Solved Have connection but can't get online

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
x :: DNEC-542FEA97BA [administrator]

1/20/2015 5:57:14 PM
mbar-log-2015-01-20 (17-57-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 425420
Time elapsed: 1 hour(s), 18 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 937693184, free: 125411328

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 937693184, free: 289665024

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 937693184, free: 745553920

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 937693184, free: 739110912

Host not found
Host not found
=======================================
Initializing...
------------ Kernel report ------------
01/20/2015 17:56:14
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SYMDS.SYS
sr.sys
SYMEFA.SYS
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2014.11.18.05
rootkit: v2014.11.12.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85b58030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85bdf8d0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85b58030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85b5e2e0, DeviceName: \Device\00000091\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85b5dd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 156296322
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8587e030, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8587ee08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8587e030, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff858c41c0, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff858ec470, DeviceName: \Device\000000a3\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
Partition information:

This drive is a Single Partition removable Drive.
Partition is not bootable

Disk Size: 4008706048 bytes
Sector size: 512 bytes

Done!
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
Good :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
AppRemover won't uninstall CA Security Suite. It just keeps saying "Detecting your installed applications". It will keep searching for hours without finding anything.
 
Try Revo...

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the program you want to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish.
 
Okay, I ran Revo and got rid of CA internet security along with 250 registry settings. Then I tried to run Combofix. Combofix said that I had Norton Business Suite running. So I ran Revo again to get rid of Norton Business Suite. It ran the program's uninstall utility and uninstalled the program. Then it showed a screen saying that the computer needed to be restarted and to click "here" to restart now. I did that. I thought that when the computer rebooted, the Revo uninstaller would return and let me remove the leftovers. That didn't happen. Since it wasn't listed under programs and the desktop icon was gone, I assumed that it was completely gone.
I ran ComboFix again and it said that Norton scanner was still running. It's not showing up with Revo Uninstaller anymore. Not sure how to proceed.
 
Okay, running ComboFix. It can't download Recovery Console because there is no internet connection. Saying "kindly connect before clicking OK".
 
ComboFix has been running for about 6 hours. There is a blue screen that says "scanning for infected files ... this typically doesn't take more than 10 minutes. However, scan times for badly infected machines may easily double". Then there is just a blinking cursor. It is not listing any files being scanned. Just want to be sure this is normal.
 
Here is the ComboFix log:

ComboFix 15-01-22.02 - x 01/22/2015 15:32:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.278 [GMT -5:00]
Running from: c:\documents and settings\x\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Business Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Business Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\x\Desktop\Setup.exe
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-12-22 to 2015-01-22 )))))))))))))))))))))))))))))))
.
.
2015-01-22 16:26 . 2015-01-22 16:44 -------- d-----w- c:\windows\system32\MRT
2015-01-21 23:07 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2015-01-21 23:07 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2015-01-21 23:00 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2015-01-21 23:00 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2015-01-21 22:59 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2015-01-21 22:59 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2015-01-21 22:57 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2015-01-21 22:57 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2015-01-21 22:54 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2015-01-21 22:54 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2015-01-21 22:54 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2015-01-21 22:54 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2015-01-21 22:46 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2015-01-21 22:46 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2015-01-21 22:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2015-01-21 17:14 . 2015-01-21 17:26 -------- d-----w- c:\program files\VS Revo Group
2015-01-20 22:56 . 2015-01-21 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-01-20 05:16 . 2015-01-20 05:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-20 05:15 . 2015-01-20 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2015-01-20 01:49 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2015-01-20 01:49 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2015-01-18 22:39 . 2015-01-21 18:17 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-18 22:32 . 2015-01-20 22:54 108632 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-18 22:32 . 2014-11-21 11:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-18 22:32 . 2015-01-18 22:33 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-01-16 19:18 . 2015-01-16 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2015-01-16 06:57 . 2015-01-16 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-01-16 06:52 . 2015-01-16 06:52 -------- d-----w- C:\TDSSKiller_Quarantine
2015-01-16 04:37 . 2015-01-16 04:37 -------- d-----w- c:\documents and settings\x\Application Data\AVAST Software
2015-01-16 04:31 . 2015-01-16 04:31 -------- d-----w- c:\windows\jumpshot.com
2015-01-16 04:30 . 2015-01-16 04:30 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-01-16 04:30 . 2015-01-16 04:30 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-01-16 04:30 . 2015-01-21 18:51 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-01-16 04:30 . 2015-01-16 04:30 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-01-16 04:30 . 2015-01-16 04:30 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-01-16 04:30 . 2015-01-16 04:30 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-01-16 04:30 . 2015-01-16 04:30 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-01-16 04:30 . 2015-01-21 18:52 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-01-16 04:30 . 2015-01-16 04:30 291352 ----a-w- c:\windows\system32\aswBoot.exe
2015-01-16 04:30 . 2015-01-16 04:30 43152 ----a-w- c:\windows\avastSS.scr
2015-01-16 04:29 . 2015-01-16 04:29 -------- d-----w- c:\program files\AVAST Software
2015-01-16 04:28 . 2015-01-16 04:28 -------- d-----w- C:\TEMP
2015-01-16 04:28 . 2015-01-16 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2015-01-15 18:53 . 2015-01-15 18:53 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2015-01-15 18:52 . 2008-10-01 16:24 637952 ----a-w- c:\windows\system32\drivers\rt2870.sys
2015-01-15 18:52 . 2008-10-01 16:19 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2015-01-15 18:52 . 2015-01-15 18:52 -------- d-----w- c:\program files\Belkin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-16 04:30 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-12 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"cdloader"="c:\documents and settings\x\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-08-01 65536]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-21 5227112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe -t [2015-1-15 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll" [2010-12-30 1935464]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\x\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Belkin\\F6D4050\\v1\\Belkinwcui.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [1/15/2015 11:30 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [1/15/2015 11:30 PM 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1/15/2015 11:30 PM 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [1/15/2015 11:30 PM 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [1/15/2015 11:30 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [1/15/2015 11:30 PM 70384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/18/2015 5:32 PM 23256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [1/18/2015 5:32 PM 969016]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [6/15/2012 8:08 PM 890016]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [1/18/2015 5:32 PM 1871160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-16 04:30]
.
2015-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 00:39]
.
2015-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 00:39]
.
2015-01-22 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2015-01-21 01:59]
.
2015-01-22 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2015-01-21 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-09207367.sys
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-22 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2015-01-22 15:58:48
ComboFix-quarantined-files.txt 2015-01-22 20:58
.
Pre-Run: 59,332,849,664 bytes free
Post-Run: 59,478,913,024 bytes free
.
- - End Of File - - AB717145C478DD238208ECC1E673F24F
8F558EB6672622401DA993E1E865C861
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Okay, here are the Adwcleaner and JRT logs:

# AdwCleaner v4.108 - Report created 22/01/2015 at 17:05:24
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : x - DNEC-542FEA97BA
# Running from : E:\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
Folder Deleted : C:\Program Files\Reimage
File Deleted : C:\WINDOWS\Reimage.ini

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v


*************************

AdwCleaner[R0].txt - [2695 octets] - [22/01/2015 16:53:18]
AdwCleaner[S0].txt - [2703 octets] - [22/01/2015 17:05:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2763 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by x on Thu 01/22/2015 at 17:54:36.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 17:59:42.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When I tried to download FRST Avast said that it was infected with some virus, I forget which one. Should I still download it?
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by x (administrator) on DNEC-542FEA97BA on 22-01-2015 19:24:25
Running from E:\
Loaded Profiles: x (Available profiles: x & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Belkin International, Inc.) C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [65536 2007-07-31] ( TOSHIBA CORPORATION)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1245184 2008-02-22] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [122933 2004-03-15] (Sonic Solutions)
HKLM\...\Run: [UpdateManager] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2003-08-19] (Sonic Solutions)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSN Toolbar] => C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe [240992 2010-02-12] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-21] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-606747145-436374069-1801674531-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-12] (Google Inc.)
HKU\S-1-5-21-606747145-436374069-1801674531-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-10] (Yahoo! Inc.)
HKU\S-1-5-21-606747145-436374069-1801674531-1003\...\Run: [cdloader] => C:\Documents and Settings\x\Application Data\mjusbsp\cdloader2.exe [50520 2009-12-24] (magicJack L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk
ShortcutTarget: Belkin Wireless Networking Utility.lnk -> C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe (Belkin International, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-606747145-436374069-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-606747145-436374069-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-606747145-436374069-1801674531-1003 -> {67198F8B-A8CE-44D6-BB30-9224C63AC00A} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-436374069-1801674531-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://search.callingid.com/search....oding}&oe={outputEncoding}&cl=ie&p=go&cid=yes
SearchScopes: HKU\S-1-5-21-606747145-436374069-1801674531-1003 -> {88704956-39B8-4D99-A147-E4343C647FC8} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=380920&p={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-436374069-1801674531-1003 -> {C92902EB-8F0B-4B46-9D9B-27A28F1EE6E2} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-606747145-436374069-1801674531-1003 -> {CE807E4D-E7EB-4CF9-A44B-F25C062DB84A} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-436374069-1801674531-1003 -> {FAD755B7-CF23-44B0-83BA-F9DAB14CBBAA} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: CallingID LinkAdvisor 2.0 BHO -> {FBF2401B-7447-4727-BE5D-C19B2075CA84} -> C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - CallingID LinkAdvisor 2.0 - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-606747145-436374069-1801674531-1003 -> CallingID LinkAdvisor 2.0 - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
Toolbar: HKU\S-1-5-21-606747145-436374069-1801674531-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263257227789
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: ShellHook Class - {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll [1935464 2010-12-30] (CallingID Ltd.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\rvsb2hz2.default
FF SelectedSearchEngine: CallingID
FF Homepage: hxxp://www.yahoo.com/|hxxp://www.facebook.com/|hxxp://www.dnec.org/webmail/
FF NetworkProxy: "type", 0
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=380920&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\rvsb2hz2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-10-22]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-04]
FF HKLM\...\Firefox\Extensions: [{e9259cba-e7ad-4f74-863f-ef9fe935394d}] - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox
FF Extension: CallingID Link Advisor 2.0 Toolbar - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox [2011-01-09]
FF HKLM\...\Firefox\Extensions: [{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}] - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox
FF Extension: CallingID Link Advisor 2.0 Mouseover - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2011-01-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-15]
FF HKLM\...\Thunderbird\Extensions: [{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}] - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gkeciodhggpcngbhlhiiphbhlddbaafl] - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Chrome\LinkAdvisor.crx [2010-08-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-10-22] (Sun Microsystems, Inc.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2008-02-22] (Dell Inc.) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2010-01-12] (New Boundary Technologies, Inc.) [File not signed]
R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed]
S3 CaCCProvSP; "C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe" [X]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{9604DF71-D1A2-4B64-B544-4610863434FF}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2015-01-15] (Cisco Systems, Inc.) [File not signed]
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-15] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-15] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [4272 2003-08-28] () [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [86160 2004-02-13] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-02-27] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [18560 2006-04-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20176 2004-03-03] (Sonic Solutions) [File not signed]
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [637952 2008-10-01] (Ralink Technology, Corp.)
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [890016 2010-11-03] (Realtek Semiconductor Corporation )
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2004-01-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2004-01-14] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2004-03-15] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2004-03-15] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2004-03-15] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2004-03-15] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [85972 2004-03-15] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2004-03-15] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2004-03-15] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98580 2004-03-15] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100597 2004-03-15] (Sonic Solutions) [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2015-01-20] ()
S3 catchme; \??\C:\DOCUME~1\x\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 19:23 - 2015-01-22 19:24 - 00000000 ____D () C:\FRST
2015-01-22 19:19 - 2015-01-19 00:35 - 00415232 _____ (Farbar) C:\Documents and Settings\x\Desktop\FSS (1).exe
2015-01-22 17:59 - 2015-01-22 18:10 - 00000585 _____ () C:\Documents and Settings\x\Desktop\JRT.txt
2015-01-22 17:48 - 2015-01-22 17:48 - 00002843 _____ () C:\Documents and Settings\x\Desktop\AdwCleaner[S0].txt
2015-01-22 17:29 - 2015-01-22 17:29 - 00000438 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-01-22 16:52 - 2015-01-22 17:05 - 00000000 ____D () C:\AdwCleaner
2015-01-22 16:52 - 2015-01-22 16:44 - 02186752 _____ () C:\Documents and Settings\x\Desktop\adwcleaner_4.108.exe
2015-01-22 16:52 - 2015-01-22 16:44 - 02126848 _____ (Farbar) C:\Documents and Settings\x\Desktop\FRST64.exe
2015-01-22 16:52 - 2015-01-22 16:43 - 01707939 _____ (Thisisu) C:\Documents and Settings\x\Desktop\JRT.exe
2015-01-22 15:58 - 2015-01-22 15:58 - 00018226 _____ () C:\ComboFix.txt
2015-01-22 15:58 - 2015-01-22 15:58 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-01-22 15:58 - 2015-01-22 15:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-01-22 15:58 - 2015-01-22 15:58 - 00000000 ____D () C:\Documents and Settings\Administrator.DNEC-542FEA97BA\Local Settings\temp
2015-01-22 15:58 - 2015-01-22 15:58 - 00000000 ____D () C:\Documents and Settings\Administrator.DNEC-542FEA97BA.001\Local Settings\temp
2015-01-22 15:58 - 2015-01-22 15:58 - 00000000 ____D () C:\Documents and Settings\Administrator.DNEC-542FEA97BA.000\Local Settings\temp
2015-01-22 13:03 - 2015-01-22 17:28 - 00000208 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-22 13:03 - 2015-01-22 17:26 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-22 12:35 - 2015-01-22 12:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2015-01-22 12:22 - 2015-01-22 12:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2015-01-22 12:22 - 2015-01-22 12:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2015-01-22 12:13 - 2015-01-22 12:13 - 00135853 _____ () C:\WINDOWS\KB2659262.log
2015-01-22 12:13 - 2015-01-22 12:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2015-01-22 12:13 - 2015-01-22 12:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2015-01-22 12:12 - 2015-01-22 12:13 - 00135294 _____ () C:\WINDOWS\KB2564958.log
2015-01-22 12:08 - 2015-01-22 12:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2015-01-22 12:07 - 2015-01-22 12:08 - 00132822 _____ () C:\WINDOWS\KB2934207.log
2015-01-22 12:07 - 2015-01-22 12:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2015-01-22 12:07 - 2015-01-22 12:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2015-01-22 12:06 - 2015-01-22 12:07 - 00132784 _____ () C:\WINDOWS\KB2834886.log
2015-01-22 12:06 - 2015-01-22 12:06 - 00135577 _____ () C:\WINDOWS\KB2536276-v2.log
2015-01-22 12:06 - 2015-01-22 12:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2015-01-22 12:06 - 2015-01-22 12:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2015-01-22 12:06 - 2015-01-22 12:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2015-01-22 12:03 - 2015-01-22 12:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2015-01-22 12:02 - 2015-01-22 12:02 - 00133221 _____ () C:\WINDOWS\KB2964358-IE8.log
2015-01-22 12:00 - 2015-01-22 12:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2015-01-22 11:45 - 2015-01-22 11:45 - 00131235 _____ () C:\WINDOWS\KB2900986.log
2015-01-22 11:45 - 2015-01-22 11:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2015-01-22 11:44 - 2015-01-22 11:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-01-22 11:26 - 2015-01-22 11:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-22 11:15 - 2015-01-22 11:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2015-01-22 11:02 - 2015-01-22 11:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2015-01-22 11:01 - 2015-01-22 11:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2015-01-22 11:01 - 2015-01-22 11:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2015-01-22 10:59 - 2015-01-22 10:59 - 00131547 _____ () C:\WINDOWS\KB2686509.log
2015-01-22 10:59 - 2015-01-22 10:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2015-01-22 10:59 - 2015-01-22 10:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-01-22 10:58 - 2015-01-22 10:58 - 00129574 _____ () C:\WINDOWS\KB2862335.log
2015-01-22 10:58 - 2015-01-22 10:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2015-01-22 10:57 - 2015-01-22 10:57 - 00128243 _____ () C:\WINDOWS\KB2834904-v2.log
2015-01-22 10:57 - 2015-01-22 10:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-01-22 10:57 - 2015-01-22 10:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2015-01-22 10:49 - 2015-01-22 10:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2015-01-22 10:46 - 2015-01-22 10:50 - 00131824 _____ () C:\WINDOWS\KB2904266.log
2015-01-22 10:33 - 2015-01-22 10:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2015-01-22 10:26 - 2015-01-22 10:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2015-01-22 10:24 - 2015-01-22 10:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2015-01-22 10:21 - 2015-01-22 10:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2015-01-22 10:19 - 2015-01-22 10:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2015-01-22 10:16 - 2015-01-22 10:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2015-01-22 10:13 - 2015-01-22 10:17 - 00131638 _____ () C:\WINDOWS\KB2592799.log
2015-01-22 09:41 - 2015-01-22 09:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2015-01-22 09:35 - 2015-01-22 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2015-01-22 09:35 - 2015-01-22 09:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2015-01-22 09:26 - 2015-01-22 09:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2015-01-22 09:24 - 2015-01-22 09:25 - 00130001 _____ () C:\WINDOWS\KB2807986.log
2015-01-22 09:24 - 2015-01-22 09:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2015-01-22 09:21 - 2015-01-22 09:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2015-01-22 09:18 - 2015-01-22 09:23 - 00130897 _____ () C:\WINDOWS\KB2570947.log
2015-01-22 08:36 - 2015-01-22 08:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-01-22 08:35 - 2015-01-22 08:36 - 00128191 _____ () C:\WINDOWS\KB2868038.log
2015-01-22 08:33 - 2015-01-22 08:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2015-01-22 08:21 - 2015-01-22 08:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-01-22 08:20 - 2015-01-22 08:22 - 00129860 _____ () C:\WINDOWS\KB2603381.log
2015-01-22 08:18 - 2015-01-22 08:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2015-01-22 08:15 - 2015-01-22 08:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2015-01-22 08:03 - 2015-01-22 08:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2015-01-22 07:54 - 2015-01-22 07:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2015-01-22 06:26 - 2015-01-22 06:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2015-01-22 06:25 - 2015-01-22 06:26 - 00013626 _____ () C:\WINDOWS\KB2698365.log
2015-01-22 06:25 - 2015-01-22 06:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2015-01-22 06:25 - 2015-01-22 06:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2015-01-22 06:24 - 2015-01-22 06:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2015-01-22 06:23 - 2015-01-22 06:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2015-01-22 06:22 - 2015-01-22 06:23 - 00011511 _____ () C:\WINDOWS\KB2723135-v2.log
2015-01-22 06:22 - 2015-01-22 06:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-01-22 06:20 - 2015-01-22 06:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-01-22 06:07 - 2015-01-22 06:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2015-01-22 05:43 - 2015-01-22 05:44 - 00008501 _____ () C:\WINDOWS\KB2909210-IE8.log
2015-01-22 05:38 - 2015-01-22 05:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2015-01-22 03:59 - 2015-01-22 03:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2015-01-22 03:51 - 2015-01-22 03:52 - 00009956 _____ () C:\WINDOWS\KB2566454.log
2015-01-22 03:51 - 2015-01-22 03:51 - 00009745 _____ () C:\WINDOWS\KB2661637.log
2015-01-22 03:51 - 2015-01-22 03:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2015-01-22 03:51 - 2015-01-22 03:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2015-01-22 03:50 - 2015-01-22 03:51 - 00007961 _____ () C:\WINDOWS\KB2914368.log
2015-01-22 03:50 - 2015-01-22 03:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2015-01-22 03:48 - 2015-01-22 03:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2015-01-22 01:22 - 2010-01-11 18:52 - 00000211 _____ () C:\Boot.bak
2015-01-22 01:22 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-01-22 01:21 - 2015-01-22 01:22 - 00000000 _RSHD () C:\cmdcons
2015-01-21 18:08 - 2015-01-22 12:36 - 00145557 _____ () C:\WINDOWS\KB2868626.log
2015-01-21 18:08 - 2015-01-22 12:23 - 00143624 _____ () C:\WINDOWS\KB2922229.log
2015-01-21 18:08 - 2015-01-22 12:22 - 00145563 _____ () C:\WINDOWS\KB2712808.log
2015-01-21 18:07 - 2015-01-22 12:08 - 00140495 _____ () C:\WINDOWS\KB2916036.log
2015-01-21 18:07 - 2015-01-22 12:07 - 00142048 _____ () C:\WINDOWS\KB2544893-v2.log
2015-01-21 18:07 - 2015-01-22 12:06 - 00142402 _____ () C:\WINDOWS\KB2585542.log
2015-01-21 18:07 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-01-21 18:07 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-01-21 18:06 - 2015-01-22 12:03 - 00141445 _____ () C:\WINDOWS\KB2631813.log
2015-01-21 18:06 - 2015-01-22 12:01 - 00143365 _____ () C:\WINDOWS\KB2691442.log
2015-01-21 18:05 - 2015-01-22 11:45 - 00139412 _____ () C:\WINDOWS\KB2847311.log
2015-01-21 18:05 - 2015-01-22 11:15 - 00141232 _____ () C:\WINDOWS\KB2655992.log
2015-01-21 18:05 - 2015-01-22 11:02 - 00139461 _____ () C:\WINDOWS\KB2802968.log
2015-01-21 18:05 - 2015-01-22 11:01 - 00136892 _____ () C:\WINDOWS\KB2898715.log
2015-01-21 18:04 - 2015-01-22 11:01 - 00138373 _____ () C:\WINDOWS\KB2598479.log
2015-01-21 18:00 - 2015-01-22 11:00 - 00135053 _____ () C:\WINDOWS\KB2929961.log
2015-01-21 18:00 - 2015-01-22 10:57 - 00138653 _____ () C:\WINDOWS\KB2780091.log
2015-01-21 18:00 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2015-01-21 18:00 - 2013-07-02 20:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2015-01-21 17:59 - 2015-01-22 10:35 - 00137501 _____ () C:\WINDOWS\KB2876217.log
2015-01-21 17:59 - 2015-01-22 10:26 - 00136727 _____ () C:\WINDOWS\KB2930275.log
2015-01-21 17:59 - 2015-01-22 10:24 - 00135921 _____ () C:\WINDOWS\KB2864063.log
2015-01-21 17:59 - 2013-07-16 19:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-01-21 17:59 - 2013-07-16 19:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-01-21 17:58 - 2015-01-22 10:23 - 00138957 _____ () C:\WINDOWS\KB2719985.log
2015-01-21 17:58 - 2015-01-22 10:20 - 00135916 _____ () C:\WINDOWS\KB2862152.log
2015-01-21 17:58 - 2015-01-22 09:35 - 00133895 _____ () C:\WINDOWS\KB2876331.log
2015-01-21 17:58 - 2015-01-22 09:28 - 00134701 _____ () C:\WINDOWS\KB2859537.log
2015-01-21 17:57 - 2015-01-22 09:35 - 00133285 _____ () C:\WINDOWS\KB2850869.log
2015-01-21 17:57 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2015-01-21 17:57 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2015-01-21 17:56 - 2015-01-22 08:34 - 00136669 _____ () C:\WINDOWS\KB2820917.log
2015-01-21 17:56 - 2015-01-22 08:17 - 00136179 _____ () C:\WINDOWS\KB2757638.log
2015-01-21 17:56 - 2015-01-22 06:24 - 00018385 _____ () C:\WINDOWS\KB2705219-v2.log
2015-01-21 17:55 - 2015-01-22 08:19 - 00132549 _____ () C:\WINDOWS\KB2893294.log
2015-01-21 17:55 - 2015-01-22 07:54 - 00135171 _____ () C:\WINDOWS\KB2749655.log
2015-01-21 17:55 - 2015-01-22 06:27 - 00015831 _____ () C:\WINDOWS\KB2892075.log
2015-01-21 17:55 - 2015-01-22 06:24 - 00016761 _____ () C:\WINDOWS\KB2727528.log
2015-01-21 17:54 - 2015-01-22 08:04 - 00135407 _____ () C:\WINDOWS\KB2653956.log
2015-01-21 17:54 - 2015-01-22 06:25 - 00017394 _____ () C:\WINDOWS\KB2619339.log
2015-01-21 17:54 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2015-01-21 17:54 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2015-01-21 17:54 - 2012-07-04 09:05 - 00139784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2015-01-21 17:54 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2015-01-21 17:53 - 2015-01-22 06:09 - 00017812 _____ () C:\WINDOWS\KB2813345.log
2015-01-21 17:49 - 2015-01-22 05:42 - 00019992 _____ () C:\WINDOWS\KB2676562.log
2015-01-21 17:48 - 2015-01-22 03:59 - 00015488 _____ () C:\WINDOWS\KB2620712.log
2015-01-21 17:46 - 2015-01-22 03:49 - 00015198 _____ () C:\WINDOWS\KB2584146.log
2015-01-21 17:46 - 2012-01-11 14:06 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2015-01-21 17:46 - 2012-01-11 14:06 - 00003072 ____C () C:\WINDOWS\system32\dllcache\iacenc.dll
2015-01-21 17:46 - 2011-07-08 09:02 - 00010496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2015-01-21 13:08 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-21 13:08 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-21 13:08 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-21 13:08 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-21 13:08 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-21 13:08 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-21 13:08 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-21 13:08 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-21 13:08 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-21 12:15 - 2015-01-21 12:26 - 00000917 _____ () C:\Documents and Settings\x\Desktop\Revo Uninstaller.lnk
2015-01-21 12:14 - 2015-01-21 12:26 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-20 20:04 - 2015-01-22 15:59 - 00000000 ____D () C:\Qoobox
2015-01-20 20:03 - 2015-01-22 15:55 - 00000000 ____D () C:\WINDOWS\erdnt
2015-01-20 20:01 - 2015-01-22 13:17 - 05609462 ____R (Swearware) C:\Documents and Settings\x\Desktop\ComboFix.exe
2015-01-20 17:56 - 2015-01-20 19:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-01-20 17:47 - 2015-01-20 17:46 - 00094208 _____ () C:\WINDOWS\Minidump\Mini012015-02.dmp
2015-01-20 01:39 - 2015-01-20 01:39 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-20 01:39 - 2015-01-20 01:38 - 00094208 _____ () C:\WINDOWS\Minidump\Mini012015-01.dmp
2015-01-20 01:32 - 2015-01-20 19:21 - 00000000 ____D () C:\Documents and Settings\x\Desktop\mbar
2015-01-20 01:19 - 2015-01-20 01:19 - 00006817 _____ () C:\Documents and Settings\x\Desktop\RKreport_DEL_01202015_011825.log
2015-01-20 00:16 - 2015-01-20 00:41 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-20 00:15 - 2015-01-20 00:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-01-19 23:49 - 2015-01-19 23:49 - 00002468 _____ () C:\Documents and Settings\x\Desktop\FSS_3.txt
2015-01-19 21:06 - 2015-01-19 21:06 - 00003555 _____ () C:\Documents and Settings\x\Desktop\FSS_2.txt
2015-01-19 20:49 - 2008-04-13 14:21 - 00162816 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\netbt.sys
2015-01-19 20:49 - 2008-04-13 14:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2015-01-19 20:12 - 2015-01-19 20:12 - 00000932 _____ () C:\Documents and Settings\x\Desktop\SystemLook.txt
2015-01-19 00:34 - 2015-01-19 00:34 - 00003588 _____ () C:\Documents and Settings\x\Desktop\FSS.txt
2015-01-18 20:09 - 2015-01-18 20:16 - 00014526 _____ () C:\Documents and Settings\x\Desktop\dds.txt
2015-01-18 17:39 - 2015-01-21 13:17 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 17:33 - 2015-01-18 17:33 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 17:33 - 2015-01-18 17:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 17:32 - 2015-01-20 17:54 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-18 17:32 - 2015-01-18 17:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-18 17:32 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-16 20:16 - 2015-01-16 20:19 - 00000000 ____D () C:\Documents and Settings\x\Desktop\WinSetupFromUSB-1-1
2015-01-16 17:27 - 2015-01-16 17:27 - 00016070 _____ () C:\Documents and Settings\x\Desktop\ark.txt
2015-01-16 17:24 - 2015-01-16 17:28 - 00007605 _____ () C:\Documents and Settings\x\Desktop\attach.zip
2015-01-16 17:24 - 2015-01-16 17:24 - 00002339 _____ () C:\Documents and Settings\x\Desktop\GMER.zip
2015-01-16 14:49 - 2015-01-18 20:17 - 00023677 _____ () C:\Documents and Settings\x\Desktop\attach.txt
2015-01-16 14:18 - 2015-01-16 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2015-01-16 03:56 - 2015-01-16 03:56 - 00000458 _____ () C:\Documents and Settings\All Users\Desktop\Resume Reimage Repair Installation.lnk
2015-01-16 01:57 - 2015-01-16 01:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-16 01:52 - 2015-01-16 01:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-16 01:29 - 2015-01-16 01:29 - 00000000 ____D () C:\Documents and Settings\Administrator.DNEC-542FEA97BA.001\Application Data\Adobe
2015-01-15 23:37 - 2015-01-15 23:37 - 00000000 ____D () C:\Documents and Settings\x\Application Data\AVAST Software
2015-01-15 23:31 - 2015-01-22 17:30 - 00000354 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-15 23:31 - 2015-01-15 23:31 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-15 23:31 - 2015-01-15 23:31 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-01-15 23:31 - 2015-01-15 23:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-01-15 23:30 - 2015-01-21 13:52 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-15 23:30 - 2015-01-21 13:51 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-15 23:30 - 2015-01-15 23:30 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-15 23:30 - 2015-01-15 23:30 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-15 23:30 - 2015-01-15 23:30 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-01-15 23:30 - 2015-01-15 23:30 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-15 23:30 - 2015-01-15 23:30 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-01-15 23:30 - 2015-01-15 23:30 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-15 23:30 - 2015-01-15 23:30 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-15 23:30 - 2015-01-15 23:30 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-15 23:29 - 2015-01-15 23:29 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-15 23:28 - 2015-01-15 23:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-01-15 23:28 - 2015-01-15 23:28 - 00000000 ____D () C:\TEMP
2015-01-15 22:03 - 2015-01-15 11:21 - 01087816 _____ (Google Inc.) C:\Documents and Settings\x\Desktop\chrmstp.exe
2015-01-15 13:53 - 2015-01-15 13:53 - 00021361 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\AegisP.sys
2015-01-15 13:52 - 2015-01-15 13:52 - 00001539 _____ () C:\Documents and Settings\All Users\Desktop\Belkin Wireless Networking Utility.lnk
2015-01-15 13:52 - 2015-01-15 13:52 - 00000000 ____D () C:\Program Files\Belkin
2015-01-15 13:52 - 2015-01-15 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Belkin
2015-01-15 13:52 - 2008-10-01 11:24 - 00637952 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\rt2870.sys
2015-01-15 13:52 - 2008-10-01 11:19 - 00221184 _____ (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll
2015-01-15 13:52 - 2008-10-01 11:19 - 00015312 _____ () C:\WINDOWS\system32\RaCoInst.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 19:25 - 2010-01-11 19:06 - 00000000 ____D () C:\Documents and Settings\x\Local Settings\Temp
2015-01-22 18:48 - 2010-03-04 11:11 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 17:50 - 2010-01-11 18:57 - 01427267 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-22 17:29 - 2004-08-04 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-22 17:28 - 2010-01-12 16:09 - 00000000 ____D () C:\MDT
2015-01-22 17:26 - 2010-03-04 11:10 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 17:26 - 2010-01-11 19:03 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-22 17:26 - 2010-01-11 19:02 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-22 17:23 - 2010-01-11 19:06 - 00000178 ___SH () C:\Documents and Settings\x\ntuser.ini
2015-01-22 17:23 - 2010-01-11 19:06 - 00000000 ____D () C:\Documents and Settings\x
2015-01-22 17:23 - 2010-01-11 19:03 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-22 15:53 - 2004-08-04 05:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-22 14:19 - 2010-01-12 09:59 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-22 12:43 - 2010-01-12 10:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-22 12:43 - 2010-01-11 13:43 - 00277352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-22 12:36 - 2010-01-11 13:44 - 01731285 _____ () C:\WINDOWS\iis6.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00769141 _____ () C:\WINDOWS\ocgen.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00727496 _____ () C:\WINDOWS\tsoc.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00538470 _____ () C:\WINDOWS\comsetup.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00324626 _____ () C:\WINDOWS\ntdtcsetup.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00278055 _____ () C:\WINDOWS\netfxocm.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00109688 _____ () C:\WINDOWS\MedCtrOC.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00087699 _____ () C:\WINDOWS\ocmsn.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00080444 _____ () C:\WINDOWS\tabletoc.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00079371 _____ () C:\WINDOWS\msgsocm.log
2015-01-22 12:36 - 2010-01-11 13:44 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-01-22 12:35 - 2010-01-11 20:12 - 00251434 _____ () C:\WINDOWS\updspapi.log
2015-01-22 12:35 - 2010-01-11 13:44 - 01605259 _____ () C:\WINDOWS\FaxSetup.log
2015-01-22 12:35 - 2010-01-11 13:44 - 00487402 _____ () C:\WINDOWS\msmqinst.log
2015-01-22 12:33 - 2010-01-11 13:44 - 00005516 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-22 12:23 - 2010-01-11 13:44 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-01-22 12:06 - 2010-01-11 18:59 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-01-22 12:05 - 2010-01-12 21:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-01-22 12:02 - 2011-05-22 08:52 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-01-22 10:58 - 2010-01-11 13:43 - 00887737 _____ () C:\WINDOWS\setupapi.log
2015-01-22 10:50 - 2010-01-12 09:43 - 00026566 _____ () C:\WINDOWS\system32\TZLog.log
2015-01-22 07:13 - 2010-01-11 13:44 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-22 06:52 - 2004-08-04 05:00 - 00000632 _____ () C:\WINDOWS\win.ini
2015-01-22 06:31 - 2010-06-25 09:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2015-01-22 05:50 - 2010-01-11 18:55 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-22 05:03 - 2010-01-12 10:06 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-01-22 01:22 - 2010-01-11 13:42 - 00000327 __RSH () C:\boot.ini
2015-01-21 17:30 - 2010-01-11 13:33 - 00000000 ____D () C:\WINDOWS\Help
2015-01-21 13:43 - 2011-02-13 08:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-01-21 12:59 - 2010-01-12 10:58 - 00000000 ____D () C:\Program Files\CA
2015-01-21 12:49 - 2010-01-12 10:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CA
2015-01-21 12:37 - 2010-01-12 11:56 - 00000000 ____D () C:\Documents and Settings\x\Application Data\CallingID
2015-01-20 19:28 - 2011-08-05 10:33 - 00000000 __SHD () C:\WINDOWS\CSC
2015-01-16 14:25 - 2014-11-21 12:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-01-16 03:01 - 2010-03-11 09:54 - 00000000 ____D () C:\Documents and Settings\x\Local Settings\Application Data\Temp
2015-01-16 02:58 - 2010-12-28 18:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-16 02:57 - 2010-01-12 17:16 - 00000000 ____D () C:\Documents and Settings\x\Local Settings\Application Data\Google
2015-01-16 01:48 - 2011-09-20 19:51 - 00002439 _____ () C:\Documents and Settings\x\Desktop\HiJackThis.lnk
2015-01-16 01:19 - 2011-09-26 15:05 - 00000178 ___SH () C:\Documents and Settings\Administrator.DNEC-542FEA97BA.001\ntuser.ini
2015-01-15 21:41 - 2011-09-18 07:57 - 00000000 _____ () C:\WINDOWS\1818680914
2015-01-15 13:52 - 2010-01-11 19:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-31 13:15 - 2010-01-12 09:43 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======
2010-01-12 12:37 - 2010-01-12 12:37 - 0000000 _____ () C:\Documents and Settings\x\Application Data\wklnhst.dat
2011-08-01 18:29 - 2011-08-07 09:27 - 0010796 ___SH () C:\Documents and Settings\x\Local Settings\Application Data\y3hl54hi80011ylfm825012cc10yl12

Files to move or delete:
====================
C:\Documents and Settings\x\jagex_runescape_preferences.dat
C:\Documents and Settings\x\jagex_runescape_preferences2.dat


Some content of TEMP:
====================
C:\Documents and Settings\x\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\x\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by x at 2015-01-22 19:26:43
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Business Suite (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Business Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1017 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.401-070815m-052348C-Dell - )
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Belkin Wireless USB Adapter Setup (HKLM\...\{4EE9A620-46A0-4BCF-82AC-950D2BBED982}) (Version: 2.20 - Belkin)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.41.02(D) - )
CallingID LinkAdvisor 2.0 (2.0.0.30) (Version: 2.0.0.30 - CallingID Ltd.) Hidden
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Dell Driver Download Manager (HKU\S-1-5-21-606747145-436374069-1801674531-1003\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
Dell Mobile Broadband Card Utility (HKLM\...\{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}) (Version: 2.01.19.14 - Novatel Wireless)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSN (HKLM\...\MSNINST) (Version: - )
MSN Toolbar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0401.0 - Microsoft Corporation)
MSN Toolbar Platform (Version: 4.0.0401.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OZ776 SCR Driver V1.1.3.9 (HKLM\...\InstallShield_{343D8DE3-AE1F-431A-830C-B66352E8CA12}) (Version: 1.1.3.9 - O2Micro)
OZ776 SCR Driver V1.1.3.9 (Version: 1.1.3.9 - O2Micro) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.3.17 - Dell Computer Corporation)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.90 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.10 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
STOPzilla (HKLM\...\{7B0180DE-6A86-4600-BD2A-25D5A20EE7F8}) (Version: 5.0.95.144 - iS3 Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-606747145-436374069-1801674531-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

21-11-2014 12:10:07 Removed IObit Toolbar v4.6.
22-11-2014 13:08:55 System Checkpoint
23-11-2014 14:08:55 System Checkpoint
24-11-2014 15:08:55 System Checkpoint
25-11-2014 16:08:55 System Checkpoint
26-11-2014 17:08:55 System Checkpoint
27-11-2014 18:08:55 System Checkpoint
28-11-2014 19:08:57 System Checkpoint
29-11-2014 20:08:55 System Checkpoint
30-11-2014 21:08:55 System Checkpoint
01-12-2014 22:08:55 System Checkpoint
02-12-2014 23:08:55 System Checkpoint
04-12-2014 00:08:55 System Checkpoint
05-12-2014 01:08:56 System Checkpoint
06-12-2014 02:08:56 System Checkpoint
07-12-2014 03:08:55 System Checkpoint
08-12-2014 04:08:55 System Checkpoint
09-12-2014 05:08:55 System Checkpoint
10-12-2014 06:08:56 System Checkpoint
11-12-2014 07:08:55 System Checkpoint
12-12-2014 08:08:55 System Checkpoint
13-12-2014 09:08:55 System Checkpoint
15-01-2015 13:52:12 Installed Belkin Wireless USB Adapter Setup
15-01-2015 21:17:09 Restore Operation
15-01-2015 23:29:32 avast! antivirus system restore point
16-01-2015 01:23:26 Restore Operation
16-01-2015 01:29:09 Restore Operation
17-01-2015 02:22:54 System Checkpoint
18-01-2015 02:56:23 System Checkpoint
19-01-2015 04:06:22 System Checkpoint
20-01-2015 01:29:32 fixing no internet connection
21-01-2015 12:30:38 Revo Uninstaller's restore point - CA Internet Security Suite
21-01-2015 13:32:54 Revo Uninstaller's restore point - Norton Business Suite
22-01-2015 03:15:01 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-22 15:52 - 2015-01-22 15:52 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2010-01-12 10:00 - 2006-11-01 20:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2010-01-12 10:00 - 2006-11-01 20:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2015-01-22 17:47 - 2015-01-22 17:47 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012202\algo.dll
2004-07-20 17:04 - 2004-07-20 17:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
2010-01-11 21:44 - 2005-10-13 12:53 - 00090223 _____ () C:\Program Files\Dell\QuickSet\preflibcl.dll
2010-01-12 10:00 - 2006-11-01 20:48 - 00086016 _____ () C:\WINDOWS\system32\preflib.dll
2010-01-11 21:44 - 2008-02-22 12:45 - 00098304 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2015-01-15 23:30 - 2015-01-15 23:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-15 13:52 - 2009-01-07 13:25 - 00589824 _____ () C:\Program Files\Belkin\F6D4050\v1\SCMLib.dll
2015-01-15 13:52 - 2007-11-28 04:32 - 01163264 _____ () C:\Program Files\Belkin\F6D4050\v1\acAuth.dll
2015-01-15 13:52 - 2009-07-23 09:52 - 00204800 _____ () C:\Program Files\Belkin\F6D4050\v1\WcuiDLL.dll
2010-01-13 08:35 - 2009-11-10 15:39 - 00929792 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2004-03-25 07:01 - 2004-03-25 07:01 - 00073728 _____ () C:\Program Files\Sonic\RecordNow!\shlext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-606747145-436374069-1801674531-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-606747145-436374069-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.DNEC-542FEA97BA.001
ASPNET (S-1-5-21-606747145-436374069-1801674531-1005 - Limited - Enabled)
Guest (S-1-5-21-606747145-436374069-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-606747145-436374069-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-606747145-436374069-1801674531-1002 - Limited - Disabled)
x (S-1-5-21-606747145-436374069-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\x

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 07:24:38 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/22/2015 07:24:38 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/22/2015 03:45:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (01/22/2015 03:45:46 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/22/2015 03:45:46 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/22/2015 03:45:46 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/22/2015 00:33:58 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The
Error code is the first DWORD in Data section.

Error: (01/22/2015 00:33:58 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (01/22/2015 00:33:56 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (01/22/2015 00:33:56 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.


System errors:
=============
Error: (01/22/2015 06:44:55 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (01/22/2015 05:29:51 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 10.0.0.19,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Error: (01/22/2015 03:31:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/22/2015 01:49:23 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (01/19/2015 08:57:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (01/19/2015 08:57:50 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Error: (01/19/2015 08:57:50 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (01/19/2015 07:52:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (01/19/2015 07:52:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Error: (01/19/2015 07:52:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The DHCP Client service depends on the following nonexistent service: NetBT


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Percentage of memory in use: 57%
Total physical RAM: 894.25 MB
Available physical RAM: 379.85 MB
Total Pagefile: 2165.52 MB
Available Pagefile: 1685.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:55.38 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:3.73 GB) (Free:0.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: B0BCD68E)
No partition Table on disk 1.

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.3 KB · Views: 1
I had tried running the FRST64 first and it wouldn't run. I had to use the 32 ...
Should I try the 64 again or stick with the 32?
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
Ran by x at 2015-01-22 22:39:53 Run:1
Running from C:\Documents and Settings\x\Desktop
Loaded Profiles: x (Available profiles: x & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-606747145-436374069-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
S3 CaCCProvSP; "C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe" [X]
S3 catchme; \??\C:\DOCUME~1\x\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
2010-01-12 12:37 - 2010-01-12 12:37 - 0000000 _____ () C:\Documents and Settings\x\Application Data\wklnhst.dat
2011-08-01 18:29 - 2011-08-07 09:27 - 0010796 ___SH () C:\Documents and Settings\x\Local Settings\Application Data\y3hl54hi80011ylfm825012cc10yl12
C:\Documents and Settings\x\jagex_runescape_preferences.dat
C:\Documents and Settings\x\jagex_runescape_preferences2.dat
C:\Documents and Settings\x\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\x\Local Settings\Temp\sqlite3.dll
HKU\S-1-5-21-606747145-436374069-1801674531-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION!

*****************

"HKU\S-1-5-21-606747145-436374069-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
CaCCProvSP => Service deleted successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\Documents and Settings\x\Application Data\wklnhst.dat => Moved successfully.
C:\Documents and Settings\x\Local Settings\Application Data\y3hl54hi80011ylfm825012cc10yl12 => Moved successfully.
C:\Documents and Settings\x\jagex_runescape_preferences.dat => Moved successfully.
C:\Documents and Settings\x\jagex_runescape_preferences2.dat => Moved successfully.
C:\Documents and Settings\x\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\x\Local Settings\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-606747145-436374069-1801674531-1003\Software\Classes\exefile" => Key deleted successfully.

==== End of Fixlog 22:39:54 ====
 
Last scans...

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Okay, here are the logs:

# AdwCleaner v4.108 - Report created 22/01/2015 at 23:30:54
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : x - DNEC-542FEA97BA
# Running from : C:\Documents and Settings\x\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v


*************************

AdwCleaner[R0].txt - [2695 octets] - [22/01/2015 16:53:18]
AdwCleaner[R1].txt - [999 octets] - [22/01/2015 23:20:02]
AdwCleaner[S0].txt - [2843 octets] - [22/01/2015 17:05:24]
AdwCleaner[S1].txt - [925 octets] - [22/01/2015 23:30:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [984 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by x on Thu 01/22/2015 at 23:43:17.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 23:52:18.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sophos Virus Removal didn't find any threats.
 
My last instructions were wrong. Sorry about it :)

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
480
eriksnyman1
E
A
Fan-made project aims to keep Wii U and 3DS consoles online where Nintendon't
Replies
4
Views
97
bviktor
B
Mickey1
PC Freezes & won't open anything
Replies
3
Views
530
info12345
info12345

Latest posts

Back