Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

couple issues


  • This topic is locked This topic is locked

#1
dolface755

dolface755

    Member

  • Member
  • PipPipPip
  • 212 posts

I have a couple issues with this computer. My mother recently gave it to me to tied me over until I could get a newer machine. The problems : I'm having are 1:cleaning it out: I can't seem to find all the files that are running, and I also can't seem to get rid of all the HP crap she had loaded on here.

2: It's running awfully slow fo a computer with 2 gigs of RAM on it so I would love to be able to speed it up along with speeding up Mozilla.

3: Everytime I log onto the computer and even when I log onto Mozilla it comes up with the hourglass saying that it's thinking and yet there aren't any processes running. And mozzilla keeps trying to open up another window on start up and then consecutively on every other page I start to load.

There are other things I'd like to do, but right now if I can get that accomplished I'd be happy

Thank you for your help

and please let me know what information is needed for helping me. I have already run a malware scan and will run a spybot scan in a little bit


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Hello,

See Here.
Then
Start a topic in the malware forum and post the frst.txt and additions.txt log

You could title the topic "Slow Computer" someone will respond.

Thanks
Joe
  • 0

#3
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

I have a couple issues with this computer. My mother recently gave it to me to tied me over until I could get a newer machine. The problems : I'm having are 1:cleaning it out: I can't seem to find all the files that are running, and I also can't seem to get rid of all the HP crap she had loaded on here.

2: It's running awfully slow fo a computer with 2 gigs of RAM on it so I would love to be able to speed it up along with speeding up Mozilla.

3: Everytime I log onto the computer and even when I log onto Mozilla it comes up with the hourglass saying that it's thinking and yet there aren't any processes running. And mozzilla keeps trying to open up another window on start up and then consecutively on every other page I start to load.

There are other things I'd like to do, but right now if I can get that accomplished I'd be happy

Thank you for your help

and please let me know what information is needed for helping me. I have already run a malware scan and will run a spybot scan in a little bit

 

 

First.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2015
Ran by home (administrator) on ACER-D928810BF0 (13-08-2015 15:06:57)
Running from C:\Documents and Settings\home\My Documents\Downloads
Loaded Profiles: home (Available Profiles: home & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(HP) C:\WINDOWS\System32\HPZipm12.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
() C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\System32\WBEM\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ePower_DMC] => C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [421888 2006-05-30] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27] (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://ca.yahoo.com
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-07] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3344879686-2638717043-3166630987-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{F9660150-E81B-42D0-850D-AF7A2B5B319A}: [DhcpNameServer] 192.168.1.254 75.153.176.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: https://ca.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-07] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-22]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-03-29] (Acer Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 CLCapSvc; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [254050 2006-04-27] () [File not signed]
R2 CLSched; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [114784 2006-04-27] () [File not signed]
R2 CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [61440 2006-04-27] (Cyberlink) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2006-02-17] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [143360 2005-01-21] () [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2009-04-11] (Oak Technology Inc.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-05-10] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [238000 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [186800 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2005-11-02] (Broadcom Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [61056 2006-05-24] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [40064 2006-05-24] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [74752 2006-05-24] (ENE Technology Inc.)
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [9600 2004-08-04] (Microsoft Corporation) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208384 2006-06-12] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-06-12] (Conexant Systems, Inc.)
R2 int15; C:\WINDOWS\system32\drivers\int15.sys [69632 2006-06-02] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2006-06-20] (NewTech Infosystems, Inc.) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [46592 2004-12-09] (SMSC)
R2 tvicport; C:\WINDOWS\system32\drivers\tvicport.sys [14544 2006-06-02] (EnTech Taiwan) [File not signed]
R2 zntport; C:\WINDOWS\system32\drivers\zntport.sys [6080 2006-06-02] (Zeal SoftStudio) [File not signed]
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTKRNL; system32\DRIVERS\btkrnl.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S2 eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [X]
S2 eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-13 15:06 - 2015-08-13 15:06 - 00000000 ____D C:\FRST
2015-08-12 14:04 - 2015-08-12 14:04 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-12 14:04 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\All Users\Desktop\Post Win10 Spybot-install.exe
2015-08-12 13:52 - 2015-08-13 00:20 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-08-12 13:52 - 2015-08-12 13:52 - 00001750 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-12 13:52 - 2015-08-12 13:52 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-08-12 13:52 - 2015-08-12 13:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-12 13:52 - 2015-08-12 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-12 13:52 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-08-12 13:45 - 2015-08-12 13:45 - 00001243 _____ C:\Documents and Settings\home\My Documents\malware scan.xml
2015-08-09 22:35 - 2015-08-09 22:35 - 00011014 _____ C:\Documents and Settings\home\My Documents\cc_20150809_223527.reg
2015-08-09 22:33 - 2015-08-09 22:33 - 00008192 ___SH C:\WINDOWS\Thumbs.db
2015-08-09 22:33 - 2015-08-09 22:33 - 00003072 ___SH C:\Thumbs.db
2015-08-09 22:21 - 2015-08-09 22:21 - 00000390 _____ C:\Documents and Settings\home\My Documents\cc_20150809_222115.reg
2015-08-09 22:20 - 2015-08-09 22:20 - 00014538 _____ C:\Documents and Settings\home\My Documents\cc_20150809_222024.reg
2015-08-09 21:51 - 2015-08-09 21:51 - 00005914 _____ C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log
2015-08-09 14:05 - 2015-08-09 14:05 - 00000000 ____D C:\WINDOWS\system32\URTTEMP
2015-08-08 09:18 - 2015-08-08 09:18 - 00000482 _____ C:\Documents and Settings\home\My Documents\cc_20150808_091805.reg
2015-08-08 09:14 - 2015-08-08 09:14 - 00710542 _____ C:\Documents and Settings\home\My Documents\cc_20150808_091414.reg
2015-08-07 19:59 - 2015-08-09 22:33 - 00003584 _____ C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-07 19:57 - 2015-08-07 19:57 - 00000614 _____ C:\Documents and Settings\home\Desktop\PhotoScape.lnk
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Program Files\PhotoScape
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\home\Application Data\PhotoScape
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape
2015-08-07 19:30 - 2015-08-07 19:30 - 00000000 ____D C:\Documents and Settings\home\Application Data\AVG2015
2015-08-07 19:29 - 2015-08-07 19:29 - 00000610 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ___HD C:\$AVG
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-08-07 19:27 - 2015-08-07 19:27 - 00000029 _____ C:\Documents and Settings\home\My Documents\avg code.txt
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\MFAData
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg2015
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-08-07 19:25 - 2015-08-07 19:26 - 00047762 _____ C:\Documents and Settings\home\My Documents\cc_20150807_192555.reg
2015-08-07 18:36 - 2015-08-09 22:15 - 00315928 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-08-07 18:23 - 2015-08-07 18:23 - 00005285 _____ C:\Documents and Settings\home\My Documents\fido conversation.txt
2015-08-07 18:05 - 2015-08-07 18:05 - 00000677 _____ C:\Documents and Settings\home\My Documents\New Fido.txt
2015-08-07 17:28 - 2015-08-07 17:29 - 01226962 _____ C:\Documents and Settings\home\My Documents\sys info.nfo
2015-08-07 16:16 - 2015-08-07 16:16 - 00000000 ____D C:\Documents and Settings\home\My Documents\Extracted Files
2015-08-07 15:44 - 2015-08-07 15:44 - 00070677 _____ C:\Documents and Settings\home\My Documents\overview windows.mht
2015-08-07 15:42 - 2015-08-07 15:42 - 00070677 _____ C:\Documents and Settings\home\My Documents\windows 7 update.mht
2015-08-07 15:39 - 2015-08-07 15:39 - 00001776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2015-08-07 15:39 - 2015-08-07 15:39 - 00001770 _____ C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\WINDOWS\Performance
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Microsoft Corporation
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\home\Application Data\Foxit Software
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\All Users\Foxit Software
2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Foxit Software
2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
2015-08-07 15:30 - 2015-08-07 15:30 - 00000000 ____D C:\Program Files\Foxit Software
2015-08-07 15:06 - 2015-08-07 15:06 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-07 15:05 - 2015-08-07 15:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-08-07 12:18 - 2015-08-07 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2015-08-07 12:12 - 2015-08-07 12:13 - 00004898 _____ C:\Documents and Settings\home\My Documents\cc_20150807_121250.reg
2015-08-06 20:24 - 2015-08-06 20:25 - 00001422 _____ C:\Documents and Settings\home\My Documents\cc_20150806_202455.reg
2015-08-06 20:18 - 2015-08-06 20:18 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\AvgSetupLog
2015-08-06 19:25 - 2015-08-06 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-06 18:50 - 2015-08-06 18:50 - 00018958 _____ C:\Documents and Settings\home\My Documents\cc_20150806_185015.reg
2015-08-06 18:13 - 2015-08-06 18:13 - 00023482 _____ C:\Documents and Settings\home\My Documents\duplicate.txt
2015-08-06 18:03 - 2015-08-12 13:28 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 18:03 - 2015-08-06 18:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-06 18:03 - 2015-08-06 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-06 18:03 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-06 17:47 - 2015-08-06 17:47 - 00000696 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Windows Media Player.lnk
2015-08-06 17:47 - 2015-08-06 17:47 - 00000000 __SHD C:\Documents and Settings\Donna\IETldCache
2015-08-06 17:47 - 2008-04-13 16:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-08-06 17:46 - 2015-08-06 17:57 - 00000178 ___SH C:\Documents and Settings\Donna\ntuser.ini
2015-08-06 17:46 - 2015-08-06 17:47 - 00000711 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Internet Explorer.lnk
2015-08-06 17:46 - 2015-08-06 17:47 - 00000646 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Outlook Express.lnk
2015-08-06 17:46 - 2015-08-06 17:46 - 00000000 ____D C:\Documents and Settings\Donna
2015-08-06 17:46 - 2014-03-13 09:49 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\TuneUp Software
2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Adobe
2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\Adobe
2015-08-06 17:46 - 2006-06-20 14:50 - 00034232 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 17:46 - 2006-06-20 13:50 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Acer Arcade
2015-08-06 17:46 - 2006-06-20 13:41 - 00000136 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\fusioncache.dat
2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\ATI
2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\ATI
2015-08-06 17:46 - 2006-06-20 13:26 - 00001507 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Remote Assistance.lnk
2015-08-06 17:46 - 2006-06-20 13:24 - 00000000 ___RD C:\Documents and Settings\Donna\Start Menu\Programs\Accessories
2015-08-06 17:46 - 2006-06-20 13:18 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Temp
2015-08-06 17:43 - 2015-08-06 17:43 - 00103400 _____ C:\Documents and Settings\home\My Documents\cc_20150806_174302.reg
2015-08-06 17:43 - 2015-08-06 17:43 - 00000516 _____ C:\Documents and Settings\home\My Documents\cc_20150806_174326.reg
2015-08-06 15:19 - 2015-08-06 15:19 - 00010364 _____ C:\Documents and Settings\home\My Documents\cc_20150806_151939.reg
2015-08-06 15:06 - 2015-08-09 13:50 - 00008704 ___SH C:\Documents and Settings\home\My Documents\Thumbs.db
2015-08-06 15:01 - 2015-08-06 15:01 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg
2015-07-28 11:02 - 2015-07-28 11:02 - 00238000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-07-28 11:02 - 2015-07-28 11:02 - 00186800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-07-23 16:44 - 2015-07-23 16:44 - 00031664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-13 15:07 - 2014-01-21 12:33 - 01063348 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-13 14:53 - 2014-01-21 10:42 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B11F248-9E1D-4583-9DDA-3BBA1F0533B1}.job
2015-08-13 13:18 - 2014-01-21 12:34 - 00000159 ____N C:\WINDOWS\wiadebug.log
2015-08-13 13:18 - 2006-06-20 15:15 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-13 13:17 - 2006-06-20 15:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-13 03:56 - 2014-01-21 12:34 - 00032472 ____N C:\WINDOWS\SchedLgU.Txt
2015-08-13 03:56 - 2014-01-21 12:34 - 00000049 ____N C:\WINDOWS\wiaservc.log
2015-08-13 03:56 - 2008-11-12 18:49 - 00000178 ___SH C:\Documents and Settings\home\ntuser.ini
2015-08-13 00:20 - 2006-06-20 14:07 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-08-09 14:05 - 2006-06-20 13:51 - 00513338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-07 19:21 - 2009-04-05 16:37 - 00009904 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-07 15:09 - 2014-01-22 09:59 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-07 15:09 - 2014-01-22 09:59 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-07 15:05 - 2014-01-22 09:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-08-07 15:05 - 2014-01-22 09:56 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-08-06 18:54 - 2014-01-27 16:13 - 00040480 _____ C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 18:52 - 2006-06-20 14:49 - 00209696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-06 17:47 - 2006-06-20 14:50 - 00045184 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 17:29 - 2014-01-21 12:38 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-08-06 15:16 - 2008-12-24 23:10 - 00002473 _____ C:\Documents and Settings\home\Desktop\Microsoft Word (2).lnk

==================== Files in the root of some directories =======

2014-01-21 12:34 - 2014-01-21 12:34 - 0000127 _____ () C:\Documents and Settings\home\Local Settings\Application Data\fusioncache.dat
2015-08-07 19:59 - 2015-08-09 22:33 - 0003584 _____ () C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-09 21:51 - 2015-08-09 21:51 - 0005914 _____ () C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2015
Ran by home (2015-08-13 15:08:05)
Running from C:\Documents and Settings\home\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3344879686-2638717043-3166630987-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-3344879686-2638717043-3166630987-1003 - Limited - Enabled)
Guest (S-1-5-21-3344879686-2638717043-3166630987-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3344879686-2638717043-3166630987-1004 - Limited - Disabled)
home (S-1-5-21-3344879686-2638717043-3166630987-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\home
SUPPORT_388945a0 (S-1-5-21-3344879686-2638717043-3166630987-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.03.2024 - Acer)
Acer ePerformance Management (HKLM\...\{7057702F-6D71-4F30-8000-9E72BC771887}) (Version: 2.00.2007 - Acer)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.00.2016a - )
Acer eSettings Management (HKLM\...\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}) (Version: 2.03.2017 - Acer)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.54 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Catalyst Control Center (HKLM\...\{79B05AF4-8894-49A1-9FF4-53F0142D85E1}) (Version: 1.2.2308.14812 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.251-060427a-034514C-Acer - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.1.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
LightScribe  1.4.74.1 (Version: 1.4.74.1 - http://www.lightscribe.com)Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5273 - Realtek Semiconductor Corp.)
ScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) Hidden
SMSC IrCC V5.1.3600.7 (HKLM\...\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}) (Version: r1.02 - )
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F) (Version:  - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.19.0 - Synaptics)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

31-07-2015 07:39:02 Software Distribution Service 3.0
06-08-2015 14:43:03 Software Distribution Service 3.0
06-08-2015 15:33:52 Installed Content Manager
06-08-2015 16:50:25 Removed AVG 2014
06-08-2015 16:51:19 Removed AVG 2014
06-08-2015 16:51:36 Removed Content Manager
06-08-2015 17:14:01 Removed Adobe Reader 9.1.
06-08-2015 17:19:47 Removed Content Transfer.
06-08-2015 17:25:12 Removed Media Manager for WALKMAN 1.2
06-08-2015 17:29:46 Configured NTI Backup NOW! 4
06-08-2015 17:30:09 Configured NTI CD & DVD-Maker
06-08-2015 17:31:29 Removed QuickTime
06-08-2015 18:35:01 Removed HP Memories Disc
06-08-2015 18:35:16 Removed HP Photosmart Essential
06-08-2015 18:47:20 Removed Microsoft Streets and Trips 2005
06-08-2015 20:35:48 Installed AVG 2015
06-08-2015 20:36:03 Installed AVG 2015
06-08-2015 20:40:40 Installed AVG 2015
06-08-2015 20:40:48 Removed AVG 2015
07-08-2015 12:10:01 Software Distribution Service 3.0
07-08-2015 15:34:11 Printer Driver Foxit Reader PDF Printer Driver Installed
07-08-2015 15:39:12 Installed Windows 7 Upgrade Advisor
07-08-2015 19:16:33 Removed ATI Parental Control & Encoder
07-08-2015 19:16:47 Removed HP Update.
07-08-2015 19:17:30 Removed Apple Software Update
07-08-2015 19:17:55 Removed Microsoft .NET Framework 1.1
07-08-2015 19:23:30 Removed MSXML 4.0 SP2 (KB954430)
07-08-2015 19:28:52 Installed AVG 2015
07-08-2015 19:29:04 Installed AVG 2015
08-08-2015 03:00:16 Software Distribution Service 3.0
09-08-2015 03:00:16 Software Distribution Service 3.0
09-08-2015 14:04:56 Installed Microsoft .NET Framework 1.1
09-08-2015 22:08:21 Installed WIDCOMM Bluetooth Software
09-08-2015 22:10:16 Unsigned driver install
09-08-2015 22:15:27 Removed WIDCOMM Bluetooth Software
09-08-2015 22:20:54 Removed Acer ePresentation Management
10-08-2015 22:47:03 System Checkpoint
12-08-2015 15:43:14 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B11F248-9E1D-4583-9DDA-3BBA1F0533B1}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-09 14:05 - 2015-08-09 14:05 - 03289088 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7511b2f2\mscorlib.dll
2015-08-09 14:05 - 2015-08-09 14:05 - 01929216 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_103bcdb3\system.dll
2006-04-27 12:10 - 2006-04-27 12:10 - 00254050 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
2006-04-27 12:10 - 2006-04-27 12:10 - 00192616 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
2004-08-04 05:00 - 2008-04-13 16:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 05:00 - 2008-04-13 16:12 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-04-27 12:10 - 2006-04-27 12:10 - 00028672 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
2005-01-21 19:37 - 2005-01-21 19:37 - 00143360 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2015-08-12 13:52 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-12 13:52 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-12 13:52 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-12 13:52 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-12 13:52 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2006-04-27 12:10 - 2006-04-27 12:10 - 00114784 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2006-04-27 12:10 - 2006-04-27 12:10 - 00061538 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
2008-11-12 18:52 - 2005-10-11 13:18 - 00028672 _____ () C:\Acer\Empowering Technology\ePower\SysHook.dll
2008-11-12 18:52 - 2006-05-30 12:11 - 00421888 _____ () C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
2015-08-09 14:05 - 2015-08-09 14:05 - 02994176 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4d92b817\system.windows.forms.dll
2015-08-09 14:05 - 2015-08-09 14:05 - 00835584 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0469f7da\system.drawing.dll
2008-11-12 18:52 - 2005-10-20 17:20 - 00208896 _____ () C:\Acer\Empowering Technology\ePower\DialogDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254 - 75.153.176.9
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk => C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk => C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupreg: Acer ePresentation HPD => C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
MSCONFIG\startupreg: AzMixerSel => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
MSCONFIG\startupreg: Boot => C:\Acer\Empowering Technology\ePower\Boot.exe
MSCONFIG\startupreg: ContentTransferWMDetector.exe => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: ntiMUI => C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Acer\Acer Arcade\PCMService.exe] => Enabled:CyberLink PowerCinema Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\MSMSGS.EXE] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [D:\setup\HPZNET01.EXE] => Enabled:hpznet01.exe
StandardProfile\AuthorizedApplications: [D:\setup\HPONICIFS01.EXE] => Enabled:hponicifs01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\HPQTRA08.EXE] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8139/810x Family Fast Ethernet NIC
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2015 01:18:03 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/13/2015 12:22:50 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/11/2015 08:41:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/10/2015 06:29:56 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/09/2015 10:18:00 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/09/2015 09:32:37 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/09/2015 05:41:18 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/09/2015 02:36:15 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/07/2015 07:18:41 PM) (Source: MsiInstaller) (EventID: 1013) (User: ACER-D928810BF0)
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft .NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other applications that are installed. For more information, see http://go.microsoft....k/?LinkId=91126.

Error: (08/07/2015 07:16:58 PM) (Source: MsiInstaller) (EventID: 11905) (User: ACER-D928810BF0)
Description: Product: HP Update -- Error 1905.Module C:\Program Files\Hewlett-Packard\Common\HPeDiag.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.


System errors:
=============
Error: (08/13/2015 01:18:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (08/13/2015 01:18:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (08/13/2015 01:18:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eLock2FSCTLDriver service failed to start due to the following error:
%%2

Error: (08/13/2015 01:18:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eLock2BurnerLockDriver service failed to start due to the following error:
%%2

Error: (08/13/2015 12:23:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (08/13/2015 12:23:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (08/13/2015 12:23:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eLock2FSCTLDriver service failed to start due to the following error:
%%2

Error: (08/13/2015 12:23:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eLock2BurnerLockDriver service failed to start due to the following error:
%%2

Error: (08/12/2015 01:52:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (08/12/2015 01:52:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.


Microsoft Office:
=========================
Error: (08/13/2015 01:18:03 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/13/2015 12:22:50 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/11/2015 08:41:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/10/2015 06:29:56 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/09/2015 10:18:00 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/09/2015 09:32:37 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/09/2015 05:41:18 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/09/2015 02:36:15 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/07/2015 07:18:41 PM) (Source: MsiInstaller) (EventID: 1013) (User: ACER-D928810BF0)
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft .NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other applications that are installed. For more information, see http://go.microsoft....LL)(NULL)(NULL)

Error: (08/07/2015 07:16:58 PM) (Source: MsiInstaller) (EventID: 11905) (User: ACER-D928810BF0)
Description: Product: HP Update -- Error 1905.Module C:\Program Files\Hewlett-Packard\Common\HPeDiag.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: AMD Turion™ 64 Mobile Technology MK-38
Percentage of memory in use: 37%
Total physical RAM: 1790.1 MB
Available physical RAM: 1121.63 MB
Total Virtual: 3427.15 MB
Available Virtual: 2816.14 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:93.13 GB) (Free:75.43 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 5EA4F703)
Partition 1: (Active) - (Size=93.2 GB) - (Type=0C)

==================== End of log ============================

Attached Files


Edited by dolface755, 14 August 2015 - 03:55 AM.

  • 0

#4
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

thank you I did do what you recommended and posted under malware


  • 0

#5
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

would it be possible to close this link or thread? I've posted under the Malware one as requested but as of yet had no one respond and I was wondering if it's because this thread is still active


Edited by dolface755, 15 August 2015 - 01:53 PM.

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts

I'll close the topic and look at the Malware thread for you.

 

Joe

 

Edit closed wrong thread.... This is now open again.

 

Please follow these directions,

 

Next

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;

  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

Thanks
Joe :)


  • 0

#7
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

Here are the two scans that you requested. After we finish with this, is there a way to get my RAM to perform better. My mother had this computer set up for her and for some reason it's only utilizing about one quarter of the 2gig of RAM that were installed.

Thank you so much for helping me, some of these issues like trying to get rid of all the HP software and stuff are becomng a royal pain in the azz.

 

Awarelog1:

 

# AdwCleaner v5.000 - Logfile created 17/08/2015 at 06:47:55
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : home - ACER-D928810BF0
# Running from : C:\Documents and Settings\home\Desktop\adwcleaner_5.000.exe
# Option : Scan

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar

***** [ Web browsers ] *****


*************************

C:\AdwCleaner[S1].txt - [510 octets] - [17/08/2015 05:58:31]
C:\AdwCleaner[S2].txt - [1386 octets] - [17/08/2015 06:47:55]

########## EOF - C:\AdwCleaner[S2].txt - [1449 octets] ##########
 

Adware(C1) log:

 

# AdwCleaner v5.000 - Logfile created 17/08/2015 at 08:36:51
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : home - ACER-D928810BF0
# Running from : C:\Documents and Settings\home\Desktop\adwcleaner_5.000.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar

***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [1469 octets] - [17/08/2015 08:36:51]
C:\AdwCleaner[S1].txt - [510 octets] - [17/08/2015 05:58:31]
C:\AdwCleaner[S2].txt - [1518 octets] - [17/08/2015 06:47:55]

########## EOF - C:\AdwCleaner[C1].txt - [1657 octets] ##########
 

 

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Microsoft Windows XP x86
Ran by home on Mon 08/17/2015 at  9:17:01.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/17/2015 at  9:20:39.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
What I would do is replace all the ram, it's cheap and easier enough to do.
I'll help you.
I need the make and model of the computer and we will get to that at the end of checking for issues.

Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.
Next
Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.
Double click on TFC.exe to run it.
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
 
In your next reply post.
1. Malwarebytes log
2. Checkup.txt
Thanks
Joe :)
  • 0

#9
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

I did run Malware and Spybot Search and destroy before putting a thread in here.. I've trying to do the most basic things I remember before contacting anyone. It's been a while since I've worked on computers, and apparently it's not like riding a bike, there are alot of things I've forgotten over then years. My first system I build was in '94

I will re-run Malware and the other's tonight and tomorrow morning and post the logs as requested.

As for the RAM my mother said her "computer" guy just installed the 2 gig chip about a year ago,which doesn't mean much since she constantly phones me to fix her puter from 400km away LOLOL

Thankyou again so much for your help and I will post logs tomorrow


  • 0

#10
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

here are the scans you requested last night. I'll be starting off with the two scans from Malware Bytes. One is titled Malware 18 and the other is Malware protect 18

 

malware:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/18/2015
Scan Time: 3:45:09 AM
Logfile: Malware18.txt
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2015.08.18.04
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: FAT32
User: home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395037
Time Elapsed: 15 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

Malware Protect 18

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 8/18/2015 2:55:01 AM, SYSTEM, ACER-D928810BF0, Scheduler, Rootkit Database, 2015.8.6.1, 2015.8.16.1,
Update, 8/18/2015 2:55:02 AM, SYSTEM, ACER-D928810BF0, Scheduler, AKA Domain Database, 2015.8.11.1, 2015.8.18.1,
Protection, 8/18/2015 2:55:19 AM, SYSTEM, ACER-D928810BF0, Protection, Malware Protection, Starting,
Protection, 8/18/2015 2:55:19 AM, SYSTEM, ACER-D928810BF0, Protection, Malware Protection, Started,
Protection, 8/18/2015 2:55:19 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Starting,
Update, 8/18/2015 2:55:23 AM, SYSTEM, ACER-D928810BF0, Scheduler, Malware Database, 2015.8.12.5, 2015.8.18.3,
Protection, 8/18/2015 2:55:24 AM, SYSTEM, ACER-D928810BF0, Protection, Refresh, Starting,
Protection, 8/18/2015 2:55:48 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Started,
Protection, 8/18/2015 2:55:48 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Stopping,
Protection, 8/18/2015 2:55:49 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Stopped,
Protection, 8/18/2015 2:56:52 AM, SYSTEM, ACER-D928810BF0, Protection, Refresh, Success,
Protection, 8/18/2015 2:56:52 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Starting,
Protection, 8/18/2015 2:57:19 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Started,
Update, 8/18/2015 3:45:07 AM, SYSTEM, ACER-D928810BF0, Scheduler, Malware Database, 2015.8.18.3, 2015.8.18.4,
Protection, 8/18/2015 3:45:07 AM, SYSTEM, ACER-D928810BF0, Protection, Refresh, Starting,
Protection, 8/18/2015 3:45:07 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Stopping,
Protection, 8/18/2015 3:45:08 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Stopped,
Protection, 8/18/2015 3:45:37 AM, SYSTEM, ACER-D928810BF0, Protection, Refresh, Success,
Protection, 8/18/2015 3:45:37 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Starting,
Protection, 8/18/2015 3:46:04 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Started,
Scan, 8/18/2015 4:50:04 AM, SYSTEM, ACER-D928810BF0, Manual, Start:8/18/2015 2:55:48 AM, Duration:15 min 36 sec, Threat Scan, Completed, 0 Malware Detections, 1 Non-Malware Detection,
Protection, 8/18/2015 4:50:04 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Stopping,
Protection, 8/18/2015 4:50:05 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Stopped,
Protection, 8/18/2015 4:50:05 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Starting,
Protection, 8/18/2015 4:50:31 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Started,
Protection, 8/18/2015 6:42:55 AM, SYSTEM, ACER-D928810BF0, Protection, Malware Protection, Starting,
Protection, 8/18/2015 6:42:55 AM, SYSTEM, ACER-D928810BF0, Protection, Malware Protection, Started,
Protection, 8/18/2015 6:44:17 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Starting,
Protection, 8/18/2015 6:44:38 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Started,
Protection, 8/18/2015 6:44:38 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Stopping,
Protection, 8/18/2015 6:44:38 AM, SYSTEM, ACER-D928810BF0, Protection, Malicious Website Protection, Stopped,
Protection, 8/18/2015 6:44:38 AM, SYSTEM, ACER-D928810BF0, Protection, Malware Protection, Stopping,
Protection, 8/18/2015 6:44:40 AM, SYSTEM, ACER-D928810BF0, Protection, Malware Protection, Stopped,

(end)

 

 

And finally the one for Security Check:

 

 Results of screen317's Security Check version 1.007  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 CCleaner     
 Java 8 Update 51  
 Adobe Flash Player     18.0.0.232  
 Mozilla Firefox (40.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````
 

 

 

 

One added note, when my system rebooted this morning it came up with 3 files on AVG that were not protected so I'm not sure what they are from, this is new


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
Toolbar: HKU\S-1-5-21-3344879686-2638717043-3166630987-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTKRNL; system32\DRIVERS\btkrnl.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S2 eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [X]
S2 eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys [X]
U1 WS2IFSL; no ImagePath
CMD: bitsadmin /reset /allusers
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
 
Post the Fixlog.txt, that will be found on desktop after fix has run.
Let me know AVG on next reboots if it still comes up with that not protected thing message

Thanks
Joe :)
  • 0

#12
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

Ran the FixIt scans and implemented the page your requested for notepad. Here's the results of those. One minor glitch is that malware keeps coming up when I reboot the computer even though Ive repeatedly turned that option off

 

FixIt Log:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by home (2015-08-18 14:38:37) Run:1
Running from C:\Documents and Settings\home\Desktop
Loaded Profiles: home (Available Profiles: home & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
Toolbar: HKU\S-1-5-21-3344879686-2638717043-3166630987-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTKRNL; system32\DRIVERS\btkrnl.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S2 eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [X]
S2 eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys [X]
U1 WS2IFSL; no ImagePath
CMD: bitsadmin /reset /allusers
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda" => key removed successfully.
btaudio => service removed successfully.
BTDriver => service removed successfully.
BTKRNL => service removed successfully.
BTWDNDIS => service removed successfully.
eLock2BurnerLockDriver => service removed successfully.
eLock2FSCTLDriver => service removed successfully.
WS2IFSL => service removed successfully.

=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => 59.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:39:00 ====

 

 

 

 

 

i apologize for not clarifying earlier about AVG, Since we started doing the scans yesterday with TFC and Security Check, AVG has been coming up saying varous different things are infected, but most of them are things that I'm assuming my mother had on this computer for a while.

I'm beginning to think that it would be easier to just flush her crap off of here and start from scratch.

Sorry this is why I don't work on computers too much anymore, my disease makes it a little hard for me to concentrate at given times.


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts

AVG has been coming up saying various different things are infected


I can't work with that information. I need to know exactly what AVG is saying is infected and the file path to the infection, also AVG may not like some of the tools we are using such as, tfc, frst, ect. AVG may think they are Malware.

Next This scan could take well oven hour to perform. Be prepared for that.
ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

  • 0

#14
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

AVG just found the FRST which I forgot about so i turned AVG off then redid the FRST

the other file it found is listed as a crack

and I'm not sure how to export the information for you I apologize


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Not to worry.

Run the ESET scan and post the log. That scan will or could take quite a while..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP