Jump to content


Photo

Windows explorer frequently freezes in XP


  • Please log in to reply
30 replies to this topic

#1 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 28 June 2015 - 07:43 AM

Hi there,

 

I've had this issue for a short while, I didn't really notice it too much previously as I put it down to "old pc" but it seems to be getting progressively more frequent.

I boot up the pc (Windows XP pro) and when windows explorer starts to load up the task bar and notification area, it starts to freeze or hang. If I wait long enough (10 plus) sometimes I can proceed, but within seconds it does it again. I watch the task manager while this is happening and there are no unfamiliar processes running. The pc is used only by myself and only for things like Netflix, eBay, Facebook etc. I don't use anything else.

Any help would be very much appreciated.

I have malwarebytes premium, Avast, Comodo firewall and Ccleaner protecting the machine.

Below is the output from the scans.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/06/2015
Scan Time: 03:44:22
Logfile: malwarebytesreport.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.27.07
Rootkit Database: v2015.06.26.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Alison

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 447728
Time Elapsed: 9 hr, 7 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.80.2
Run by Alison at 0:58:06 on 2015-06-28
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1982.900 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Common Files\AOL\1368048598\ee\AOLSoftware.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Common Files\AOL\1368048598\ee\aolupdates.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
uRun: [Power2GoExpress] <no file>
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [HostManager] c:\program files\common files\aol\1368048598\ee\AOLSoftware.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cataly~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366320154390
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1366320197734
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{42F5A1A8-670B-44F3-BBDB-5829ADB05FE7} : DHCPNameServer = 192.168.1.1 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.130\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alison\application data\mozilla\firefox\profiles\saazvu58.default-1433616136984\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.co.uk/
FF - plugin: c:\documents and settings\alison\application data\mozilla\firefox\profiles\saazvu58.default-1433616136984\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-18 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-18 209048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-18 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-4-18 428120]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-1-16 15704]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [2013-1-16 587864]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-1-16 30552]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-5 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-18 74976]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-18 343336]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2013-1-24 4831680]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-11 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-11 1133880]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-4-20 69016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-19 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-11 98520]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-1-24 131288]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2011-6-10 14336]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2013-4-18 4703432]
.
=============== Created Last 30 ================
.
2015-06-26 00:47:57    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2015-06-26 00:46:41    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-06-21 18:05:47    --------    d-----w-    C:\KVRT_Data
2015-06-21 13:02:10    --------    d-----w-    c:\program files\File Shredder
2015-06-02 20:05:59    1079920    ----a-w-    c:\program files\mozilla firefox\icuin52.dll
2015-06-02 20:05:59    10397296    ----a-w-    c:\program files\mozilla firefox\icudt52.dll
2015-06-02 20:05:58    376944    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2015-06-02 20:05:58    330864    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2015-06-02 20:05:58    188528    ----a-w-    c:\program files\mozilla firefox\gmp-clearkey\0.1\clearkey.dll
2015-06-02 20:05:57    3466856    ----a-w-    c:\program files\mozilla firefox\d3dcompiler_47.dll
2015-06-02 20:05:57    283248    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2015-06-02 20:05:57    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2015-06-02 20:05:56    51312    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2015-06-02 20:05:56    20592    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2015-06-02 20:05:56    109680    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2015-05-31 11:59:17    43112    ----a-w-    c:\windows\avastSS.scr
.
==================== Find3M  ====================
.
2015-06-27 23:43:56    98520    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-26 00:56:21    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-06-26 00:56:21    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 07:41:46    121560    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41:36    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-05-31 11:59:36    74976    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-05-31 11:59:36    49904    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-05-31 11:59:36    24144    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-05-31 11:59:36    209048    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-05-31 11:58:54    787760    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-05-10 17:42:58    73272    ----a-w-    C:\wow_helper.exe
2015-05-10 17:42:58    40518200    ----a-w-    C:\libcef.dll
2015-05-10 17:42:57    219192    ----a-w-    C:\libEGL.dll
2015-05-10 17:42:57    1365560    ----a-w-    C:\libGLESv2.dll
2015-05-10 17:42:56    990776    ----a-w-    C:\ffmpegsumo.dll
2015-05-10 17:42:56    778808    ----a-w-    C:\SpotifyCrashService.exe
2015-05-10 17:42:56    3457592    ----a-w-    C:\d3dcompiler_47.dll
2015-05-10 17:42:56    2106424    ----a-w-    C:\d3dcompiler_43.dll
2015-05-10 17:42:56    2020920    ----a-w-    C:\SpotifyWebHelper.exe
2015-05-10 17:42:56    124472    ----a-w-    C:\SpotifyLauncher.exe
2015-05-10 17:42:55    7168568    ----a-w-    C:\Spotify.exe
.
============= FINISH:  1:00:28.00 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 18/04/2013 19:58:33
System Uptime: 28/06/2015 00:42:25 (1 hours ago)
.
Motherboard: DIXONSXP |  | RC4107MA-RS2H
Processor:               Intel® Pentium® 4 CPU 3.00GHz | Socket 775 | 2999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 48.771 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP194: 21/06/2015 20:49:37 - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Reader XI (11.0.08)
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avast Free Antivirus
Bonjour
BufferChm
C4600
CCleaner
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Destinations
DeviceDiscovery
File Shredder 2.5
Google Chrome
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
HP Print Projects 1.0
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iolo technologies' System Mechanic
Java 7 Update 80
Java Auto Updater
Lexmark 2400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Malwarebytes Anti-Malware version 2.1.8.1057
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.0 Security Update (KB2904878)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Vista Upgrade Advisor
Microsoft Works
Mozilla Firefox 38.0.5 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OCA Client history tool install
OLYMPUS Digital Camera Updater
OLYMPUS Viewer 2
Power2Go 4.0
PowerDVD
PS_AIO_05_C4600_Software_Min
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834905-v2)
Security Update for Windows Media Player (KB2834905)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spotify
SpywareBlaster 5.0
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
27/06/2015 18:05:21, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
27/06/2015 13:10:48, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WSearch service.
27/06/2015 12:07:54, error: Dhcp [1002]  - The IP address lease 192.168.1.6 for the Network Card with network address 0015587727BF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
26/06/2015 22:51:44, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.
26/06/2015 22:51:44, error: Service Control Manager [7000]  - The WMI Performance Adapter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
26/06/2015 22:43:49, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
26/06/2015 22:43:49, error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
26/06/2015 22:08:33, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
26/06/2015 22:08:33, error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
26/06/2015 22:07:47, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
26/06/2015 00:50:52, error: Service Control Manager [7034]  - The iolo System Service service terminated unexpectedly.  It has done this 1 time(s).
24/06/2015 21:03:23, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
24/06/2015 20:55:30, error: Dhcp [1002]  - The IP address lease 192.168.1.3 for the Network Card with network address 0015587727BF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
24/06/2015 08:09:32, error: Dhcp [1002]  - The IP address lease 192.168.1.7 for the Network Card with network address 0015587727BF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
23/06/2015 21:08:27, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
23/06/2015 21:08:27, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
23/06/2015 21:03:56, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
22/06/2015 20:42:11, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
22/06/2015 20:42:11, error: Service Control Manager [7000]  - The HTTP SSL service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
21/06/2015 12:27:13, error: Dhcp [1002]  - The IP address lease 192.168.1.4 for the Network Card with network address 0015587727BF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 

 

 Results of screen317's Security Check version 1.004  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 CCleaner     
 Java 7 Update 80  
 Java version 32-bit out of Date!
 Adobe Flash Player     18.0.0.194  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.130)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Comodo Firewall cmdagent.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 



#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 28 June 2015 - 08:31 PM

Hi agangelus, and welcome back.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

 

I see you have iolo technologies' System Mechanic installed. I highly recommend that you do no use the Registry cleaning feature. The small amount that might be gained from a Registry cleaner is far outweighed by the damage to the system that could potentially be done.

Had you been using that feature just before you noted that the system had been freezing, or freezing more often?

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

Please scan your system with ESET Online Scanner

Ensure that you have the flash drive plugged in when you run the scan.

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Download the below tool
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will create a log (FRST.txt) in the same directory the tool is run.
The first time the tool is run, it makes creates another log (Addition.txt).

Please post the contents of both, each in their own reply.

 

Go to Start > Run,  type in CMD and hit the Enter key.
In the CMD window that opens, Copy/Paste: ipconfig /release, and then press ENTER.
- If you type this in, note the space between the g /release, it needs to be there.
Then Copy/Paste: ipconfig /renew, and then press ENTER.
- If you type this in, note the space between the g /renew, it needs to be there.
Then Copy/Paste: ipconfig /flushdns, and then press ENTER.
- If you type this in, note the space between the g /flushdns, it needs to be there.

 

Please post the log from AdwCleaner, the log from ESET Online Scanner, and then each in their own reply (so nothing is cut off by the maximum post length), the two logs from FRST (FRST.txt and Addition.txt), and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 29 June 2015 - 07:26 PM

Hi again,

 

Thanks for getting back to me so quickly. I've posted all the output from the various scans/cleaners etc. below. Regarding System Mechanic, I've used it for years on both this pc and my laptop. It's only the past month or so that this issue has become apparent.

 

Ali :-)

 

# AdwCleaner v4.207 - Logfile created 29/06/2015 at 22:32:04
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Alison - AGANGELUS
# Running from : C:\Documents and Settings\Alison\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\Alison\Application Data\HPAppData
Folder Deleted : C:\Documents and Settings\Graham\Application Data\HPAppData
[!] Folder Deleted : C:\Documents and Settings\Alison\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
[!] Folder Deleted : C:\Documents and Settings\Graham\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Documents and Settings\Alison\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\Documents and Settings\Alison\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130

[C:\Documents and Settings\Alison\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Graham\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v

[C:\Documents and Settings\Alison\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Alison\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Alison\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Documents and Settings\Graham\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Graham\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [4122 bytes] - [29/06/2015 22:24:53]
AdwCleaner[S0].txt - [4115 bytes] - [29/06/2015 22:32:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4174  bytes] ##########
 

 

C:\Documents and Settings\Alison\My Documents\Downloads\ccsetup504.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 



#4 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 29 June 2015 - 07:27 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Alison (administrator) on AGANGELUS on 30-06-2015 01:10:29
Running from C:\Documents and Settings\Alison\Desktop
Loaded Profiles: Alison (Available Profiles: Alison & Graham & Jevon & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1368048598\ee\aolsoftware.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
( ) C:\WINDOWS\system32\lxcrcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1368048598\ee\aolupdates.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [90112 2005-10-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056 2005-08-12] (ATI Technologies Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1576152 2013-09-24] (COMODO)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1368048598\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-31] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-10-13] (ATI Technologies Inc.)
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Catalyst System Tray.lnk [2005-01-01]
ShortcutTarget: Catalyst System Tray.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-31] (Avast Software s.r.o.)
BootExecute: autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-31] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1366320154390
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1366320197734
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{42F5A1A8-670B-44F3-BBDB-5829ADB05FE7}: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\saazvu58.default-1433616136984
FF Homepage: hxxp://www.aol.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-26] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Bitdefender QuickScan - C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\saazvu58.default-1433616136984\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-06-21]
FF Extension: AdBlock Lite - C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\saazvu58.default-1433616136984\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2015-06-07]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-18]
FF HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Documents and Settings\Alison\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Documents and Settings\Alison\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-12]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Alison\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Alison\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2005-10-13] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-31] (Avast Software s.r.o.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4831680 2013-09-24] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [131288 2013-09-24] (COMODO)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S4 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4703432 2015-03-23] (iolo technologies, LLC)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-06-26] (Oracle Corporation)
R2 lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [537520 2006-12-11] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2006-03-15] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3786944 2005-10-26] (Realtek Semiconductor Corp.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-31] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-31] (Avast Software s.r.o.)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-31] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-31] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-31] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-31] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-31] ()
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15704 2013-09-24] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [587864 2013-09-24] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30552 2013-09-24] (COMODO)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [96216 2013-09-24] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-06-30] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R2 PDFsFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2015-02-12] (Raxco Software, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 eapihdrv; \??\C:\DOCUME~1\Alison\LOCALS~1\Temp\ehdrv.sys [X]
S3 FXDRV; \??\D:\Fxdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 01:10 - 2015-06-30 01:12 - 00016302 _____ C:\Documents and Settings\Alison\Desktop\FRST.txt
2015-06-30 01:09 - 2015-06-30 01:10 - 00000000 ____D C:\FRST
2015-06-30 01:06 - 2015-06-30 01:06 - 01636352 _____ (Farbar) C:\Documents and Settings\Alison\Desktop\FRST.exe
2015-06-30 01:06 - 2015-06-30 01:06 - 00000314 _____ C:\Documents and Settings\Alison\Desktop\esetscan.txt
2015-06-29 22:35 - 2015-06-29 22:35 - 00004254 _____ C:\Documents and Settings\Alison\Desktop\AdwCleaner[S0].txt
2015-06-29 22:24 - 2015-06-29 22:32 - 00000000 ____D C:\AdwCleaner
2015-06-29 22:22 - 2015-06-29 22:22 - 02244096 _____ C:\Documents and Settings\Alison\Desktop\adwcleaner_4.207.exe
2015-06-29 22:09 - 2015-06-29 22:09 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Alison\Desktop\TFC.exe
2015-06-28 18:36 - 2015-06-28 18:36 - 00000000 ____D C:\Program Files\Common Files\Java
2015-06-28 18:32 - 2015-06-28 18:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-06-28 13:22 - 2015-06-28 13:22 - 00000000 ____D C:\Program Files\ESET
2015-06-28 13:20 - 2015-06-28 13:20 - 00001346 _____ C:\Documents and Settings\Alison\Desktop\checkup.txt
2015-06-28 13:14 - 2015-06-28 13:14 - 00852662 _____ C:\Documents and Settings\Alison\Desktop\SecurityCheck.exe
2015-06-28 13:12 - 2015-06-28 13:12 - 00001074 _____ C:\Documents and Settings\Alison\Desktop\malwarebytesreport.txt
2015-06-28 01:00 - 2015-06-28 01:00 - 00016978 _____ C:\Documents and Settings\Alison\Desktop\attach.txt
2015-06-28 01:00 - 2015-06-28 01:00 - 00011473 _____ C:\Documents and Settings\Alison\Desktop\dds.txt
2015-06-28 00:56 - 2015-06-28 00:56 - 00688992 ____R (Swearware) C:\Documents and Settings\Alison\Desktop\dds.scr
2015-06-26 01:47 - 2015-06-28 18:33 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-06-26 01:46 - 2015-06-28 18:33 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-06-26 01:46 - 2015-06-26 01:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-06-26 01:46 - 2015-06-26 01:45 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-06-26 01:46 - 2015-06-26 01:45 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-06-26 01:45 - 2015-06-28 18:32 - 00000000 ____D C:\Program Files\Java
2015-06-21 19:05 - 2015-06-21 19:06 - 00000000 ____D C:\KVRT_Data
2015-06-21 14:02 - 2015-06-21 14:02 - 00000655 _____ C:\Documents and Settings\Alison\Desktop\File Shredder.lnk
2015-06-21 14:02 - 2015-06-21 14:02 - 00000000 ____D C:\Program Files\File Shredder
2015-06-21 14:02 - 2015-06-21 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\File Shredder
2015-06-21 13:24 - 2015-06-21 13:29 - 00063332 _____ C:\Report 2015-06-21 13.24.37.txt
2015-06-21 12:14 - 2015-06-21 12:15 - 00000000 ____D C:\Documents and Settings\Alison\My Documents\Car Ins
2015-06-02 21:05 - 2015-06-03 21:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-31 12:59 - 2015-05-31 12:59 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-31 12:59 - 2015-05-31 12:59 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 01:12 - 2013-04-18 19:59 - 00000000 ____D C:\Documents and Settings\Alison\Local Settings\Temp
2015-06-30 01:00 - 2013-04-18 20:27 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-30 00:57 - 2015-05-12 00:46 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 00:28 - 2014-07-11 22:42 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 00:16 - 2013-04-20 15:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-29 22:36 - 2013-04-18 21:25 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2015-06-29 22:36 - 2006-08-23 06:42 - 01753555 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-29 22:35 - 2006-08-23 06:39 - 00000000 ____D C:\WINDOWS\Registration
2015-06-29 22:34 - 2015-05-12 00:46 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 22:34 - 2015-04-04 17:26 - 00000288 _____ C:\WINDOWS\Tasks\iolo DelOnReboot.job
2015-06-29 22:34 - 2014-04-02 15:51 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-29 22:34 - 2006-08-23 06:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-29 22:34 - 2006-08-22 23:36 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-29 22:34 - 2006-08-22 23:36 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-06-29 22:33 - 2013-04-18 19:59 - 00000278 ___SH C:\Documents and Settings\Alison\ntuser.ini
2015-06-29 22:33 - 2006-08-23 09:15 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-06-29 22:33 - 2006-08-23 06:49 - 00032656 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-29 22:14 - 2013-08-05 15:02 - 00000000 ____D C:\Documents and Settings\Jevon\Local Settings\Temp
2015-06-29 22:14 - 2013-04-20 11:26 - 00000000 ____D C:\Documents and Settings\Graham\Local Settings\Temp
2015-06-29 22:14 - 2006-08-23 06:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-06-29 02:33 - 2013-04-18 19:59 - 00000000 ____D C:\Documents and Settings\Alison
2015-06-28 01:09 - 2014-07-11 22:34 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-28 01:07 - 2015-04-25 02:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-28 00:44 - 2006-08-23 06:25 - 00000209 __RSH C:\boot.ini
2015-06-28 00:44 - 2006-08-23 06:24 - 00000638 _____ C:\WINDOWS\win.ini
2015-06-28 00:44 - 2006-08-23 06:24 - 00000227 _____ C:\WINDOWS\system.ini
2015-06-27 19:19 - 2013-04-18 21:53 - 01048576 _____ C:\WINDOWS\system32\config\iolo App.evt
2015-06-26 21:39 - 2013-04-18 20:27 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-26 01:56 - 2013-04-20 15:47 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-26 01:56 - 2013-04-20 15:47 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-26 00:17 - 2006-08-23 06:24 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-22 00:46 - 2013-04-20 14:10 - 00000000 ____D C:\Documents and Settings\Graham\Local Settings\Application Data\COMODO
2015-06-22 00:46 - 2013-04-18 20:43 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2015-06-22 00:46 - 2013-04-18 20:39 - 00000000 ____D C:\Program Files\Comodo
2015-06-22 00:46 - 2013-04-18 20:39 - 00000000 ____D C:\Documents and Settings\Alison\Local Settings\Application Data\COMODO
2015-06-22 00:45 - 2013-04-18 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2015-06-21 18:45 - 2013-04-19 03:17 - 00000000 ____D C:\My old Disk Structure -- 13-04-18 0717PM
2015-06-21 17:38 - 2006-08-23 06:41 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-06-21 12:13 - 2015-04-22 01:59 - 00000000 ____D C:\Documents and Settings\Alison\My Documents\Work
2015-06-18 08:41 - 2014-07-11 22:34 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2013-04-19 00:56 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-06 16:33 - 2013-05-11 00:03 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-06-03 21:39 - 2014-04-07 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-31 12:59 - 2014-05-05 19:18 - 00024144 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-31 12:59 - 2013-04-18 21:34 - 00209048 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-31 12:59 - 2013-04-18 21:34 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-31 12:59 - 2013-04-18 21:34 - 00049904 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-31 12:59 - 2013-04-18 20:27 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-05-31 12:59 - 2013-04-18 20:27 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-05-31 12:58 - 2013-04-18 20:27 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys

==================== Files in the root of some directories =======

2013-04-18 22:14 - 2013-04-18 22:14 - 0005632 _____ () C:\Documents and Settings\Alison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-18 19:59 - 2013-04-18 20:00 - 0000129 _____ () C:\Documents and Settings\Alison\Local Settings\Application Data\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Alison\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Alison\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================



#5 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 29 June 2015 - 07:28 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Alison at 2015-06-30 01:13:49
Running from C:\Documents and Settings\Alison\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3134883238-3708060988-1507798391-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Alison (S-1-5-21-3134883238-3708060988-1507798391-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Alison
Graham (S-1-5-21-3134883238-3708060988-1507798391-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Graham
Guest (S-1-5-21-3134883238-3708060988-1507798391-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3134883238-3708060988-1507798391-1005 - Limited - Disabled)
Jevon (S-1-5-21-3134883238-3708060988-1507798391-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Jevon
SUPPORT_388945a0 (S-1-5-21-3134883238-3708060988-1507798391-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1013 - )
ATI Catalyst Control Center (HKLM\...\{452E2DC2-9391-470C-AAB2-D91750A6B891}) (Version: 1.2.2113.53 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.19-051013a1-029129C-Foxconn - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (Version: 130.0.425.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - WipeSoft)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.5.1 - iolo technologies, LLC)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lexmark 2400 Series (HKLM\...\Lexmark 2400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Windows Vista Upgrade Advisor (HKLM\...\{E0EB8881-0CFE-4375-8782-8807D258CD7C}) (Version: 1.0.1 - Microsoft)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OCA Client history tool install (HKLM\...\OcaHistoryUpd) (Version: 8.3.0980 - Microsoft Corporation)
OLYMPUS Digital Camera Updater (HKLM\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
PS_AIO_05_C4600_Software_Min (Version: 130.0.425.000 - Hewlett-Packard) Hidden
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.18 - Realtek Semiconductor Corp.)
REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

21-06-2015 20:49:37 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-06-10 07:25 - 2006-03-15 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\iolo DelOnReboot.job => C:\WINDOWS\system32\cmd.exe/c del /f C:\WINDOWS\smrr.dllcmd.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-22 01:06 - 2015-05-31 12:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-22 01:06 - 2015-05-31 12:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-29 21:37 - 2015-06-29 21:37 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062901\algo.dll
2013-09-25 22:26 - 2006-11-22 14:51 - 00045056 _____ () C:\WINDOWS\system32\LXPRMON.DLL
2013-09-25 22:25 - 2006-11-22 15:05 - 00012288 _____ () C:\Program Files\Lexmark Fax Solutions\FxCtrStr.dll
2013-09-25 22:25 - 2006-11-22 14:49 - 00032768 _____ () C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
2013-09-25 22:27 - 2006-11-27 08:50 - 00117760 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxcrpp5c.dll
2005-01-02 06:18 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-01-02 06:18 - 2013-01-02 07:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2011-06-10 07:24 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2011-06-10 07:28 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-07-10 16:53 - 2013-07-10 16:53 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7106f5c4\mscorlib.dll
2013-07-10 16:49 - 2013-07-10 16:49 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_43c28e18\system.windows.forms.dll
2013-07-10 01:02 - 2013-07-10 01:02 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5a3a9ba3\system.dll
2013-07-10 16:51 - 2013-07-10 16:51 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e63b4eb8\system.xml.dll
2013-07-10 16:52 - 2013-07-10 16:52 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_82e7e373\system.drawing.dll
2015-03-13 21:05 - 2015-03-22 01:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Alison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ioloGovernor => C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
MSCONFIG\startupreg: ioloLiveBoost => C:\Program Files\iolo\System Mechanic\LiveBoost.exe
MSCONFIG\startupreg: Spotify => "C:\Documents and Settings\Alison\Application Data\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\Alison\Application Data\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:hpwucli.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe] => :127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:hpwucli.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\acs\AOLDial.exe] => Enabled:AOL Connectivity Service Dialler
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\acs\AOLacsd.exe] => Enabled:AOL Connectivity Services
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1368048598\ee\aolsoftware.exe] => Enabled:AOL Shared Components
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe] => Enabled:AOL TopSpeed
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\System Information\sinf.exe] => Enabled:AOL System Information
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe] => Enabled:AOL Browser
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\lxcrcoms.exe] => Enabled:2400 Series Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Alison\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Temp\CMC_DRAGON\restart_helper.exe] => Enabled:restart_helper.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2015 11:39:58 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (06/27/2015 00:46:31 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (06/26/2015 10:50:37 PM) (Source: WmiAdapter) (EventID: 4099) (User: AGANGELUS)
Description: Open of service failed.

Error: (06/26/2015 00:34:12 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37076078

Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37076078

Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/18/2015 09:56:28 PM) (Source: WmiAdapter) (EventID: 4099) (User: AGANGELUS)
Description: Open of service failed.

Error: (06/17/2015 09:36:25 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (06/15/2015 01:27:48 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 685985961.


System errors:
=============
Error: (06/29/2015 10:32:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Media Center Extender Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/29/2015 10:32:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/29/2015 10:32:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Media Center Extender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/29/2015 10:32:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The lxcr_device service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (06/27/2015 11:39:58 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (06/27/2015 00:46:31 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (06/26/2015 10:50:37 PM) (Source: WmiAdapter) (EventID: 4099) (User: AGANGELUS)
Description:

Error: (06/26/2015 00:34:12 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37076078

Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37076078

Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/18/2015 09:56:28 PM) (Source: WmiAdapter) (EventID: 4099) (User: AGANGELUS)
Description:

Error: (06/17/2015 09:36:25 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (06/15/2015 01:27:48 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 685985961


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 62%
Total physical RAM: 1982.48 MB
Available physical RAM: 745.09 MB
Total Pagefile: 3874.29 MB
Available Pagefile: 2714.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:70.45 GB) (Free:48.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 8A558A55)
Partition 1: (Active) - (Size=70.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.1 GB) - (Type=12)

==================== End of log ============================



#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 29 June 2015 - 08:59 PM

I don't see anything seriously wrong.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

start

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\Run: [Power2GoExpress] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
KLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
 HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S4 eapihdrv; \??\C:\DOCUME~1\Alison\LOCALS~1\Temp\ehdrv.sys [X]
S3 FXDRV; \??\D:\Fxdrv.sys [X]
U1 WS2IFSL; No ImagePath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

end

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please post it in your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

Please post the contents of Fixlog.txt, FSS.txt, and note any errors encountered.
How is the system running, does your problem continue?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 30 June 2015 - 04:20 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Alison at 2015-06-30 22:16:04 Run:1
Running from C:\Documents and Settings\Alison\Desktop
Loaded Profiles: Alison (Available Profiles: Alison & Graham & Jevon & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\Run: [Power2GoExpress] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
KLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
 HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S4 eapihdrv; \??\C:\DOCUME~1\Alison\LOCALS~1\Temp\ehdrv.sys [X]
S3 FXDRV; \??\D:\Fxdrv.sys [X]
U1 WS2IFSL; No ImagePath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => value removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
eapihdrv => Service not found.
FXDRV => Service removed successfully.
WS2IFSL => Service removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully..

==== End of Fixlog 22:16:04 ====

 

 

Farbar Service Scanner Version: 17-01-2015
Ran by Alison (administrator) on 30-06-2015 at 22:19:19
Running from "C:\Documents and Settings\Alison\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(8) cmdHlp(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0900000004000000010000000200000003000000080000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#8 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 30 June 2015 - 04:38 PM

Hi,

 

Not really any difference. it seems to be pretty much the same even after I rebooted it. Was I meant to do something else with the code other than just copy it into notepad and save it?

 

Ali :-)



#9 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 30 June 2015 - 09:27 PM

The Fixlog.txt file shows what was corrected, but as I said there was nothing found that was serious. The Farbar Service Scanner log doesn't show anything wrong with services either.

Let's try some troubleshooting. This could be time consuming.
Download and run Malwarebytes StartUpLite.
This will display all unnecessary Windows Startup entries - so actually, everything it displays there is not necessary to start up with Windows.
Select all the entries available and select Continue.
Restart your system.
Do you still have the same problem with the system freezing?
If not, go back into StartupLite and unselect one item to enable it to run at startup, select Continue, and reboot the computer.
(Do not choose the "Remove" checkboxes, because this will delete the items from the Registry.
Is the system freezing?
If not, repeat for all the items one at a time, rebooting after each, until the system starts freezing like it was before. That last item that was re-enabled will be the one that was causing the system freezes.
Then go back into StartUpLite and re-enable everything except the item that was found to be causing the problem

Did that locate a program that was causing the freezing?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#10 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 04 July 2015 - 06:02 AM

Hi there

 

I did the startup lite, there were 3 items I disabled all three but it hasn't had any effect.

What does happen which I don't think I mentioned initially and it may not be relevant is, once the freezing/hanging stops (sometimes after about an hour or two) it runs fine. it's really responsive and doesn't object to numerous applications being launched.

Also, if I have to wait too long on it sorting itself I use the power button frequently to restart, this usually speeds up the process.

 

Ali :-)



#11 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 04 July 2015 - 08:54 AM

In that case, you can go back into StartUpLite and re-enable the three items if you haven't already.

 

Right-click the My Computer icon on the desktop.
Click Properties from the list that appears.
Click the Hardware tab and then the Device Manager button.
Click the Device Manager tab.

Is there a yellow exclamation point for any item?

If there is, double-click the item to expand the view.

What item is it?

 

Also, what model is your HP? This is a desktop system, correct?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#12 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 08 July 2015 - 05:23 PM

Hi there

 

No yellow exclamation marks. The HP is a Photosmart C4680, but it's not connected to this PC at the moment. Yes, this is a desktop system.

 

Ali :-)



#13 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 11 July 2015 - 10:45 PM

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#14 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 13 July 2015 - 05:42 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Alison (administrator) on 13-07-2015 at 23:39:57
Running from "C:\Documents and Settings\Alison\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(8) cmdHlp(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0900000004000000010000000200000003000000080000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 13 July 2015 - 11:23 PM

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**
 
Please post the log from ComboFix (C:\ComboFix.txt) in your next reply, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 14 July 2015 - 06:33 PM

ComboFix 15-07-12.01 - Alison 14/07/2015  23:58:38.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1982.1108 [GMT 1:00]
Running from: c:\documents and settings\Alison\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-14 to 2015-07-14  )))))))))))))))))))))))))))))))
.
.
2015-06-30 00:09 . 2015-06-30 21:16    --------    d-----w-    C:\FRST
2015-06-29 21:24 . 2015-06-29 21:32    --------    d-----w-    C:\AdwCleaner
2015-06-28 17:36 . 2015-06-28 17:36    --------    d-----w-    c:\program files\Common Files\Java
2015-06-28 17:32 . 2015-06-28 17:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\Oracle
2015-06-28 12:22 . 2015-06-28 12:22    --------    d-----w-    c:\program files\ESET
2015-06-26 00:47 . 2015-06-28 17:33    146432    ----a-w-    c:\windows\system32\javacpl.cpl
2015-06-26 00:46 . 2015-06-28 17:33    96352    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-06-26 00:45 . 2015-06-28 17:32    --------    d-----w-    c:\program files\Java
2015-06-21 18:05 . 2015-06-21 18:06    --------    d-----w-    C:\KVRT_Data
2015-06-21 13:02 . 2015-06-21 13:02    --------    d-----w-    c:\program files\File Shredder
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-14 22:14 . 2014-07-11 21:42    98520    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-09 21:16 . 2013-04-20 14:47    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-07-09 21:16 . 2013-04-20 14:47    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-26 20:39 . 2013-04-18 19:27    428120    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2015-06-18 07:41 . 2014-07-11 21:34    121560    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2013-04-18 23:56    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-05-31 11:59 . 2014-05-05 18:18    24144    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-05-31 11:59 . 2013-04-18 20:34    74976    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-05-31 11:59 . 2013-04-18 20:34    49904    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-05-31 11:59 . 2013-04-18 20:34    209048    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-05-31 11:59 . 2013-04-18 19:27    55200    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2015-05-31 11:59 . 2013-04-18 19:27    57888    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2015-05-31 11:59 . 2015-05-31 11:59    291312    ----a-w-    c:\windows\system32\aswBoot.exe
2015-05-31 11:59 . 2015-05-31 11:59    43112    ----a-w-    c:\windows\avastSS.scr
2015-05-31 11:58 . 2013-04-18 19:27    787760    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-05-10 17:42 . 2015-04-25 21:14    73272    ----a-w-    C:\wow_helper.exe
2015-05-10 17:42 . 2015-04-25 21:14    40518200    ----a-w-    C:\libcef.dll
2015-05-10 17:42 . 2015-04-25 21:14    219192    ----a-w-    C:\libEGL.dll
2015-05-10 17:42 . 2015-04-25 21:14    1365560    ----a-w-    C:\libGLESv2.dll
2015-05-10 17:42 . 2015-04-25 21:14    990776    ----a-w-    C:\ffmpegsumo.dll
2015-05-10 17:42 . 2015-04-25 21:14    778808    ----a-w-    C:\SpotifyCrashService.exe
2015-05-10 17:42 . 2015-04-25 21:14    3457592    ----a-w-    C:\d3dcompiler_47.dll
2015-05-10 17:42 . 2015-04-25 21:14    2106424    ----a-w-    C:\d3dcompiler_43.dll
2015-05-10 17:42 . 2015-04-25 21:14    2020920    ----a-w-    C:\SpotifyWebHelper.exe
2015-05-10 17:42 . 2015-04-25 21:14    124472    ----a-w-    C:\SpotifyLauncher.exe
2015-05-10 17:42 . 2015-04-25 21:14    7168568    ----a-w-    C:\Spotify.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-31 11:59    645144    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-03-13 5529880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-09-24 1576152]
"HostManager"="c:\program files\Common Files\AOL\1368048598\ee\AOLSoftware.exe" [2010-03-08 41800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-31 5515496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe SystemTray [2005-8-12 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloGovernor]
2015-03-23 22:56    981976    ----a-w-    c:\program files\iolo\System Mechanic\ioloGovernor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloLiveBoost]
2015-03-23 23:03    5483640    ----a-w-    c:\program files\iolo\System Mechanic\LiveBoost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2015-04-21 21:23    7112248    ----a-w-    c:\documents and settings\Alison\Application Data\Spotify\Spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2015-04-21 21:23    2018360    ----a-w-    c:\documents and settings\Alison\Application Data\Spotify\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1368048598\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Documents and Settings\\Alison\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [18/04/2013 21:34 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [18/04/2013 21:34 209048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/04/2013 20:27 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [18/04/2013 20:27 428120]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [16/01/2013 19:51 15704]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [16/01/2013 19:51 587864]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16/01/2013 19:51 30552]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [05/05/2014 19:18 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [18/04/2013 21:34 74976]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [11/07/2014 22:34 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [11/07/2014 22:34 1133880]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [20/04/2013 01:35 69016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/04/2013 00:56 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [11/07/2014 22:42 98520]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24/01/2013 22:42 131288]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [18/04/2013 21:53 4703432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-08 00:58    991048    ----a-w-    c:\program files\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-20 21:16]
.
2013-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2015-07-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-31 11:59]
.
2015-07-14 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 10:53]
.
2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-11 23:46]
.
2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-11 23:46]
.
2015-07-14 c:\windows\Tasks\iolo DelOnReboot.job
- c:\windows\system32\cmd.exe [2011-06-10 04:42]
.
2015-07-14 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2015-07-12 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Alison\Application Data\Mozilla\Firefox\Profiles\saazvu58.default-1433616136984\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CTFMON - (no file)
AddRemove-Lexmark 2400 Series - c:\program files\Lexmark 2400 Series\Install\x86\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-15 00:21
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'csrss.exe'(724)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2015-07-15  00:29:39
ComboFix-quarantined-files.txt  2015-07-14 23:29
.
Pre-Run: 49,506,811,904 bytes free
Post-Run: 49,479,946,240 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5E1A5E71ACDAB5C6F7C5B9B8D4CAC1F3
2D572A71BBC779ECCD3D2595FC788A35
 



#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 14 July 2015 - 11:20 PM

Download and save to your Desktop RogueKiller for 32bit (by tigzy)

  • Quit all programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Start RogueKiller.exe
  • Wait until Prescan has finished
  • Click on Scan.
  • Wait until the Status box shows "Scan Finished"
  • Click on Delete
  • Wait unit the Status box shows Deleting Finished
  • Click on Report and copy/paste the content of the Notepad
  • The log should be found in RKreport[1].txt on your Desktop
  • Close RogueKiller

Please post the contents of the log from RogueKiller and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 15 July 2015 - 05:28 PM

Hi there,

 

There were three logs (not saved to the desktop but when you click on the "open txt" button after clicking the report button). I think they are all the same although named differently. Here they are anyway.

 

Ali :-)

 

RogueKiller V10.9.1.0 [Jul  9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Alison [Administrator]
Started from : C:\Documents and Settings\Alison\Desktop\RogueKiller.exe
Mode : Delete -- Date : 07/15/2015 23:14:49

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 1  -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] saazvu58.default-1433616136984 : user_pref("browser.startup.homepage", "http://www.aol.co.uk/");-> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800BB-22JHC0 +++++
--- User ---
[MBR] 44a0fd9b27d4193e2e865140f6eb6225
[BSP] 0ce9b5793dc86137ce1e982990057701 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8546580 | Size: 72143 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4173 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

 

 

RogueKiller V10.9.1.0 [Jul  9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Alison [Administrator]
Started from : C:\Documents and Settings\Alison\Desktop\RogueKiller.exe
Mode : Delete -- Date : 07/15/2015 23:14:49

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 1  -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] saazvu58.default-1433616136984 : user_pref("browser.startup.homepage", "http://www.aol.co.uk/");-> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800BB-22JHC0 +++++
--- User ---
[MBR] 44a0fd9b27d4193e2e865140f6eb6225
[BSP] 0ce9b5793dc86137ce1e982990057701 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8546580 | Size: 72143 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4173 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

 

 

RogueKiller V10.9.1.0 [Jul  9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Alison [Administrator]
Started from : C:\Documents and Settings\Alison\Desktop\RogueKiller.exe
Mode : Delete -- Date : 07/15/2015 23:14:49

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2]
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 1  -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] saazvu58.default-1433616136984 : user_pref("browser.startup.homepage", "http://www.aol.co.uk/");-> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800BB-22JHC0 +++++
--- User ---
[MBR] 44a0fd9b27d4193e2e865140f6eb6225
[BSP] 0ce9b5793dc86137ce1e982990057701 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8546580 | Size: 72143 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4173 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 



#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 15 July 2015 - 10:07 PM

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.
  • Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#20 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 16 July 2015 - 06:55 AM

Hi there,

 

I've run the anti-root kit but it found nothing and said no cleanup required.

 

Ali :-)



#21 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 16 July 2015 - 06:50 PM

Please download Windows Repair (all in one) from here.

  • Install the program.
  • Please proceed to run it.
  • Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:

    p22001645.gif
  • Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:

    p22001646.gif
  • Go to Step 4 and under System Restore click on the Create button:

    p22001644.gif
  • Next, go to the Start Repairs tab and click the Start button.

    p22001166.gif
  • Please ensure that ONLY items I've listed below are checked:
    Note: Only check these, NOT as shown in the graphic.

    Reset Registry Permissions
    Reset File Permissions
    Repair File Permissions
    Register System Files
    Repair Windows Firewall
    Remove Policies Set by Infections
    Repair Icons
    Remove Temp Files
    Set Windows Services to Default Startup

    p22001647.gif
  • Place a checkmark in the box for Restart/Shutdown System When Finished
  • Select Restart System. Then click on Start.
  • The system should restart when finished.

 

How is the system running now, any better?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#22 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 17 July 2015 - 04:42 PM

Hi there,

 

I seem to have some kind of sharing violation when I try to install the program. I've tried downloading the different mirrors but still the same issue.

 

Ali :-)



#23 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 18 July 2015 - 09:07 AM

Disconnect from the Internet (pull your access cable).

Close all running programs.

Close or disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.

Please go here to see a list of programs that need to be disabled.

 

 

Retry to run Windows Repair (all in one).

  • Install the program.
  • Please proceed to run it.
  • Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:

    p22001645.gif
  • Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:

    p22001646.gif
  • Go to Step 4 and under System Restore click on the Create button:

    p22001644.gif
  • Next, go to the Start Repairs tab and click the Start button.

    p22001166.gif
  • Please ensure that ONLY items I've listed below are checked:
    Note: Only check these, NOT as shown in the graphic.

    Reset Registry Permissions
    Reset File Permissions
    Repair File Permissions
    Register System Files
    Repair Windows Firewall
    Remove Policies Set by Infections
    Repair Icons
    Remove Temp Files
    Set Windows Services to Default Startup

    p22001647.gif
  • Place a checkmark in the box for Restart/Shutdown System When Finished
  • Select Restart System. Then click on Start.
  • The system should restart when finished.

 

Reconnect to the Internet.

 

Were you successful this time?

How is the system running now, any better?

 

 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#24 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 18 July 2015 - 06:23 PM

Hi 

 

I managed to do the Checkdsk which is now step 3, but when I tried to do the SFC it failed saying 
"The specified service does not exist as an installed service". I also got a window with a message saying "Files that are required for Windows to run properly must be copied to the DLL Cache. Then asks me to insert my Windows XP Pro SP3 CD which I don't have?!?

 

Ali :-)



#25 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 18 July 2015 - 07:05 PM

Download Windows XP SP3 from Microsoft here:
http://download.micr...x86fre_spcd.iso

This is an ISO file and must be burned to CD. You will need a program to allow you to do that.
When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it.  The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like InfraRecorder installer version that can burn an .ISO image. 

Now let's run System File Checker agian, but this time by itself.
Please go to Start -> Run -> cmd and press Enter.  At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter.  This will run the System File Checker.  Follow the prompts, and insert the Windows XP XP3 disk you burned to CD if requested.  Then please restart your computer.

Please go to Start -> Run -> cmd and press Enter.
In the Command window copy and paste the following command and press enter.

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > %userprofile%\Desktop\cbs.txt

 

Attach   %userprofile%\Desktop\cbs.txt  to your next reply (it will be on your Desktop).

Did you encounter any errors?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#26 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 26 July 2015 - 08:01 AM

Hi again

 

I seem to have lost a post. I wrote it out and thought I posted it last night but for some reason it doesn't appear to be here...may have brain issues too. Anyway, I'd apologised for not getting back sooner as i'd been away. 

The pc had become non-responsive so rather than tossing it through (not out) the window i reinstalled windows. The issue seems to be gone thankfully. But now i'm trying to bring it back to the same spec and I'm having difficulty finding service pack 3 I can install. Obviously MS doesn't support 
XP anymore so I can't get it there. Any direction/suggestions would be greatly appreciated as the "tossing through the window" option is still a possibility lol! 

 

Ali :-)



#27 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 26 July 2015 - 09:44 AM

Here's where to start, and follow the directions:

https://support.micr...en-us/kb/322389

 

 
Prerequisites
You must have Windows XP SP2 or Windows XP SP1 installed before you install Windows XP SP3.

How to determine if a service pack is installed on my computer
  1. Click Start.
  2. Type the following command in the Start Search box, and then click OK:
    winver
    Note A dialog box displays the version of Windows and the service packs that are currently installed on your computer.

 

 

From http://www.microsoft...ails.aspx?id=24, which that page takes you to:

 

The best way to ensure you get Windows XP Service Pack 3 is by turning on the Automatic Updates feature in Windows XP. You can use our step-by-step instructions or, if you prefer, let us do it for you.

 

 

To help keep malware off your system:

  • Be certain you are running an up-to-date antivirus scanner. I would recommend Avira Free AntiVirus.
  • Be sure you install and run a software firewall like Privatefirewall or Comodo Firewall Free. The Windows XP firewall is insufficient as it only checks incoming connections.
  • Ensure that you have downloaded and installed all the available updates at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955
  • Remember that Windows XP is no longer supported, so there will be no more security fixes for it released. The only way to keep the system protected from newly discovered vulnerabilities is to install a more recent version of Windows.

 

Do you consider your problem resolved?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#28 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 27 July 2015 - 04:11 PM

Hi there

 

I think it's pretty much sorted...yaaay! Everything seems to be running as it should. I found out about the IE tab for firefox which lets you run internet explorer within firefox. So it can be used for any pages that can only be viewed using IE, things like windows updates. It can be used in the same way as IE from the windows update link in the control panel. Only thing, you need to keep firefox open, otherwise as I found out closing it cancels any of the updates you're downloading or installing. Another thing I found is a browser from Comodo  called Chromodo. It talks about the security being far better with xp. I'm not using it but it's been reviewed and recommended from a lot of sites like majorgeeks, cnet, download etc. It uses its own dns and behaves and looks pretty much like Chrome. Anyway, not a massive contribution I know, but may be useful sometime.

I was going to ask about the HOSTS file. I had a look at the link but i'm not sure where to start.

 

Ali :-)



#29 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 25 September 2015 - 09:55 PM

Hi there,

 

I was just wondering if you could help me out. I finally gave up on the XP machine (it just started freezing again :ugh:) and bought a new one, it's great  :good:. However I posted a new topic in the general computing issues and on checking it appears to be gone. All I wanted to know was if using Avast free antivirus, Comodo firewall and Malwarbytes pro was a good enough security set up for a Windows 8.1 soon to be Windows 10 PC? The machine has McAfee pre loaded which runs out in 5 days, and I will be taking it off.

 

Many thanks

Ali :-)



#30 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,365 posts

Posted 26 September 2015 - 07:45 AM

I replied in your other topic you mention, but I don't see it now either. It's possible that there was another restore needed after the board was brought back up.

 

Yes those would be a good choice. I would also run SpywareBlaster and MVPS HOSTS file. I use both on all my systems. You could also change your DNS server to a safer DNS server like Norton ConnectSafe or OpenDNS.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#31 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 26 September 2015 - 07:36 PM

Hi again

 

That's fantastic! I do use SpywareBlaster too so i'll be carrying this on. I will use all of your recommendations. Thank you so much for all of your help, hopefully I won't need to be back here any time soon.

 

Thanks again

Ali :-)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button