TechSpot

Cannot remove trivoli browser - unable to access internet

By morpheus201180
Dec 10, 2014
  1. Hi,

    Can someone help me. I have been trying to remove a trivoli/search conduit browser but not succeeding. When I try to access the internet I get an error message from my service provider saying it blocked the page as malware, even when I try and access google. When my browser opens, about 7 tabs open simultaneously. I have also noticed that my laptop is running extremely slow. Are these 2 things linked?

    I ran malwarebytes and it came up clean. I have pasted the required logs below.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/12/2014
    Scan Time: 17:29:35
    Logfile: Mbytes.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.10.07
    Rootkit Database: v2014.12.08.03
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Max Joyner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 316159
    Time Elapsed: 17 min, 27 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Max Joyner at 18:19:50 on 2014-12-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.219 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    E:\Program Files\AVAST Software\Avast\AvastSvc.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    E:\WINDOWS\System32\alg.exe
    E:\WINDOWS\system32\hkcmd.exe
    E:\WINDOWS\system32\igfxpers.exe
    E:\Program Files\AVAST Software\Avast\AvastUI.exe
    E:\WINDOWS\RTHDCPL.EXE
    E:\WINDOWS\system32\ctfmon.exe
    E:\WINDOWS\system32\igfxsrvc.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Google\Drive\googledrivesync.exe
    E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe
    E:\Program Files\Google\Drive\googledrivesync.exe
    E:\WINDOWS\system32\wbem\unsecapp.exe
    E:\WINDOWS\system32\wbem\wmiprvse.exe
    E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\Program Files\Google\Chrome\Application\chrome.exe
    E:\WINDOWS\System32\svchost.exe -k netsvcs
    E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    E:\WINDOWS\system32\svchost.exe -k NetworkService
    E:\WINDOWS\system32\svchost.exe -k LocalService
    E:\WINDOWS\system32\svchost.exe -k LocalService
    E:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - <orphaned>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - e:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - e:\program files\microsoft office\office14\URLREDIR.DLL
    uRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe
    uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
    uRun: [GoogleDriveSync] "e:\program files\google\drive\googledrivesync.exe" /autostart
    mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
    mRun: [Persistence] e:\windows\system32\igfxpers.exe
    mRun: [AvastUI.exe] "e:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
    StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - e:\program files\realtek\8187se wireless lan utility\RtWLan.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: SoftwareSASGeneration = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: &D&ownload &with BitComet - e:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - e:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - e:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - e:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - e:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
    DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{57FBBE6F-4CCC-4FA9-85D9-9E6E9AAF98FE} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - e:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - e:\program files\microsoft office\office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "e:\program files\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [2014-7-30 49944]
    R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [2014-7-30 206248]
    R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswsnx.sys [2014-7-30 787800]
    R1 aswSP;aswSP;e:\windows\system32\drivers\aswsp.sys [2014-7-30 423784]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [2014-7-30 243128]
    R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [2014-7-30 24184]
    R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2014-7-30 70384]
    R2 avast! Antivirus;avast! Antivirus;e:\program files\avast software\avast\AvastSvc.exe [2014-7-30 50344]
    R2 HTCMonitorService;HTCMonitorService;e:\program files\htc\htc sync manager\HSMServiceEntry.exe [2014-8-4 87368]
    R2 PassThru Service;Internet Pass-Through Service;e:\program files\htc\internet pass-through\PassThruSvr.exe [2013-10-17 166912]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;e:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2012-6-19 1646608]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\drivers\RtsUStor.sys [2014-9-12 216280]
    R3 ST50220;Sonix ST50220 USB Video Camera Driver;e:\windows\system32\drivers\ST50220.sys [2014-9-12 34224]
    S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2014-9-12 1691480]
    S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [2013-10-17 21248]
    S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [2014-11-18 103424]
    .
    =============== File Associations ===============
    .
    ShellExec: BitComet.exe: open="e:\program files\bitcomet\BitComet.exe"
    .
    =============== Created Last 30 ================
    .
    2014-11-18 20:46:20 103424 ----a-r- e:\windows\system32\drivers\qcserxp.sys
    2014-11-18 20:45:53 -------- d-----w- e:\program files\Spirent Communications
    2014-11-17 00:33:14 43152 ----a-w- e:\windows\avastSS.scr
    .
    ==================== Find3M ====================
    .
    2014-12-10 17:29:31 114904 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-10 11:10:18 290304 ----a-w- e:\windows\system32\subinacl.exe
    2014-11-25 23:28:15 787800 ----a-w- e:\windows\system32\drivers\aswsnx.sys
    2014-11-21 06:14:14 54360 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
    2014-11-21 06:14:06 23256 ----a-w- e:\windows\system32\drivers\mbam.sys
    2014-11-17 00:33:15 206248 ----a-w- e:\windows\system32\drivers\aswVmm.sys
    2014-11-17 00:33:14 70384 ----a-w- e:\windows\system32\drivers\aswMonFlt.sys
    2014-11-17 00:33:14 49944 ----a-w- e:\windows\system32\drivers\aswRvrt.sys
    2014-11-17 00:33:14 24184 ----a-w- e:\windows\system32\drivers\aswHwid.sys
    2014-09-14 15:48:06 1024 ---ha-w- E:\SYSTAG.BIN
    2013-02-07 12:22:00 50330 ----a-w- e:\program files\AntiDust.exe
    .
    ============= FINISH: 18:21:24.92 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/07/2014 14:16:31
    System Uptime: 10/12/2014 11:27:17 (7 hours ago)
    .
    Motherboard: DIXONSXP | | DIXONSXP
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 0 GiB total, 0.035 GiB free.
    E: is FIXED (NTFS) - 149 GiB total, 85.801 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 802.11b/g Mini Card Wireless Adapter
    Device ID: PCI\VEN_10EC&DEV_8199&SUBSYS_68941462&REV_22\4&23C6FC68&0&00E1
    Manufacturer: Realtek Semiconductor Corp.
    Name: 802.11b/g Mini Card Wireless Adapter
    PNP Device ID: PCI\VEN_10EC&DEV_8199&SUBSYS_68941462&REV_22\4&23C6FC68&0&00E1
    Service: rtl8187Se
    .
    Class GUID: {7240100F-6512-4548-8418-9EBB5C6A1A94}
    Description: USB Device
    Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
    Manufacturer:
    Name: USB Device
    PNP Device ID: USB\VID_0DB0&PID_A97A\5&215BB030&0&2
    Service:
    .
    ==== System Restore Points ===================
    .
    RP104: 30/09/2014 22:08:43 - Removed HTC Sync Manager.
    RP105: 30/09/2014 22:12:03 - Revo Uninstaller's restore point - HTC Driver Installer
    RP106: 30/09/2014 22:12:19 - Removed HTC Driver Installer.
    RP107: 30/09/2014 22:27:02 - Installed HTC Sync Manager.
    RP108: 30/09/2014 22:32:39 - Unsigned driver install
    RP109: 01/10/2014 22:40:00 - Software Distribution Service 3.0
    RP110: 03/10/2014 07:41:16 - System Checkpoint
    RP111: 04/10/2014 10:44:29 - System Checkpoint
    RP112: 05/10/2014 11:09:50 - System Checkpoint
    RP113: 06/10/2014 11:52:06 - System Checkpoint
    RP114: 07/10/2014 12:20:36 - System Checkpoint
    RP115: 08/10/2014 13:20:36 - System Checkpoint
    RP116: 09/10/2014 20:20:40 - System Checkpoint
    RP117: 10/10/2014 20:41:45 - System Checkpoint
    RP118: 12/10/2014 11:17:57 - System Checkpoint
    RP119: 13/10/2014 12:09:49 - System Checkpoint
    RP120: 14/10/2014 10:33:09 - System Checkpoint
    RP121: 14/10/2014 22:31:06 - Software Distribution Service 3.0
    RP122: 15/10/2014 22:33:17 - System Checkpoint
    RP123: 18/10/2014 03:32:09 - System Checkpoint
    RP124: 19/10/2014 19:16:53 - System Checkpoint
    RP125: 20/10/2014 23:49:27 - System Checkpoint
    RP126: 22/10/2014 20:50:03 - System Checkpoint
    RP127: 26/10/2014 10:46:27 - System Checkpoint
    RP128: 31/10/2014 21:53:17 - System Checkpoint
    RP129: 01/11/2014 22:53:13 - System Checkpoint
    RP130: 04/11/2014 00:17:46 - System Checkpoint
    RP131: 05/11/2014 21:41:47 - Revo Uninstaller's restore point - Foxit Reader 6.2.3.0815
    RP132: 05/11/2014 21:43:49 - Revo Uninstaller's restore point - Foxit Reader 6.2.3.0815
    RP134: 05/11/2014 21:46:04 - Revo Uninstaller's restore point - AOMEI Backupper Standard Edition 2.0.2
    RP135: 05/11/2014 21:47:02 - Revo Uninstaller's restore point - SAM CoDeC Pack
    RP136: 06/11/2014 21:48:56 - System Checkpoint
    RP137: 08/11/2014 17:58:26 - System Checkpoint
    RP138: 10/11/2014 12:22:10 - System Checkpoint
    RP139: 12/11/2014 10:51:38 - System Checkpoint
    RP140: 12/11/2014 22:45:35 - Software Distribution Service 3.0
    RP141: 15/11/2014 11:04:08 - System Checkpoint
    RP142: 16/11/2014 11:18:28 - System Checkpoint
    RP143: 17/11/2014 00:30:56 - avast! antivirus system restore point
    RP144: 18/11/2014 21:27:36 - System Checkpoint
    RP145: 19/11/2014 22:12:28 - System Checkpoint
    RP146: 21/11/2014 07:38:11 - System Checkpoint
    RP147: 22/11/2014 08:47:05 - System Checkpoint
    RP148: 23/11/2014 23:15:41 - System Checkpoint
    RP149: 24/11/2014 18:23:53 - System Checkpoint
    RP150: 26/11/2014 00:16:08 - System Checkpoint
    RP151: 27/11/2014 00:43:58 - System Checkpoint
    RP152: 28/11/2014 22:44:44 - Revo Uninstaller's restore point - Google Chrome
    RP153: 28/11/2014 22:48:29 - Revo Uninstaller's restore point - Google Chrome
    RP154: 30/11/2014 13:35:10 - System Checkpoint
    RP155: 04/12/2014 00:07:26 - System Checkpoint
    RP156: 05/12/2014 07:51:30 - System Checkpoint
    RP157: 10/12/2014 10:55:27 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 15 ActiveX & Plugin
    Adobe Reader XI (11.0.08)
    Amazing Finds 1.00
    Avast Free Antivirus
    BitComet 1.37
    CCleaner, ?????? 4.14.4808
    Cooking Quest
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition
    Free YouTube to MP3 Converter version 3.12.35.514
    Google Chrome
    Google Drive
    Google Update Helper
    Herods Lost Tomb
    Hidden Mysteries Buckingham Palace
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    HTC Driver Installer
    HTC Sync Manager
    Intel(R) Graphics Media Accelerator Driver
    IPTInstaller
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Legends - Sleepy Hollow 1.00
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    REALTEK RTL8187SE Wireless LAN Driver
    REALTEK RTL8187SE Wireless LAN Driver and Utility
    Redrum Dead Diary
    Revo Uninstaller 1.94
    Righteous Kill
    Rosetta Stone Ltd Services
    Rosetta Stone TOTALe
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2909921)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB2964358)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2803821-v2)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2909212)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    Security Update for Windows XP (KB2936068)
    Security Update for Windows XP (KB2964358)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    VLC media player
    WebFldrs XP
    Winamp
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR 5.10 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/12/2014 10:49:26, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. morpheus201180

    morpheus201180 TS Rookie Topic Starter

    Hi Broni,

    Thanks for looking into this for me. Please see logs pasted below:

    RogueKiller V10.0.9.0 [Dec 8 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Max Joyner [Administrator]
    Mode : Delete -- Date : 12/11/2014 11:23:48

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 3 ¤¤¤
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> Deleted
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
    [IAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : E:\WINDOWS\WinSxS\x86_Avast.VC110.CRT_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\MSVCR110.dll @ 0xd0b80d (jmp dword near [0x64c16268])

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
    --- User ---
    [MBR] d9dca90451c08de74a04fb367c5ce6ff
    [BSP] e86d9534e2e6ffb61c396ab3ddba0d2a : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_12112014_111912.log

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2014.12.11.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Max Joyner :: MAX-0B83641C323 [administrator]

    11/12/2014 11:29:39
    mbar-log-2014-12-11 (11-29-39).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 316042
    Time elapsed: 18 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 1.596000 GHz
    Memory total: 1064480768, free: 181379072

    Downloaded database version: v2014.12.11.01
    Downloaded database version: v2014.12.08.03
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/11/2014 11:28:53
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltMgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    aswVmm.sys
    aswRvrt.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igxpmp32.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\RtsUStor.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\drivers\aswTdi.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\aswRdr.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\igxpgd32.dll
    \SystemRoot\System32\igxprd32.dll
    \SystemRoot\System32\igxpdv32.DLL
    \SystemRoot\System32\igxpdx32.DLL
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\AegisP.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\mbr.sys
    \SystemRoot\System32\Drivers\ST50220.sys
    \??\E:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\E:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8651cab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff8651ed98
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8651cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86573e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8651cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86587260, DeviceName: \Device\00000068\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8651ed98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: E:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: E:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: E:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6E331D41

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 312371200

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Done!
    File "E:\WINDOWS\system32\config\software" is compressed (flags = 1)
    File "E:\WINDOWS\system32\config\software" is compressed (flags = 1)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  5. morpheus201180

    morpheus201180 TS Rookie Topic Starter

    Hi Broni,

    Please see Combofix log below:-

    ComboFix 14-12-10.03 - Max Joyner 12/12/2014 1:11.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.506 [GMT 0:00]
    Running from: e:\documents and settings\Max Joyner\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    e:\documents and settings\Max Joyner\My Documents\~WRD3368.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-12 to 2014-12-12 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-11 11:28 . 2014-12-11 12:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-12-11 11:12 . 2014-12-11 11:12 35064 ----a-w- e:\windows\system32\drivers\TrueSight.sys
    2014-12-11 11:12 . 2014-12-11 11:12 -------- d-----w- e:\documents and settings\All Users\Application Data\RogueKiller
    2014-11-18 20:46 . 2009-01-24 16:36 103424 ----a-r- e:\windows\system32\drivers\qcserxp.sys
    2014-11-18 20:45 . 2014-11-18 20:45 -------- d-----w- e:\program files\Spirent Communications
    2014-11-17 00:33 . 2014-11-17 00:33 291352 ----a-w- e:\windows\system32\aswBoot.exe
    2014-11-17 00:33 . 2014-11-17 00:33 43152 ----a-w- e:\windows\avastSS.scr
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-11 11:28 . 2014-07-30 18:36 119000 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-11 11:27 . 2014-07-30 18:36 55000 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
    2014-12-10 11:10 . 2014-07-30 18:38 290304 ----a-w- e:\windows\system32\subinacl.exe
    2014-11-25 23:28 . 2014-07-30 18:16 787800 ----a-w- e:\windows\system32\drivers\aswsnx.sys
    2014-11-25 23:27 . 2014-07-30 18:16 423784 ----a-w- e:\windows\system32\drivers\aswsp.sys
    2014-11-21 06:14 . 2014-07-30 18:36 23256 ----a-w- e:\windows\system32\drivers\mbam.sys
    2014-11-17 00:33 . 2014-07-30 18:16 57928 ----a-w- e:\windows\system32\drivers\aswTdi.sys
    2014-11-17 00:33 . 2014-07-30 18:16 206248 ----a-w- e:\windows\system32\drivers\aswVmm.sys
    2014-11-17 00:33 . 2014-07-30 18:16 49944 ----a-w- e:\windows\system32\drivers\aswRvrt.sys
    2014-11-17 00:33 . 2014-07-30 18:16 70384 ----a-w- e:\windows\system32\drivers\aswMonFlt.sys
    2014-11-17 00:33 . 2014-07-30 18:16 55240 ----a-w- e:\windows\system32\drivers\aswRdr.sys
    2014-11-17 00:33 . 2014-07-30 18:16 24184 ----a-w- e:\windows\system32\drivers\aswHwid.sys
    2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- e:\program files\AntiDust.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-17 00:33 723976 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-10-21 17:52 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-10-21 17:52 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-10-21 17:52 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-10-21 17:52 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-10-21 17:52 577864 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
    "GoogleDriveSync"="e:\program files\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="e:\windows\system32\igfxtray.exe" [2014-07-30 141848]
    "HotKeysCmds"="e:\windows\system32\hkcmd.exe" [2014-07-30 166424]
    "Persistence"="e:\windows\system32\igfxpers.exe" [2014-07-30 137752]
    "AvastUI.exe"="e:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-25 5226600]
    "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
    "RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    e:\documents and settings\All Users\Start Menu\Programs\Startup\
    REALTEK RTL8187SE Wireless LAN Utility.lnk - e:\program files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe /H [2014-7-30 880640]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "e:\\Program Files\\REALTEK\\8187SE Wireless LAN Utility\\RtWLan.exe"=
    "e:\\Program Files\\BitComet\\BitComet.exe"=
    "e:\\Program Files\\Winamp\\winamp.exe"=
    "e:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "e:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= e:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "e:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
    "e:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
    "e:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
    "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
    "23460:TCP"= 23460:TCP:BitComet 23460 TCP
    "23460:UDP"= 23460:UDP:BitComet 23460 UDP
    "18552:TCP"= 18552:TCP:BitComet 18552 TCP
    "18552:UDP"= 18552:UDP:BitComet 18552 UDP
    .
    R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [30/07/2014 18:16 49944]
    R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [30/07/2014 18:16 206248]
    R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswsnx.sys [30/07/2014 18:16 787800]
    R1 aswSP;aswSP;e:\windows\system32\drivers\aswsp.sys [30/07/2014 18:16 423784]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [30/07/2014 18:49 243128]
    R1 mbamchameleon;mbamchameleon;e:\windows\system32\drivers\mbamchameleon.sys [30/07/2014 18:36 55000]
    R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [30/07/2014 18:16 24184]
    R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [30/07/2014 18:16 70384]
    R2 HTCMonitorService;HTCMonitorService;e:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [04/08/2014 09:21 87368]
    R2 PassThru Service;Internet Pass-Through Service;e:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [17/10/2013 14:27 166912]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;e:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [19/06/2012 15:21 1646608]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;e:\windows\system32\drivers\RtsUStor.sys [12/09/2014 12:37 216280]
    R3 ST50220;Sonix ST50220 USB Video Camera Driver;e:\windows\system32\drivers\ST50220.sys [12/09/2014 12:46 34224]
    S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [12/09/2014 12:40 1691480]
    S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [17/10/2013 14:27 21248]
    S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [18/11/2014 20:46 103424]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMCHAMELEON
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-11-29 00:14 1087304 ----a-w- e:\program files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-11 e:\windows\Tasks\avast! Emergency Update.job
    - e:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17 00:33]
    .
    2014-12-10 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2014-09-07 22:10]
    .
    2014-12-11 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2014-09-07 22:10]
    .
    2014-12-10 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    - e:\windows\system32\xp_eos.exe [2014-07-30 01:59]
    .
    2014-10-08 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - e:\windows\system32\xp_eos.exe [2014-07-30 01:59]
    .
    2014-12-10 e:\windows\Tasks\WGASetup.job
    - e:\windows\system32\KB905474\wgasetup.exe [2014-07-30 21:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    IE: &D&ownload &with BitComet - e:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-12-12 01:28
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(880)
    e:\windows\system32\igfxdev.dll
    .
    Completion time: 2014-12-12 01:32:30
    ComboFix-quarantined-files.txt 2014-12-12 01:32
    .
    Pre-Run: 91,481,640,960 bytes free
    Post-Run: 91,476,213,760 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 0D7F8D28D865A258604A9A0535763732
    8F558EB6672622401DA993E1E865C861
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  7. morpheus201180

    morpheus201180 TS Rookie Topic Starter

    Hi Broni,

    Please see logs below:-

    # AdwCleaner v4.105 - Report created 13/12/2014 at 00:52:24
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-12.1 [Live]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Max Joyner - MAX-0B83641C323
    # Running from : E:\Documents and Settings\Max Joyner\Desktop\adwcleaner_4.105.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v39.0.2171.95

    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=58&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=58&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=&useHistory=0&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&UM=5&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3325290&octid=EB_ORIGINAL_CTID
    [E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=&useHistory=0&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&UM=5&SelfSearch=1&SearchType=SearchWeb&SearchSource=55&ctid=CT3325290&octid=EB_ORIGINAL_CTID

    *************************

    AdwCleaner[R0].txt - [2876 octets] - [13/12/2014 00:46:21]
    AdwCleaner[S0].txt - [2815 octets] - [13/12/2014 00:52:24]

    ########## EOF - E:\AdwCleaner\AdwCleaner[S0].txt - [2875 octets] ##########
     
  8. morpheus201180

    morpheus201180 TS Rookie Topic Starter

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Max Joyner on 13/12/2014 at 1:09:06.65
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 13/12/2014 at 1:19:36.79
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2014
    Ran by Max Joyner (administrator) on MAX-0B83641C323 on 13-12-2014 01:26:44
    Running from E:\Documents and Settings\Max Joyner\Desktop
    Loaded Profile: Max Joyner (Available profiles: Max Joyner)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Intel Corporation) E:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) E:\WINDOWS\system32\igfxpers.exe
    (Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
    (Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE
    (Google) E:\Program Files\Google\Drive\googledrivesync.exe
    (Realtek Semiconductor Corp.) E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe
    (Nero AG) E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    (Rosetta Stone Ltd.) E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    () E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    (Google) E:\Program Files\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe
    (Microsoft Corporation) E:\WINDOWS\system32\wscntfy.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-25] (AVAST Software)
    HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Run: [GoogleDriveSync] => E:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187SE Wireless LAN Utility.lnk
    ShortcutTarget: REALTEK RTL8187SE Wireless LAN Utility.lnk -> E:\Program Files\REALTEK\8187SE Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => E:\Program Files\Google\Drive\googledrivesync32.dll (Google)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-01]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=", "hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=", "hxxp://www.msn.com/?pc=AV01", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=", "https://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?g...-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
    CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
    CHR Profile: E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-29]
    CHR Extension: (Google Docs) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-29]
    CHR Extension: (Google Drive) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-29]
    CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-29]
    CHR Extension: (WOT) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-11-29]
    CHR Extension: (YouTube) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-29]
    CHR Extension: (Google Search) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-29]
    CHR Extension: (Google Sheets) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-29]
    CHR Extension: (Avast Online Security) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-29]
    CHR Extension: (Application Launcher for Drive (by Google)) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-29]
    CHR Extension: (Google Wallet) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-29]
    CHR Extension: (Gmail) - E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-29]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
    CHR HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
    R2 HTCMonitorService; E:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
    R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 RosettaStoneDaemon; E:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AegisP; E:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2014-07-30] (Meetinghouse Data Communications) [File not signed]
    S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
    R2 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-17] ()
    R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-17] (AVAST Software)
    R1 aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-17] (AVAST Software)
    R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-17] ()
    R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
    R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
    R1 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-17] (AVAST Software)
    R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-17] ()
    S3 CCDECODE; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-30] (Disc Soft Ltd)
    S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
    S3 NdisIP; E:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    S3 qcserxp; E:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
    S3 rtl8187Se; E:\WINDOWS\System32\DRIVERS\rtl8187Se.sys [315648 2010-04-01] (Realtek Semiconductor Corporation )
    R3 ST50220; E:\WINDOWS\System32\Drivers\ST50220.sys [34224 2008-11-03] (Sonix)
    S3 catchme; \??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-13 01:26 - 2014-12-13 01:27 - 00014234 _____ () E:\Documents and Settings\Max Joyner\Desktop\FRST.txt
    2014-12-13 01:24 - 2014-12-13 01:26 - 00000000 ____D () E:\FRST
    2014-12-13 01:23 - 2014-12-13 01:23 - 01111040 _____ (Farbar) E:\Documents and Settings\Max Joyner\Desktop\FRST.exe
    2014-12-13 01:19 - 2014-12-13 01:19 - 00000877 _____ () E:\Documents and Settings\Max Joyner\Desktop\JRT.txt
    2014-12-13 01:09 - 2014-12-13 01:09 - 00000000 ____D () E:\WINDOWS\ERUNT
    2014-12-13 01:07 - 2014-12-13 01:07 - 00002955 _____ () E:\Documents and Settings\Max Joyner\Desktop\AdwCleaner[S0].txt
    2014-12-13 01:05 - 2014-12-13 01:05 - 01707646 _____ (Thisisu) E:\Documents and Settings\Max Joyner\Desktop\JRT.exe
    2014-12-13 00:46 - 2014-12-13 00:52 - 00000000 ____D () E:\AdwCleaner
    2014-12-13 00:43 - 2014-12-13 00:43 - 02166272 _____ () E:\Documents and Settings\Max Joyner\Desktop\adwcleaner_4.105.exe
    2014-12-12 01:32 - 2014-12-12 01:32 - 00012229 _____ () E:\ComboFix.txt
    2014-12-12 01:32 - 2014-12-12 01:32 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp
    2014-12-12 01:32 - 2014-12-12 01:32 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp
    2014-12-12 01:32 - 2014-12-12 01:32 - 00000000 ____D () E:\Documents and Settings\Administrator\Local Settings\temp
    2014-12-12 01:07 - 2014-12-12 01:32 - 00000000 ____D () E:\Qoobox
    2014-12-12 01:07 - 2011-06-26 06:45 - 00256000 _____ () E:\WINDOWS\PEV.exe
    2014-12-12 01:07 - 2010-11-07 17:20 - 00208896 _____ () E:\WINDOWS\MBR.exe
    2014-12-12 01:07 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe
    2014-12-12 01:07 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe
    2014-12-12 01:07 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe
    2014-12-12 01:07 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe
    2014-12-12 01:07 - 2000-08-31 00:00 - 00098816 _____ () E:\WINDOWS\sed.exe
    2014-12-12 01:07 - 2000-08-31 00:00 - 00080412 _____ () E:\WINDOWS\grep.exe
    2014-12-12 01:07 - 2000-08-31 00:00 - 00068096 _____ () E:\WINDOWS\zip.exe
    2014-12-12 01:06 - 2014-12-12 01:30 - 00000000 ____D () E:\WINDOWS\erdnt
    2014-12-12 01:03 - 2014-12-12 01:06 - 05600944 ____R (Swearware) E:\Documents and Settings\Max Joyner\Desktop\ComboFix.exe
    2014-12-11 11:28 - 2014-12-11 12:00 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-12-11 11:27 - 2014-12-11 12:00 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Desktop\mbar
    2014-12-11 11:26 - 2014-12-11 11:26 - 16448208 _____ (Malwarebytes Corp.) E:\Documents and Settings\Max Joyner\Desktop\mbar-1.08.2.1001.exe
    2014-12-11 11:25 - 2014-12-11 11:25 - 00001666 _____ () E:\Documents and Settings\Max Joyner\Desktop\RKreport_DEL_12112014_112347.log
    2014-12-11 11:12 - 2014-12-11 11:12 - 00035064 _____ () E:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-12-11 11:12 - 2014-12-11 11:12 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-12-11 11:09 - 2014-12-11 11:09 - 15201368 _____ () E:\Documents and Settings\Max Joyner\Desktop\RogueKiller.exe
    2014-12-10 18:38 - 2014-12-10 18:38 - 00001064 _____ () E:\Documents and Settings\Max Joyner\Desktop\Mbytes.txt
    2014-12-10 18:36 - 2014-12-10 18:36 - 00001060 _____ () E:\Documents and Settings\Max Joyner\My Documents\HF.txt
    2014-12-10 18:21 - 2014-12-10 18:21 - 00016009 _____ () E:\Documents and Settings\Max Joyner\Desktop\attach.txt
    2014-12-10 18:21 - 2014-12-10 18:21 - 00008454 _____ () E:\Documents and Settings\Max Joyner\Desktop\dds.txt
    2014-12-10 18:18 - 2014-12-10 18:18 - 00688992 ____R (Swearware) E:\Documents and Settings\Max Joyner\Desktop\dds.com
    2014-12-06 00:01 - 2014-12-06 00:01 - 00000535 _____ () E:\WINDOWS\wmsetup.log
    2014-12-05 22:46 - 2014-12-05 22:46 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Desktop\Paul Mooney Peice of my mind
    2014-12-04 23:57 - 2014-12-04 23:57 - 00027136 _____ () E:\Documents and Settings\Max Joyner\Desktop\christmas list.xls
    2014-11-29 00:15 - 2014-12-12 10:28 - 00001813 _____ () E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-11-29 00:15 - 2014-11-29 00:15 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    2014-11-18 20:46 - 2009-01-24 16:36 - 00103424 ____R (QUALCOMM Incorporated) E:\WINDOWS\system32\Drivers\qcserxp.sys
    2014-11-18 20:45 - 2014-11-18 20:45 - 00000000 ____D () E:\Program Files\Spirent Communications
    2014-11-17 00:33 - 2014-11-17 00:33 - 00291352 _____ (AVAST Software) E:\WINDOWS\system32\aswBoot.exe
    2014-11-17 00:33 - 2014-11-17 00:33 - 00043152 _____ (AVAST Software) E:\WINDOWS\avastSS.scr
    2014-11-17 00:33 - 2014-11-17 00:33 - 00001731 _____ () E:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-13 01:27 - 2014-09-30 21:18 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Temp
    2014-12-13 01:26 - 2014-09-07 22:10 - 00000886 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-13 00:59 - 2014-07-30 18:16 - 00000364 ____H () E:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-12-13 00:56 - 2014-07-30 19:43 - 00000268 _____ () E:\WINDOWS\Tasks\WGASetup.job
    2014-12-13 00:55 - 2014-10-05 18:58 - 00000000 ___RD () E:\Documents and Settings\Max Joyner\My Documents\Google Drive
    2014-12-13 00:55 - 2014-07-30 13:11 - 01755093 _____ () E:\WINDOWS\WindowsUpdate.log
    2014-12-13 00:54 - 2014-09-30 21:30 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\HTC MediaHub
    2014-12-13 00:54 - 2014-09-07 22:10 - 00000882 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-13 00:54 - 2014-07-30 20:03 - 00000232 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-12-13 00:54 - 2014-07-30 17:32 - 00000387 _____ () E:\WINDOWS\RTacDbg.txt
    2014-12-13 00:54 - 2014-07-30 14:01 - 00000157 _____ () E:\WINDOWS\wiadebug.log
    2014-12-13 00:54 - 2014-07-30 14:01 - 00000050 _____ () E:\WINDOWS\wiaservc.log
    2014-12-13 00:54 - 2014-07-30 13:21 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
    2014-12-13 00:54 - 2014-07-30 13:17 - 00000000 __SHD () E:\Documents and Settings\NetworkService
    2014-12-13 00:54 - 2001-10-05 00:16 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl
    2014-12-13 00:53 - 2014-07-30 20:17 - 00065536 _____ () E:\WINDOWS\system32\config\OAlerts.evt
    2014-12-13 00:53 - 2014-07-30 13:21 - 00032430 _____ () E:\WINDOWS\SchedLgU.Txt
    2014-12-13 00:52 - 2014-07-30 13:22 - 00000178 ___SH () E:\Documents and Settings\Max Joyner\ntuser.ini
    2014-12-12 01:28 - 2001-10-05 00:16 - 00000227 _____ () E:\WINDOWS\system.ini
    2014-12-12 01:04 - 2014-09-27 01:16 - 00000000 ____D () E:\Documents and Settings\Max Joyner\My Documents\Outlook Files
    2014-12-11 11:28 - 2014-07-30 18:36 - 00119000 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-12-11 11:27 - 2014-07-30 18:36 - 00055000 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-12-11 01:23 - 2014-07-30 20:09 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Microsoft Help
    2014-12-11 01:22 - 2014-07-30 19:25 - 00000000 ____D () E:\WINDOWS\system32\MRT
    2014-12-11 01:07 - 2014-07-30 19:25 - 109818608 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
    2014-12-10 17:29 - 2014-07-30 18:36 - 00000777 _____ () E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-10 17:29 - 2014-07-30 18:36 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware
    2014-12-10 17:29 - 2014-07-30 18:36 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-10 15:38 - 2014-08-28 03:40 - 00276119 _____ () E:\WINDOWS\setupapi.log
    2014-12-10 11:39 - 2014-08-01 01:25 - 00000000 ____D () E:\Documents and Settings\Max Joyner\My Documents\Work
    2014-12-10 11:25 - 2014-07-30 18:38 - 00000000 ____D () E:\Program Files\Adware-Removal-Tool
    2014-12-10 11:10 - 2014-07-30 18:38 - 00290304 _____ (Microsoft Corporation) E:\WINDOWS\system32\subinacl.exe
    2014-11-30 17:07 - 2014-08-27 00:24 - 00000444 _____ () E:\WINDOWS\brwmark.ini
    2014-11-30 16:00 - 2014-07-30 20:15 - 00002459 _____ () E:\Documents and Settings\Max Joyner\Desktop\Microsoft Excel 2010.lnk
    2014-11-29 14:48 - 2014-07-30 20:15 - 00002501 _____ () E:\Documents and Settings\Max Joyner\Desktop\Microsoft Word 2010.lnk
    2014-11-29 00:15 - 2014-07-30 17:45 - 00000000 ____D () E:\Program Files\Google
    2014-11-29 00:15 - 2014-07-30 17:45 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google
    2014-11-28 22:45 - 2014-07-30 13:22 - 00000803 _____ () E:\Documents and Settings\Max Joyner\Start Menu\Programs\Internet Explorer.lnk
    2014-11-25 23:31 - 2014-07-30 13:58 - 00004772 _____ () E:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-25 23:28 - 2014-07-30 18:16 - 00787800 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswsnx.sys
    2014-11-25 23:27 - 2014-07-30 18:16 - 00423784 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswsp.sys
    2014-11-21 06:14 - 2014-07-30 18:36 - 00023256 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbam.sys
    2014-11-18 20:48 - 2014-09-30 21:27 - 00001768 _____ () E:\Documents and Settings\All Users\Desktop\HTC Sync Manager.lnk
    2014-11-18 20:47 - 2014-09-29 22:09 - 00109334 _____ () E:\WINDOWS\DPINST.LOG
    2014-11-18 20:46 - 2014-09-30 21:25 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\HTC
    2014-11-18 20:46 - 2014-07-30 20:26 - 00000000 ____D () E:\WINDOWS\system32\ReinstallBackups
    2014-11-18 20:45 - 2014-09-29 22:10 - 00000000 ____D () E:\Program Files\HTC
    2014-11-18 20:41 - 2014-09-29 22:25 - 00000000 ____D () E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Downloaded Installations
    2014-11-17 00:33 - 2014-07-30 18:16 - 00206248 _____ () E:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-11-17 00:33 - 2014-07-30 18:16 - 00070384 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-11-17 00:33 - 2014-07-30 18:16 - 00057928 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-11-17 00:33 - 2014-07-30 18:16 - 00055240 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-11-17 00:33 - 2014-07-30 18:16 - 00049944 _____ () E:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-11-17 00:33 - 2014-07-30 18:16 - 00024184 _____ () E:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-11-15 21:53 - 2014-07-30 20:15 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office

    Some content of TEMP:
    ====================
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    E:\WINDOWS\explorer.exe => File is digitally signed
    E:\WINDOWS\system32\winlogon.exe => File is digitally signed
    E:\WINDOWS\system32\svchost.exe => File is digitally signed
    E:\WINDOWS\system32\services.exe => File is digitally signed
    E:\WINDOWS\system32\User32.dll => File is digitally signed
    E:\WINDOWS\system32\userinit.exe => File is digitally signed
    E:\WINDOWS\system32\rpcss.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================
     
  9. morpheus201180

    morpheus201180 TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2014
    Ran by Max Joyner at 2014-12-13 01:28:36
    Running from E:\Documents and Settings\Max Joyner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX & Plugin (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Amazing Finds 1.00 (HKLM\...\Amazing Finds 1.00) (Version: - )
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
    CCleaner, версия 4.14.4808 (HKLM\...\{80BD3FC0-9C5F-4ADA-83C7-91DC8E24D0B2}_is1) (Version: 4.14.4808 - Salat Production)
    Cooking Quest (HKLM\...\Cooking Quest) (Version: - )
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Free YouTube to MP3 Converter version 3.12.35.514 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Herods Lost Tomb (HKLM\...\Herods Lost Tomb1.0.0) (Version: 1.0.0 - Adnan_Boy 2008)
    Hidden Mysteries Buckingham Palace (HKLM\...\Hidden Mysteries Buckingham Palace1.0) (Version: 1.0 - Big Fish Games Inc.)
    HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery Legends - Sleepy Hollow 1.00 (HKLM\...\Mystery Legends - Sleepy Hollow 1.00) (Version: - )
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.17.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7116 - Realtek Semiconductor Corp.)
    REALTEK RTL8187SE Wireless LAN Driver (HKLM\...\{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}) (Version: Package:1.00.0035 Driver:5.9067.710.2008 - REALTEK Semiconductor Corp.)
    REALTEK RTL8187SE Wireless LAN Driver and Utility (HKLM\...\{4DA7C45A-BE9E-4538-B233-F829D59545D1}) (Version: Package:1.00.0065 Driver:5.9067.710.2008 UI:600.1552.716.2008 - REALTEK Semiconductor Corp.)
    Redrum Dead Diary (HKLM\...\Redrum Dead Diary1.0.0.1) (Version: 1.0.0.1 - Big Fish Games Inc.)
    Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
    Righteous Kill (HKLM\...\Righteous Kill1.0) (Version: 1.0 - Adnan_Boy 2008)
    Rosetta Stone Ltd Services (HKLM\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
    Rosetta Stone TOTALe (HKLM\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    30-09-2014 21:08:43 Removed HTC Sync Manager.
    30-09-2014 21:12:03 Revo Uninstaller's restore point - HTC Driver Installer
    30-09-2014 21:12:19 Removed HTC Driver Installer.
    30-09-2014 21:27:02 Installed HTC Sync Manager.
    30-09-2014 21:32:39 Unsigned driver install
    01-10-2014 21:40:00 Software Distribution Service 3.0
    03-10-2014 06:41:16 System Checkpoint
    04-10-2014 09:44:29 System Checkpoint
    05-10-2014 10:09:50 System Checkpoint
    06-10-2014 10:52:06 System Checkpoint
    07-10-2014 11:20:36 System Checkpoint
    08-10-2014 12:20:36 System Checkpoint
    09-10-2014 19:20:40 System Checkpoint
    10-10-2014 19:41:45 System Checkpoint
    12-10-2014 10:17:57 System Checkpoint
    13-10-2014 11:09:49 System Checkpoint
    14-10-2014 09:33:09 System Checkpoint
    14-10-2014 21:31:06 Software Distribution Service 3.0
    15-10-2014 21:33:17 System Checkpoint
    18-10-2014 02:32:09 System Checkpoint
    19-10-2014 18:16:53 System Checkpoint
    20-10-2014 22:49:27 System Checkpoint
    22-10-2014 19:50:03 System Checkpoint
    26-10-2014 10:46:27 System Checkpoint
    31-10-2014 21:53:17 System Checkpoint
    01-11-2014 22:53:13 System Checkpoint
    04-11-2014 00:17:46 System Checkpoint
    05-11-2014 21:41:47 Revo Uninstaller's restore point - Foxit Reader 6.2.3.0815
    05-11-2014 21:43:49 Revo Uninstaller's restore point - Foxit Reader 6.2.3.0815
    05-11-2014 21:44:01 Revo Uninstaller's restore point - FastStone Image Viewer, версия 5.1
    05-11-2014 21:46:04 Revo Uninstaller's restore point - AOMEI Backupper Standard Edition 2.0.2
    05-11-2014 21:47:02 Revo Uninstaller's restore point - SAM CoDeC Pack
    06-11-2014 21:48:56 System Checkpoint
    08-11-2014 17:58:26 System Checkpoint
    10-11-2014 12:22:10 System Checkpoint
    12-11-2014 10:51:38 System Checkpoint
    12-11-2014 22:45:35 Software Distribution Service 3.0
    15-11-2014 11:04:08 System Checkpoint
    16-11-2014 11:18:28 System Checkpoint
    17-11-2014 00:30:56 avast! antivirus system restore point
    18-11-2014 21:27:36 System Checkpoint
    19-11-2014 22:12:28 System Checkpoint
    21-11-2014 07:38:11 System Checkpoint
    22-11-2014 08:47:05 System Checkpoint
    23-11-2014 23:15:41 System Checkpoint
    24-11-2014 18:23:53 System Checkpoint
    26-11-2014 00:16:08 System Checkpoint
    27-11-2014 00:43:58 System Checkpoint
    28-11-2014 22:44:44 Revo Uninstaller's restore point - Google Chrome
    28-11-2014 22:48:29 Revo Uninstaller's restore point - Google Chrome
    30-11-2014 13:35:10 System Checkpoint
    04-12-2014 00:07:26 System Checkpoint
    05-12-2014 07:51:30 System Checkpoint
    10-12-2014 10:55:27 System Checkpoint
    11-12-2014 01:06:46 Software Distribution Service 3.0
    11-12-2014 11:26:22 Techspot Clean December 2014

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-12-12 01:28 - 2014-12-12 01:28 - 00000027 ____A E:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: E:\WINDOWS\Tasks\avast! Emergency Update.job => E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
    Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe
    Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => E:\WINDOWS\system32\xp_eos.exe
    Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => E:\WINDOWS\system32\xp_eos.exe
    Task: E:\WINDOWS\Tasks\WGASetup.job => E:\WINDOWS\system32\KB905474\wgasetup.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-12-13 00:35 - 2014-12-13 00:35 - 02905600 _____ () E:\Program Files\AVAST Software\Avast\defs\14121201\algo.dll
    2014-07-30 18:15 - 2014-11-17 00:33 - 38562088 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
    2014-07-30 17:31 - 2006-10-26 21:30 - 00131072 _____ () E:\Program Files\REALTEK\8187SE Wireless LAN Utility\EnumDevLib.dll
    2014-07-30 17:31 - 2005-07-20 03:53 - 00966765 _____ () E:\Program Files\REALTEK\8187SE Wireless LAN Utility\acAuth.dll
    2014-08-08 18:50 - 2014-08-08 18:50 - 00031080 _____ () E:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
    2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () E:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
    2014-08-08 18:51 - 2014-08-08 18:51 - 00059752 _____ () E:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
    2014-08-08 18:51 - 2014-08-08 18:51 - 00036216 _____ () E:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2014-08-08 18:51 - 2014-08-08 18:51 - 00080248 _____ () E:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
    2014-08-08 18:52 - 2014-08-08 18:52 - 00129376 _____ () E:\Program Files\HTC\HTC Sync Manager\zlib1.dll
    2014-08-08 18:53 - 2014-08-08 18:53 - 00223592 _____ () E:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
    2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () E:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    2014-12-13 00:54 - 2014-12-13 00:54 - 00098816 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32api.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00110080 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\pywintypes27.dll
    2014-12-13 00:54 - 2014-12-13 00:54 - 00364544 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\pythoncom27.dll
    2014-12-13 00:54 - 2014-12-13 00:54 - 00045568 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\_socket.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 01160704 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\_ssl.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00320512 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32com.shell.shell.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00713216 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\_hashlib.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 01175040 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\wx._core_.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00805888 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\wx._gdi_.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00811008 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\wx._windows_.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 01062400 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\wx._controls_.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00735232 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\wx._misc_.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00128512 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\_elementtree.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00127488 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\pyexpat.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00557056 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\pysqlite2._sqlite.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00087552 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\_ctypes.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00119808 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32file.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00108544 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32security.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00007168 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\hashobjs_ext.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00167936 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32gui.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00018432 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32event.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00038912 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32inet.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00011264 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32crypt.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00070656 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\wx._html2.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00027136 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\_multiprocessing.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00035840 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32process.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00686080 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\unicodedata.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00122368 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\wx._wizard.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00024064 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32pipe.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00025600 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32pdh.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00525640 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\windows._lib_cacheinvalidation.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00010240 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\select.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00017408 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32profile.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00022528 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\win32ts.pyd
    2014-12-13 00:54 - 2014-12-13 00:54 - 00078336 _____ () E:\Documents and Settings\Max Joyner\Local Settings\Temp\_MEI4322\wx._animate.pyd
    2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () E:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () E:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: E:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
    AlternateDataStreams: E:\Documents and Settings\All Users\Application Data\TEMP:918B7566

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1292428093-688789844-527237240-500 - Administrator - Enabled)
    Guest (S-1-5-21-1292428093-688789844-527237240-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1292428093-688789844-527237240-1000 - Limited - Disabled)
    Max Joyner (S-1-5-21-1292428093-688789844-527237240-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Max Joyner
    SUPPORT_388945a0 (S-1-5-21-1292428093-688789844-527237240-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name: 802.11b/g Mini Card Wireless Adapter
    Description: 802.11b/g Mini Card Wireless Adapter
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Realtek Semiconductor Corp.
    Service: rtl8187Se
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: USB Device
    Description: USB Device
    Class Guid: {7240100F-6512-4548-8418-9EBB5C6A1A94}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/12/2014 01:22:36 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

    Error: (12/12/2014 01:22:16 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

    Error: (12/11/2014 03:43:38 PM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
    Description: Faulting application outlook.exe, version 14.0.4734.1000, stamp 4b58fdfa, faulting module outlook.exe, version 14.0.4734.1000, stamp 4b58fdfa, debug? 0, fault address 0x0010630a.

    Error: (12/10/2014 05:21:18 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 1678620484.

    Error: (12/10/2014 05:19:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 14.0.4734.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/29/2014 02:48:58 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
    Description: Microsoft Word: Rejected Safe Mode action : Word failed to start correctly last time. Starting Word in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

    Do you want to start Word in safe mode?.
    Rejected Safe Mode action : Microsoft Word.

    Error: (11/27/2014 10:49:42 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80004002 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Error: (11/27/2014 10:46:33 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80004002 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Error: (11/27/2014 10:24:48 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80004002 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Error: (11/27/2014 10:21:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80004002 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.


    System errors:
    =============
    Error: (12/10/2014 11:26:46 AM) (Source: DCOM) (EventID: 10010) (User: MAX-0B83641C323)
    Description: The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register with DCOM within the required timeout.

    Error: (12/10/2014 10:49:29 AM) (Source: W32Time) (EventID: 29) (User: )
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible.
    No attempt to contact a source will be made for 14 minutes.
    NtpClient has no source of accurate time.

    Error: (12/10/2014 10:49:29 AM) (Source: W32Time) (EventID: 17) (User: )
    Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
    configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
    minutes.
    The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    Error: (12/10/2014 10:49:26 AM) (Source: W32Time) (EventID: 29) (User: )
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible.
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.

    Error: (12/10/2014 10:49:26 AM) (Source: W32Time) (EventID: 17) (User: )
    Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
    configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
    minutes.
    The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    Error: (12/10/2014 10:49:26 AM) (Source: W32Time) (EventID: 29) (User: )
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible.
    No attempt to contact a source will be made for 14 minutes.
    NtpClient has no source of accurate time.

    Error: (12/10/2014 10:49:26 AM) (Source: W32Time) (EventID: 17) (User: )
    Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
    configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
    minutes.
    The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    Error: (12/10/2014 10:39:45 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
    Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

    Error: (11/30/2014 02:01:07 PM) (Source: Dhcp) (EventID: 1001) (User: )
    Description: Your computer was not assigned an address from the network (by the DHCP
    Server) for the Network Card with network address 001D92CBEF24. The following error
    occurred:
    %%121.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Error: (11/28/2014 11:48:21 PM) (Source: W32Time) (EventID: 29) (User: )
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible.
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.


    Microsoft Office Sessions:
    =========================
    Error: (12/12/2014 01:22:36 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

    Error: (12/12/2014 01:22:16 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

    Error: (12/11/2014 03:43:38 PM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
    Description: outlook.exe14.0.4734.10004b58fdfaoutlook.exe14.0.4734.10004b58fdfa00010630a

    Error: (12/10/2014 05:21:18 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 1678620484

    Error: (12/10/2014 05:19:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: WINWORD.EXE14.0.4734.1000hungapp0.0.0.000000000

    Error: (11/29/2014 02:48:58 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
    Description: Microsoft WordWord failed to start correctly last time. Starting Word in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

    Do you want to start Word in safe mode?

    Error: (11/27/2014 10:49:42 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480004002

    Error: (11/27/2014 10:46:33 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480004002

    Error: (11/27/2014 10:24:48 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480004002

    Error: (11/27/2014 10:21:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480004002


    ==================== Memory info ===========================

    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    Percentage of memory in use: 31%
    Total physical RAM: 1015.17 MB
    Available physical RAM: 698.41 MB
    Total Pagefile: 2442.1 MB
    Available Pagefile: 2057.21 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1944 MB

    ==================== Drives ================================

    Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive e: () (Fixed) (Total:148.95 GB) (Free:84.86 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 6E331D41)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. morpheus201180

    morpheus201180 TS Rookie Topic Starter

    Hi Broni,

    I noticed that when I logged onto the internet the search conduit tabs didn't come up. Please see log below:-

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-12-2014
    Ran by Max Joyner at 2014-12-13 02:21:36 Run:1
    Running from E:\Documents and Settings\Max Joyner\Desktop
    Loaded Profile: Max Joyner (Available profiles: Max Joyner)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=", "hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=", "hxxp://www.msn.com/?pc=AV01", "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=", "https://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?g...-4E1F-BC5C-F26C898B87B9&q={searchTerms}&SSPV=
    CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
    CHR HKU\S-1-5-21-1292428093-688789844-527237240-1003\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    S3 catchme; \??\E:\DOCUME~1\MAXJOY~1\LOCALS~1\Temp\catchme.sys [X]
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll
    AlternateDataStreams: E:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
    AlternateDataStreams: E:\Documents and Settings\All Users\Application Data\TEMP:918B7566


    *****************

    "HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    Chrome DefaultSearchURL deleted successfully.
    Chrome DefaultSuggestURL deleted successfully.
    "HKU\S-1-5-21-1292428093-688789844-527237240-1003\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
    catchme => Service deleted successfully.
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\Quarantine.exe => Moved successfully.
    E:\Documents and Settings\Max Joyner\Local Settings\Temp\sqlite3.dll => Moved successfully.
    E:\Documents and Settings\All Users\Application Data\TEMP => ":5C6EBC69" ADS removed successfully.
    E:\Documents and Settings\All Users\Application Data\TEMP => ":918B7566" ADS removed successfully.

    ==== End of Fixlog ====
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good news :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  13. morpheus201180

    morpheus201180 TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.93
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Please wait while WMIC is being installed.d
    I
    s
    p
    l
    a
    y
    N
    a
    m
    e
    ECHO is off.
    a
    v
    a
    s
    t
    !
    ECHO is off.
    A
    n
    t
    I
    v
    I
    r
    u
    s
    ECHO is off.
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    CCleaner, ?????? 4.14.4808
    Adobe Flash Player 15.0.0.152 Flash Player out of Date!
    Adobe Reader XI
    Google Chrome (39.0.2171.71)
    Google Chrome (39.0.2171.95)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive E:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 21-07-2014
    Ran by Max Joyner (administrator) on 13-12-2014 at 02:49:09
    Running from "E:\Documents and Settings\Max Joyner\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    E:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    E:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    E:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    E:\WINDOWS\system32\netman.dll => File is digitally signed
    E:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    E:\WINDOWS\system32\srsvc.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    E:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    E:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    E:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    E:\WINDOWS\system32\qmgr.dll => File is digitally signed
    E:\WINDOWS\system32\es.dll => File is digitally signed
    E:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    E:\WINDOWS\system32\svchost.exe => File is digitally signed
    E:\WINDOWS\system32\rpcss.dll => File is digitally signed
    E:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    AegisP(8) aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
    IpSec Tag value is correct.

    **** End of log ****

    2014-12-13 03:07:04.328 Sophos Virus Removal Tool version 2.5.4
    2014-12-13 03:07:04.328 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2014-12-13 03:07:04.328 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2014-12-13 03:07:04.328 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2014-12-13 03:07:04.328 Checking for updates...
    2014-12-13 03:07:04.968 Update progress: proxy server not available
    2014-12-13 03:07:43.171 Option all = no
    2014-12-13 03:07:43.171 Option recurse = yes
    2014-12-13 03:07:43.171 Option archive = no
    2014-12-13 03:07:43.171 Option service = yes
    2014-12-13 03:07:43.171 Option confirm = yes
    2014-12-13 03:07:43.171 Option sxl = yes
    2014-12-13 03:07:43.187 Option max-data-age = 35
    2014-12-13 03:07:43.187 Option EnableSafeClean = yes
    2014-12-13 03:07:45.265 Option vdl-logging = yes
    2014-12-13 03:07:45.328 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2014-12-13 03:07:45.328 Machine ID: c9db1e39fdf9436b97f996046311ca79
    2014-12-13 03:07:45.750 Component SVRTcli.exe version 2.5.4
    2014-12-13 03:07:45.750 Component control.dll version 2.5.4
    2014-12-13 03:07:45.750 Component SVRTservice.exe version 2.5.4
    2014-12-13 03:07:45.765 Component engine\osdp.dll version 1.44.1.2183
    2014-12-13 03:07:45.765 Component engine\veex.dll version 3.58.3.2183
    2014-12-13 03:07:45.765 Component engine\savi.dll version 8.1.5.2183
    2014-12-13 03:07:45.812 Component rkdisk.dll version 1.5.30.0
    2014-12-13 03:07:45.812 Version info: Product version 2.5.4
    2014-12-13 03:07:45.828 Version info: Detection engine 3.58.3
    2014-12-13 03:07:45.828 Version info: Detection data 5.08
    2014-12-13 03:07:45.828 Version info: Build date 11/11/2014
    2014-12-13 03:07:45.828 Version info: Data files added 384
    2014-12-13 03:07:45.828 Version info: Last successful update (not yet updated)
    2014-12-13 03:07:53.562 Downloading updates...
    2014-12-13 03:07:53.593 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2014-12-13 03:07:53.593 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2014-12-13 03:07:53.593 Update progress: [I49502] Found supplement IDE509 LATEST
    2014-12-13 03:07:53.593 Update progress: [I49502] Found supplement IDE510 LATEST
    2014-12-13 03:07:53.593 Update progress: [I49502] Found supplement IDE511 LATEST
    2014-12-13 03:07:53.593 Update progress: [I49502] Found supplement IDE512 LATEST
    2014-12-13 03:07:53.593 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2014-12-13 03:07:53.593 Update progress: [I19463] Syncing product SAVIW32 48
    2014-12-13 03:08:19.500 Update progress: [I19463] Syncing product IDE509 177
    2014-12-13 03:08:26.796 Installing updates...
    2014-12-13 03:08:29.843 Error level 1
    2014-12-13 03:08:30.078 Update progress: [I19463] Syncing product IDE510 179
    2014-12-13 03:08:30.078 Update progress: [I19463] Syncing product IDE511 31
    2014-12-13 03:08:30.078 Update progress: [I19463] Syncing product IDE512 1
    2014-12-13 03:09:02.031 Update successful
    2014-12-13 03:09:36.453 Option all = no
    2014-12-13 03:09:36.453 Option recurse = yes
    2014-12-13 03:09:36.453 Option archive = no
    2014-12-13 03:09:36.453 Option service = yes
    2014-12-13 03:09:36.453 Option confirm = yes
    2014-12-13 03:09:36.453 Option sxl = yes
    2014-12-13 03:09:36.453 Option max-data-age = 35
    2014-12-13 03:09:36.453 Option EnableSafeClean = yes
    2014-12-13 03:09:36.687 Option vdl-logging = yes
    2014-12-13 03:09:36.718 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2014-12-13 03:09:36.718 Machine ID: c9db1e39fdf9436b97f996046311ca79
    2014-12-13 03:09:36.843 Component SVRTcli.exe version 2.5.4
    2014-12-13 03:09:36.843 Component control.dll version 2.5.4
    2014-12-13 03:09:36.843 Component SVRTservice.exe version 2.5.4
    2014-12-13 03:09:36.843 Component engine\osdp.dll version 1.44.1.2183
    2014-12-13 03:09:36.843 Component engine\veex.dll version 3.58.3.2183
    2014-12-13 03:09:36.843 Component engine\savi.dll version 8.1.5.2183
    2014-12-13 03:09:36.984 Component rkdisk.dll version 1.5.30.0
    2014-12-13 03:09:36.984 Version info: Product version 2.5.4
    2014-12-13 03:09:36.984 Version info: Detection engine 3.58.3
    2014-12-13 03:09:36.984 Version info: Detection data 5.08G
    2014-12-13 03:09:36.984 Version info: Build date 11/11/2014
    2014-12-13 03:09:36.984 Version info: Data files added 384
    2014-12-13 03:09:36.984 Version info: Last successful update 12/13/2014 3:09:02 AM

    2014-12-13 03:51:57.093 Could not open E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session
    2014-12-13 03:51:57.093 Could not open E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs
    2014-12-13 03:51:57.187 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2014-12-13 03:51:57.234 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2014-12-13 03:52:14.875 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2014-12-13 03:52:16.437 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2014-12-13 03:52:21.187 Could not check E:\Documents and Settings\Max Joyner\Local Settings\Application Data\Google\Drive\lockfile (virus scan failed)
    2014-12-13 04:00:57.484 >>> Virus 'Mal/Generic-S' found in file E:\Program Files\Games\New Folder\herod.exe
    2014-12-13 04:00:57.484 >>> Virus 'Mal/Generic-S' found in file E:\Program Files\Games\New Folder\herod.exe
    2014-12-13 04:00:57.484 >>> Virus 'Mal/Generic-S' found in file E:\Program Files\Games\New Folder\herod.exe
    2014-12-13 04:00:57.484 >>> Virus 'Mal/Generic-S' found in file E:\Documents and Settings\Max Joyner\Desktop\Herods Lost Tomb.lnk
    2014-12-13 04:00:57.484 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1292428093-688789844-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2014-12-13 04:00:57.484 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2014-12-13 04:00:57.484 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
    2014-12-13 04:00:57.500 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
    2014-12-13 04:00:57.500 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2014-12-13 04:00:57.500 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
    2014-12-13 04:00:57.500 >>> Virus 'Mal/Generic-S' found in file E:\Documents and Settings\Max Joyner\Desktop\Herods Lost Tomb.lnk
    2014-12-13 04:00:57.500 >>> Virus 'Mal/Generic-S' found in file E:\Documents and Settings\Max Joyner\Desktop\Herods Lost Tomb.lnk
    2014-12-13 04:32:29.546 The following items will be cleaned up:
    2014-12-13 04:32:29.546 Mal/Generic-S
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    =======================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  15. morpheus201180

    morpheus201180 TS Rookie Topic Starter

    Thanks for your help Broni, My lap top is working fine now.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...