\oldmcdonald.exe

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe

(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe

(Old McDonald's Farm) C:\Program Files\Autorun Eater\billy.exe

(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe

(Anvisoft) C:\Program Files\Anvisoft\Cloud System Booster\CloudSystemBooster.exe

() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe

(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe

(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe

(Farbar) C:\Documents and Settings\Presenter\FRST (1).exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-02] (Analog Devices, Inc.)

HKLM\...\Run: [AccelerometerSysTrayApplet] => C:\WINDOWS\system32\AccelerometerSt.Exe [82224 2008-10-14] (Hewlett-Packard Corporation)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [181816 2009-04-15] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2009-02-27] (Intel® Corporation)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-02-27] (Intel® Corporation)

HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [367128 2009-07-02] (Intel Corporation)

HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)

HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-23] (InterVideo Inc.)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)

HKLM\...\Run: [Autorun Eater] => C:\Program Files\Autorun Eater\oldmcdonald.exe [549400 2009-05-26] (Old McDonald's Farm)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)

HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)

HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4873248 2014-10-13] (Emsisoft GmbH)

HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-14] (Microsoft Corporation)

HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0

HKU\S-1-5-20\...\Run: [Adobe CSx Manager] => C:\Documents and Settings\NetworkService\Application Data\e08c65b2-6be0-44ba-9628-b61063a7657dad\ecbbebabadad.exe [0 2013-05-06] ()

HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0

HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)

HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)

HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [CloudSystemBooster] => C:\Program Files\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-05-29] (Anvisoft)

HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Google Update] => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)

HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0

Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk

ShortcutTarget: Monitor My eRooms (V7).lnk -> C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk

ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

Startup: C:\Documents and Settings\Presenter\Start Menu\Programs\Startup\program.lnk

ShortcutTarget: program.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\84F92340.cpp (No File)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

AlternateShell: 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

HKU\S-1-5-21-3866077675-454247996-117300071-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3866077675-454247996-117300071-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...r=282919698&ir=

SearchScopes: HKU\S-1-5-21-3866077675-454247996-117300071-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3866077675-454247996-117300071-1006 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKU\S-1-5-21-3866077675-454247996-117300071-1006 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-3866077675-454247996-117300071-1006 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3866077675-454247996-117300071-1006: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3866077675-454247996-117300071-1006: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-02]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-24]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)

S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)

R2 AnviCsbSvc; C:\Program Files\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-05-29] (Anvisoft)

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1164536 2008-06-12] (AuthenTec, Inc.)

S4 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] () [File not signed]

S4 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]

S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]

R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()

R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-23] (Oracle Corporation)

S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-02] (Symantec Corporation)

R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)

R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel® Corporation) [File not signed]

R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-02] (Intel Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2011-02-15] (Printing Communications Assoc., Inc. (PCAUSA))

S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539512 2009-07-02] (Broadcom Corporation.)

R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2009-07-02] (Broadcom Corporation.)

S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2009-07-02] (Broadcom Corporation.)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [239760 2009-03-27] (Intel Corporation)

S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)

S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)

S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)

S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)

S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)

R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2009-07-02] (Infineon Technologies AG)

R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-07-02] (Intel Corporation)

S3 NWUSBCDFIL; C:\WINDOWS\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)

S3 NWUSBPort2; C:\WINDOWS\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)

S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))

R3 rismc32; C:\WINDOWS\System32\DRIVERS\rismc32.sys [47616 2006-12-20] (RICOH Company, Ltd.)

R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)

R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2009-07-02] (Sonic Focus, Inc)

R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-12-02] ()

R2 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)

S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]

U2 CertPropSvc; No ImagePath

S4 IntelIde; No ImagePath

U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

S3 vpnva; system32\DRIVERS\vpnva.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-17 12:01 - 2014-12-17 12:02 - 00021194 _____ () C:\Documents and Settings\Presenter\FRST.txt

2014-12-17 12:00 - 2014-12-17 12:01 - 00000000 ____D () C:\FRST

2014-12-07 20:25 - 2014-11-24 03:13 - 01110016 _____ (Farbar) C:\Documents and Settings\Presenter\FRST (1).exe

2014-11-22 20:48 - 2014-12-17 08:32 - 00005768 _____ () C:\WINDOWS\setupapi.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-17 12:02 - 2010-07-12 11:49 - 00000000 ____D () C:\Documents and Settings\Presenter\Local Settings\temp

2014-12-17 12:02 - 2009-07-02 03:18 - 00632450 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-17 12:01 - 2009-07-15 10:43 - 00000000 ____D () C:\Documents and Settings\Presenter

2014-12-17 12:01 - 2009-07-02 07:30 - 01238555 _____ () C:\WINDOWS\WindowsUpdate.log

2014-12-17 12:00 - 2014-10-24 17:42 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-12-17 12:00 - 2014-05-24 06:38 - 00000430 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{DC2ABE27-FEA3-4C83-AFF4-55B4F05FBEF4}.job

2014-12-17 12:00 - 2010-08-29 20:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.001

2014-12-17 12:00 - 2009-07-02 14:36 - 00000281 ___SH () C:\boot.ini

2014-12-17 12:00 - 2009-07-02 03:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-12-17 12:00 - 2009-07-02 03:20 - 00000050 _____ () C:\WINDOWS\wiaservc.log

2014-12-17 12:00 - 2008-04-14 07:00 - 00000673 _____ () C:\WINDOWS\win.ini

2014-12-17 12:00 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini

2014-12-17 11:59 - 2014-02-06 08:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-17 11:59 - 2009-07-02 07:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-12-17 11:59 - 2008-04-14 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-12-17 11:56 - 2009-07-02 07:36 - 00032462 _____ () C:\WINDOWS\SchedLgU.Txt

2014-12-17 11:51 - 2014-02-06 08:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-17 11:43 - 2014-10-24 21:07 - 00002354 _____ () C:\Documents and Settings\Presenter\Desktop\Google Chrome Canary.lnk

2014-12-17 08:32 - 2013-01-18 09:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro

2014-12-16 11:22 - 2009-07-15 10:43 - 00000178 ___SH () C:\Documents and Settings\Presenter\ntuser.ini

2014-11-23 20:56 - 2010-03-22 20:08 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat

2014-11-23 20:18 - 2013-05-07 06:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-11-23 20:16 - 2014-10-24 21:04 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job

2014-11-21 22:23 - 2013-03-29 20:07 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\uTorrent

2014-11-21 11:15 - 2014-10-24 21:04 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job

2014-11-21 10:53 - 2014-10-24 20:47 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-11-21 01:47 - 2014-03-25 20:26 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

 

Files to move or delete:

====================

C:\Documents and Settings\Presenter\FRST (1).exe

 

 

Some content of TEMP:

====================

C:\Documents and Settings\Presenter\Local Settings\temp\stuprt.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

[Biscuithd]

Next steps

 

Scan with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your desktop.

 

• Right-click on icon and select Run as Administrator to start the tool.

Follow the prompts and click Scan.

Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.

 

Please include the contents of that file in your reply.

 

Fix with Junkware Removal Tool

 

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 

• Right-click on icon and select Run as Administrator to start the tool.

Follow the prompts and let this process run uninterrupted.

This scan can take a while, depending on your System specs.

Upon completion, a log (JRT.txt) will open on your desktop.

 

Please include the contents of that file in your reply.

 

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

 

Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow onscreen instructions inside the black box. This scan won't take long.
• Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

 

[Warden]

Adw:

 

# AdwCleaner v4.105 - Report created 19/12/2014 at 14:46:20

# Updated 08/12/2014 by Xplode

# Database : 2014-12-16.1 [Live]

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Presenter - TS8730WIMAGE

# Running from : C:\Documents and Settings\Presenter\My Documents\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp

Key Deleted : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Google Chrome v38.0.2125.104

 

 

*************************

 

AdwCleaner[R0].txt - [1102 octets] - [19/12/2014 14:39:50]

AdwCleaner[R1].txt - [1163 octets] - [19/12/2014 14:44:35]

AdwCleaner[S0].txt - [1092 octets] - [19/12/2014 14:46:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1152 octets] ##########

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Microsoft Windows XP x86

Ran by Presenter on Fri 12/19/2014 at 14:53:29.39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 12/19/2014 at 14:58:20.00

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

checkup.txt

 

 Results of screen317's Security Check version 0.99.93  

 Windows XP Service Pack 3 x86   

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

avast! Antivirus                

Emsisoft Anti-Malware           

 Antivirus out of date! (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 SpywareBlaster 5.0    

 Auslogics Registry Cleaner   

 Java 7 Update 71  

  Adobe Flash Player 14.0.0.179 Flash Player out of Date!  

 Adobe Reader XI  

 Google Chrome 38.0.2125.111 Google Chrome out of date!  

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C::  

````````````````````End of Log`````````````````````` 

 

[Biscuithd]

Ok, there's a couple of things to do here.

 

Your adobe Flash player is out of date, up date flash from Here UN-Check any optional offers like McAfee security scan.

 

Your anti-virus is out of date. Please update it or alternatively (if it is a paid for version and your subscription has run out) look at installing one of the options below:

Here are three good antivirus free for personal use:

• Avast
• Microsoft Security Essentials

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

 

Last, Chrome needs to be updated. Please allow Chrome to update or manually update it.

 

When you have each of those complete, run Security Check again to assure that the updates worked and are current.

 

Let me know when you have that complete. Also, let me know how the computer is working.

[Warden]

I tried to update google but keep getting error code 3.  Some quick research into fixes suggested opening the registry and going to saoftware policies then google.  However, there is no google under policies. I have included a screenshot of the error.  I also updated adobe using the link but it still looks like I have the latest version.  Screenshot attached as well. I did install avast as well.  Here is the log file from latest scan.  Computer seems to be running fine.  Haven't really been using it too much though.

 

 Results of screen317's Security Check version 0.99.93  

 Windows XP Service Pack 3 x86   

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled!  

Microsoft Security Essentials   

avast! Antivirus                

Emsisoft Anti-Malware           

 Antivirus out of date! (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:`````````

 Auslogics Registry Cleaner   

 Java 7 Update 71  

  Adobe Flash Player 14.0.0.179 Flash Player out of Date!

 Adobe Reader XI  

 Google Chrome (39.0.2171.95) 

````````Process Check: objlist.exe by Laurent````````

 system32 AvastSvc.exe -?-   

 system32 AvastUI.exe -?-   

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C::  

````````````````````End of Log``````````````````````

 

Attached Thumbnails

• 
• 

[Biscuithd]

I tried to update google but keep getting error code 3.  Some quick research into fixes suggested opening the registry and going to saoftware policies then google. 

 

If you're not using Chrome, then it's not an issues. However, if you do start to use it, you do need to update it as there are significant vulnerabilities. I'd completely uninstall Chrome and then re-install and then you'll get the newest version.

 

 

However, there is no google under policies. I have included a screenshot of the error.

 

The internet has a lot of good information and idea, however, that...is not one of them. The average home user should not perform "surgery" on the registry without some help. By way of example, if I were coaching you through a Registry fix, we'd Back Up the Registry first. Then, we'd use scripts and not "type" directly into the Registry.

 

 

I also updated adobe using the link but it still looks like I have the latest version.  Screenshot attached as well.

 

Same as above, uninstall all versions of Flash and then re-install.

 

There are a handful of significant items you absolutely need to keep updated. Adobe Reader, Java, Flash, Windows Operating System and A/V. Feel free to run System Check periodically and make sure things are up to date.

 

 

I did install avast as well.

 

Excellent! I'm a big fan of Avast.

 

 

Computer seems to be running fine.

 

That's good to hear! Let me know if you are going to work through the above issues. If so, I'll keep the topic open until all is well. If not, I'll help you remove all the tools that we used.

 

My suggestion is that we work through all the issues before closing the topic, but I'll let it be your choice

[Warden]

 

Ok, so I did as instructed and uninstalled chrome and adobe and here is the latest log file. I did just find out that I can't run the defragmeter. When I go to start all programs, accessories, system utilities, disk defragmenter the window opens but it won't analyze or defragment. No error messages or anything. Not sure if this is related to the malware but thought I should mention it just in case.

 

Also it appears as though chrome is updated but when I check the about chrome information I still get an error 3 message.  I have been doing some reading, but have not taken any action.

 

 Results of screen317's Security Check version 0.99.93  

 Windows XP Service Pack 3 x86   

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled!  

Microsoft Security Essentials   

avast! Antivirus                

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

 Java 7 Update 71  

 Adobe Reader XI  

 Google Chrome (41.0.2251.0) 

````````Process Check: objlist.exe by Laurent````````

 system32 AvastSvc.exe -?-   

 system32 avastui.exe -?-   

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C::  

````````````````````End of Log``````````````````````

Edited by Warden, 23 December 2014 - 12:08 PM.

[Biscuithd]

Try running chkdsk /r If that runs, then try the Defrag.

[Warden]

Ran chkdsk /r and then tried to run defrag with no luck.  No issue for me unless you think it is symptomatic of lingering malware.

[iammykyl]

Observation only.

You do need to be able to defrag a drive, otherwise performance will get slower and slower. 

You appear to be running 2 AVs

Info, > http://windows.micro...ntials-download.

[Biscuithd]

Yes, defraging would be a good thing. However, your dealing with a very old OS and there are a myriad of reasons why it might not defrag. I doubt that malware is one of them.

How is the machine running otherwise? And yes, one use one a/v. Since you have Avast installed and running, just "disable" MSE (Micrososoft Security Essentials)

Disable Microsoft Security Essentials
1
Click "Start," type "msconfig" into the search field and press "Enter." The System Configuration window opens.

2
Click the "Startup" tab.

3
Uncheck the box next to "Microsoft Antimalware Service," click "Apply" and "OK." Microsoft Security Essentials is now disabled.

[Warden]

So it is not in the add/remove programs or sys config files.  It shows when i go to start-all programs. When I do rty to start it I get Microsoft Security Client error code 0x80070002,  I did some reading and tried the microsoft fixit 50535 with no success either.  There are some other methods which suggest manually editing the registry but I have not tried those yet.  I think we have it to the best point possible now and I appreciate all of your efforts in assisting me with these issues.  It may be timeto suck it up and upgrade or buy a new machine, unless you have any further suggestions.